[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jul 5 21:12:49 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
76cc0da5 by security tracker role at 2023-07-05T20:12:38+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,85 @@
-CVE-2023-35001 [nf_tables nft_byteorder_eval OOB read/write]
+CVE-2023-3515 (Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4.)
+ TODO: check
+CVE-2023-3455 (Key management vulnerability on system. Successful exploitation of thi ...)
+ TODO: check
+CVE-2023-3336 (TN-5900 Series version 3.3 and prior versions is vulnearble to user en ...)
+ TODO: check
+CVE-2023-3089 (A compliance problem was found in the Red Hat OpenShift Container Plat ...)
+ TODO: check
+CVE-2023-36934 (In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0 ...)
+ TODO: check
+CVE-2023-36933 (In Progress MOVEit Transfer before 2021.0.9 (13.0.9), 2021.1.7 (13.1.7 ...)
+ TODO: check
+CVE-2023-36932 (In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0 ...)
+ TODO: check
+CVE-2023-36665 (protobuf.js (aka protobufjs) 6.10.0 through 7.x before 7.2.4 allows Pr ...)
+ TODO: check
+CVE-2023-36624 (Loxone Miniserver Go Gen.2 through 14.0.3.28 allows an authenticated o ...)
+ TODO: check
+CVE-2023-36623 (The root password of the Loxone Miniserver Go Gen.2 before 14.2 is cal ...)
+ TODO: check
+CVE-2023-36622 (The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 ...)
+ TODO: check
+CVE-2023-35979 (There is an unauthenticated buffer overflow vulnerabilityin the proces ...)
+ TODO: check
+CVE-2023-35978 (A vulnerability in ArubaOS could allow an unauthenticatedremote attack ...)
+ TODO: check
+CVE-2023-35977 (Vulnerabilities exist which allow an authenticated attackerto access s ...)
+ TODO: check
+CVE-2023-35976 (Vulnerabilities exist which allow an authenticated attackerto access s ...)
+ TODO: check
+CVE-2023-35975 (An authenticated path traversal vulnerability exists in theArubaOS com ...)
+ TODO: check
+CVE-2023-35974 (Authenticated command injection vulnerabilities exist inthe ArubaOS co ...)
+ TODO: check
+CVE-2023-35973 (Authenticated command injection vulnerabilities exist inthe ArubaOS co ...)
+ TODO: check
+CVE-2023-35972 (An authenticated remote command injection vulnerabilityexists in the A ...)
+ TODO: check
+CVE-2023-35971 (A vulnerability in the ArubaOS web-based management interface could al ...)
+ TODO: check
+CVE-2023-35924 (GLPI is a free asset and IT management software package. Starting in v ...)
+ TODO: check
+CVE-2023-35863 (In MADEFORNET HTTP Debugger through 9.12, the Windows service does not ...)
+ TODO: check
+CVE-2023-34654 (taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS).)
+ TODO: check
+CVE-2023-34473 (AMI SPx contains a vulnerability in the BMC where a valid user may cau ...)
+ TODO: check
+CVE-2023-34472 (AMI SPx contains a vulnerability in the BMC where an Attacker may caus ...)
+ TODO: check
+CVE-2023-34471 (AMI SPx contains a vulnerability in the BMC where a user may cause a m ...)
+ TODO: check
+CVE-2023-34457 (MechanicalSoup is a Python library for automating interaction with web ...)
+ TODO: check
+CVE-2023-34338 (AMI SPx contains a vulnerability in the BMC where an Attacker may caus ...)
+ TODO: check
+CVE-2023-34337 (AMI SPx contains a vulnerability in the BMC where a user may cause an ...)
+ TODO: check
+CVE-2023-34244 (GLPI is a free asset and IT management software package. Starting in v ...)
+ TODO: check
+CVE-2023-34107 (GLPI is a free asset and IT management software package. Versions of t ...)
+ TODO: check
+CVE-2023-34106 (GLPI is a free asset and IT management software package. Versions of t ...)
+ TODO: check
+CVE-2023-33335 (Cross Site Scripting (XSS) in Sophos Sophos iView (The EOL was Decembe ...)
+ TODO: check
+CVE-2023-2880 (Frauscher Sensortechnik GmbH FDS001 for FAdC/FAdCi v1.3.3 and all prev ...)
+ TODO: check
+CVE-2023-2538 (A CWE-552 "Files or Directories Accessible to External Parties\u201d i ...)
+ TODO: check
+CVE-2021-46893 (Vulnerability of unstrict data verification and parameter check. Succe ...)
+ TODO: check
+CVE-2021-46891 (Vulnerability of incomplete read and write permission verification in ...)
+ TODO: check
+CVE-2021-46890 (Vulnerability of incomplete read and write permission verification in ...)
+ TODO: check
+CVE-2023-35001 (Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byte ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2023/07/05/3
-CVE-2023-31248 [nf_tables UAF when using nft_chain_lookup_byid]
+CVE-2023-31248 (Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulner ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2023/07/05/2
@@ -17,63 +93,63 @@ CVE-2023-3255 [VNC: infinite loop in inflate_buffer() leads to denial of service
- qemu <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2218486
NOTE: Proposed patch: https://lists.nongnu.org/archive/html/qemu-devel/2023-07/msg00596.html
-CVE-2023-37212
+CVE-2023-37212 (Memory safety bugs present in Firefox 114. Some of these bugs showed e ...)
- firefox 115.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37212
-CVE-2023-37211
+CVE-2023-37211 (Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thu ...)
- firefox 115.0-1
- firefox-esr 102.13.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37211
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37211
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37211
-CVE-2023-37210
+CVE-2023-37210 (A website could prevent a user from exiting full-screen mode via alert ...)
- firefox 115.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37210
-CVE-2023-37209
+CVE-2023-37209 (A use-after-free condition existed in `NotifyOnHistoryReload` where a ...)
- firefox 115.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37209
-CVE-2023-37208
+CVE-2023-37208 (When opening Diagcab files, Firefox did not warn the user that these f ...)
- firefox 115.0-1
- firefox-esr 102.13.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37208
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37208
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37208
-CVE-2023-37207
+CVE-2023-37207 (A website could have obscured the fullscreen notification by using a U ...)
- firefox 115.0-1
- firefox-esr 102.13.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37207
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37207
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37207
-CVE-2023-37206
+CVE-2023-37206 (Uploading files which contain symlinks may have allowed an attacker to ...)
- firefox 115.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37206
-CVE-2023-37205
+CVE-2023-37205 (The use of RTL Arabic characters in the address bar may have allowed f ...)
- firefox 115.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37205
-CVE-2023-37204
+CVE-2023-37204 (A website could have obscured the fullscreen notification by using an ...)
- firefox 115.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37204
-CVE-2023-37203
+CVE-2023-37203 (Insufficient validation in the Drag and Drop API in conjunction with s ...)
- firefox 115.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37203
-CVE-2023-37202
+CVE-2023-37202 (Cross-compartment wrappers wrapping a scripted proxy could have caused ...)
- firefox 115.0-1
- firefox-esr 102.13.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37202
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37202
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37202
-CVE-2023-37201
+CVE-2023-37201 (An attacker could have triggered a use-after-free condition when creat ...)
- firefox 115.0-1
- firefox-esr 102.13.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37201
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37201
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37201
-CVE-2023-3482
+CVE-2023-3482 (When Firefox is configured to block storage of all cookies, it was sti ...)
- firefox 115.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-3482
CVE-2023-3506 (A vulnerability was found in Active It Zone Active eCommerce CMS 6.5.0 ...)
@@ -190,6 +266,7 @@ CVE-2023-35073
CVE-2023-34211
REJECTED
CVE-2023-36674 [Manualthumb bypasses badFile lookup]
+ {DSA-5447-1}
- mediawiki 1:1.39.4-1
NOTE: https://phabricator.wikimedia.org/T335612
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/934571/
@@ -567,6 +644,7 @@ CVE-2023-3439 (A flaw was found in the MCTP protocol in the Linux kernel. The fu
NOTE: https://git.kernel.org/linus/b561275d633bcd8e0e8055ab86f1a13df75a0269 (5.18-rc5)
NOTE: https://www.openwall.com/lists/oss-security/2023/07/02/1
CVE-2023-3390 (A use-after-free vulnerability was found in the Linux kernel's netfilt ...)
+ {DSA-5448-1}
- linux 6.3.11-1
NOTE: https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97 (6.4-rc7)
NOTE: https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97
@@ -576,6 +654,7 @@ CVE-2023-3389 (A use-after-free vulnerability in the Linux Kernel io_uring subsy
NOTE: https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8
NOTE: https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663
CVE-2023-3090 (A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan ne ...)
+ {DSA-5448-1}
- linux 6.3.7-1
NOTE: https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)
CVE-2023-3034 (Reflected XSS affects the \u2018mode\u2019 parameter in the /admin fun ...)
@@ -892,6 +971,7 @@ CVE-2023-2993 (A valid, authenticated user with limited privileges may be able t
CVE-2023-2992 (An unauthenticated denial of service vulnerability exists in the SMM v ...)
NOT-FOR-US: Lenovo
CVE-2023-36675 (An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1. ...)
+ {DSA-5447-1}
- mediawiki 1:1.39.4-1
[buster] - mediawiki <not-affected> (partial blocking was introduced in 1.33)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/921452
@@ -1753,6 +1833,7 @@ CVE-2023-3294 (Cross-site Scripting (XSS) - DOM in GitHub repository saleor/reac
CVE-2023-3293 (Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/ ...)
NOT-FOR-US: salesagility/suitecrm-core
CVE-2023-35788 (An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c ...)
+ {DSA-5448-1}
- linux 6.3.7-1
NOTE: https://www.openwall.com/lists/oss-security/2023/06/07/1
NOTE: https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c (6.4-rc5)
@@ -1810,12 +1891,14 @@ CVE-2023-3291 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior t
NOTE: https://huntr.dev/bounties/526954e6-8683-4697-bfa2-886c3204a1d5/
NOTE: https://github.com/gpac/gpac/commit/6a748ccc3f76ff10e3ae43014967ea4b0c088aaf
CVE-2023-3269
+ {DSA-5448-1}
- linux 6.3.11-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://github.com/lrh2000/StackRot
NOTE: https://www.openwall.com/lists/oss-security/2023/07/05/1
CVE-2023-3268 (An out of bounds (OOB) memory access flaw was found in the Linux kerne ...)
+ {DSA-5448-1}
- linux 6.3.7-1
NOTE: https://git.kernel.org/linus/43ec16f1450f4936025a9bdf1a273affdb9732c1 (6.4-rc1)
CVE-2023-35708 (In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6 ...)
@@ -2357,6 +2440,7 @@ CVE-2023-2563 (The WordPress Contact Forms by Cimatti plugin for WordPress is vu
CVE-2023-2351 (The WP Directory Kit plugin for WordPress is vulnerable to unauthorize ...)
NOT-FOR-US: WP Directory Kit plugin for WordPress
CVE-2023-3212 (A NULL pointer dereference issue was found in the gfs2 file system in ...)
+ {DSA-5448-1}
- linux 6.3.7-1
NOTE: https://git.kernel.org/linus/504a10d9e46bc37b23d0a1ae2f28973c8516e636 (6.4-rc2)
CVE-2023-3208 (A vulnerability, which was classified as critical, has been found in R ...)
@@ -5350,12 +5434,14 @@ CVE-2023-2458 (Use after free in ChromeOS Camera in Google Chrome on ChromeOS pr
CVE-2023-2457 (Out of bounds write in ChromeOS Audio Server in Google Chrome on Chrom ...)
NOT-FOR-US: Google Chrome on ChromeOS
CVE-2023-32254
+ {DSA-5448-1}
- linux 6.3.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/30210947a343b6b3ca13adc9bfc88e1543e16dd5 (6.4-rc1)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-20592/
CVE-2023-32250
+ {DSA-5448-1}
- linux 6.3.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -6283,10 +6369,10 @@ CVE-2023-31226 (The SDK for the MediaPlaybackController module has improper perm
NOT-FOR-US: Huawei
CVE-2023-31225 (The Gallery app has the risk of hijacking attacks. Successful exploita ...)
NOT-FOR-US: Huawei
-CVE-2023-31194
- RESERVED
-CVE-2023-27390
- RESERVED
+CVE-2023-31194 (An access violation vulnerability exists in the GraphPlanar::Write fun ...)
+ TODO: check
+CVE-2023-27390 (A heap-based buffer overflow vulnerability exists in the Sequence::Dra ...)
+ TODO: check
CVE-2023-2314
RESERVED
CVE-2023-2313
@@ -6625,6 +6711,7 @@ CVE-2023-24476 (An attacker with local access to the machine could record the tr
CVE-2023-2270 (The Netskope client service running with NT\SYSTEM privileges accepts ...)
NOT-FOR-US: Netskope
CVE-2023-2269 (A denial of service problem was found, due to a possible recursive loc ...)
+ {DSA-5448-1}
- linux 6.3.7-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2189388
CVE-2023-2268
@@ -6763,6 +6850,7 @@ CVE-2023-31085 (An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux k
NOTE: https://lore.kernel.org/all/687864524.118195.1681799447034.JavaMail.zimbra@nod.at/
NOTE: Negligible security impact
CVE-2023-31084 (An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in th ...)
+ {DSA-5448-1}
- linux 6.3.7-1
NOTE: https://lore.kernel.org/all/CA+UBctCu7fXn4q41O_3=id1+OdyQ85tZY1x+TkT-6OVBL6KAUw@mail.gmail.com/
CVE-2023-31083 (An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux ...)
@@ -7600,6 +7688,7 @@ CVE-2023-2157 (A heap-based buffer overflow vulnerability was found in the Image
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/9a9896fce95d09e5e47b86baccbe1ce1a2fca76b (7.1.1-7)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/7e4c992f148afc5b28111e540921d5b6e4e38673 (6.9.12-85)
CVE-2023-2156 (A flaw was found in the networking subsystem of the Linux kernel withi ...)
+ {DSA-5448-1}
- linux 6.3.11-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-547/
@@ -7734,6 +7823,7 @@ CVE-2023-2126
CVE-2023-2125
RESERVED
CVE-2023-2124 (An out-of-bounds memory access flaw was found in the Linux kernel\u201 ...)
+ {DSA-5448-1}
- linux 6.3.7-1
NOTE: https://www.openwall.com/lists/oss-security/2023/04/19/2
NOTE: https://lore.kernel.org/linux-xfs/20230412214034.GL3223426@dread.disaster.area/T/#m1ebbcd1ad061d2d33bef6f0534a2b014744d152d
@@ -8208,8 +8298,8 @@ CVE-2023-30608 (sqlparse is a non-validating SQL parser module for Python. In af
NOTE: https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2
NOTE: Introduced by: https://github.com/andialbrecht/sqlparse/commit/e75e35869473832a1eb67772b1adfee2db11b85a (0.1.15)
NOTE: Fixed by: https://github.com/andialbrecht/sqlparse/commit/c457abd5f097dd13fb21543381e7cfafe7d31cfb (0.4.4)
-CVE-2023-30607
- RESERVED
+CVE-2023-30607 (icingaweb2-module-jira provides integration with Atlassian Jira. Start ...)
+ TODO: check
CVE-2023-30606 (Discourse is an open source platform for community discussion. In affe ...)
NOT-FOR-US: Discourse
CVE-2023-30605 (Archery is an open source SQL audit platform. The Archery project cont ...)
@@ -12355,6 +12445,7 @@ CVE-2023-29143
CVE-2023-29142
RESERVED
CVE-2023-29141 (An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1. ...)
+ {DSA-5447-1}
- mediawiki 1:1.39.4-1
[buster] - mediawiki <no-dsa> (Minor issue)
NOTE: https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39
@@ -18948,12 +19039,12 @@ CVE-2023-27201
RESERVED
CVE-2023-27200
RESERVED
-CVE-2023-27199
- RESERVED
-CVE-2023-27198
- RESERVED
-CVE-2023-27197
- RESERVED
+CVE-2023-27199 (PAX Technology A930 PayDroid_7.1.1_Virgo_V04.5.02_20220722 allows atta ...)
+ TODO: check
+CVE-2023-27198 (PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow ...)
+ TODO: check
+CVE-2023-27197 (PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow ...)
+ TODO: check
CVE-2023-27196
RESERVED
CVE-2023-27195
@@ -24120,8 +24211,8 @@ CVE-2023-25401
RESERVED
CVE-2023-25400
RESERVED
-CVE-2023-25399
- RESERVED
+CVE-2023-25399 (A refcounting issue which leads to potential memory leak was discovere ...)
+ TODO: check
CVE-2023-25398
RESERVED
CVE-2023-25397
@@ -33825,7 +33916,7 @@ CVE-2022-48075
RESERVED
CVE-2022-48074 (An issue in NoMachine before v8.2.3 allows attackers to execute arbitr ...)
NOT-FOR-US: NoMachine
-CVE-2022-48073 (Phicomm K2 v22.6.534.263 was discovered to store the root and admin pa ...)
+CVE-2022-48073 (Phicomm K2G v22.6.3.20 was discovered to store the root and admin pass ...)
NOT-FOR-US: Phicomm
CVE-2022-48072 (Phicomm K2G v22.6.3.20 was discovered to contain a command injection v ...)
NOT-FOR-US: Phicomm
@@ -37516,7 +37607,7 @@ CVE-2022-4490
RESERVED
CVE-2022-4489 (The HUSKY WordPress plugin before 1.3.2 unserializes user input provid ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4488 (The Widgets on Pages WordPress plugin through 1.6.0 does not validate ...)
+CVE-2022-4488 (The Widgets on Pages WordPress plugin before 1.8.0 does not validate a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4487 (The Easy Accordion WordPress plugin before 2.2.0 does not validate and ...)
NOT-FOR-US: WordPress plugin
@@ -202976,8 +203067,8 @@ CVE-2020-25971
RESERVED
CVE-2020-25970
RESERVED
-CVE-2020-25969
- RESERVED
+CVE-2020-25969 (gnuplot v5.5 was discovered to contain a buffer overflow via the funct ...)
+ TODO: check
CVE-2020-25968
RESERVED
CVE-2020-25967 (The member center function in fastadmin V1.0.0.20200506_beta is vulner ...)
@@ -208978,8 +209069,8 @@ CVE-2020-23454
RESERVED
CVE-2020-23453
RESERVED
-CVE-2020-23452
- RESERVED
+CVE-2020-23452 (A cross-site scripting (XSS) vulnerability in Selenium Grid v3.141.59 ...)
+ TODO: check
CVE-2020-23451 (Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to ...)
NOT-FOR-US: Spiceworks
CVE-2020-23450 (Spiceworks Version <= 7.5.00107 is affected by XSS. Any name typed on ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76cc0da5f7c125168db454269632da45f34c4096
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76cc0da5f7c125168db454269632da45f34c4096
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230705/630bb8dc/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list