[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jul 24 21:12:29 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0e6f6214 by security tracker role at 2023-07-24T20:12:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2023-3870
+ REJECTED
+CVE-2023-3863 (A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp ...)
+ TODO: check
+CVE-2023-3344 (The Auto Location for WP Job Manager via Google WordPress plugin befor ...)
+ TODO: check
+CVE-2023-3324 (A vulnerability exists by allowing low-privileged users to read and up ...)
+ TODO: check
+CVE-2023-3323 (A vulnerability exists by allowing low-privileged users to read and up ...)
+ TODO: check
+CVE-2023-3322 (A vulnerability exists by allowing low-privileged users to read and up ...)
+ TODO: check
+CVE-2023-3321 (A vulnerability exists by allowing low-privileged users to read and up ...)
+ TODO: check
+CVE-2023-3248 (The All-in-one Floating Contact Form WordPress plugin before 2.1.2 doe ...)
+ TODO: check
+CVE-2023-38060 (Improper Input Validation vulnerability in the ContentType parameter f ...)
+ TODO: check
+CVE-2023-38058 (An improper privilege check in the OTRS ticket move action in the agen ...)
+ TODO: check
+CVE-2023-38057 (An improper input validation vulnerability in OTRS Survey modules allo ...)
+ TODO: check
+CVE-2023-38056 (Improper Neutralization of commands allowed to be executed via OTRS Sy ...)
+ TODO: check
+CVE-2023-37613 (A cross-site scripting (XSS) vulnerability in Assembly Software Trialw ...)
+ TODO: check
+CVE-2023-2761 (The User Activity Log WordPress plugin before 1.6.3 does not properly ...)
+ TODO: check
CVE-2023-3862 (A vulnerability was found in Travelmate Travelable Trek Management Sol ...)
NOT-FOR-US: Travelmate Travelable Trek Management Solution
CVE-2023-3861 (A vulnerability was found in phpscriptpoint Insurance 1.2. It has been ...)
@@ -185,7 +213,7 @@ CVE-2023-32624 (Cross-site scripting vulnerability in TS Webfonts for SAKURA 3.1
NOT-FOR-US: SAKURA
CVE-2023-32478 (Dell PowerStore versions prior to 3.5.0.1 contain an insertion of sens ...)
NOT-FOR-US: Dell
-CVE-2023-3812 [net: tun: fix bugs for oversize packet when napi frags enabled]
+CVE-2023-3812 (An out-of-bounds memory access flaw was found in the Linux kernel\u201 ...)
- linux 6.0.8-1
[bullseye] - linux 5.10.158-1
[buster] - linux 4.19.269-1
@@ -271,7 +299,7 @@ CVE-2023-37450 [Processing web content may lead to arbitrary code execution]
- wpewebkit 2.40.4-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
NOTE: https://webkitgtk.org/security/WSA-2023-0006.html
-CVE-2023-38200
+CVE-2023-38200 (A flaw was found in Keylime. Due to their blocking nature, the Keylime ...)
NOT-FOR-US: Keylime
CVE-2023-3784 (A vulnerability was found in Dooblou WiFi File Explorer 1.13.3. It has ...)
NOT-FOR-US: Dooblou WiFi File Explorer
@@ -297,7 +325,7 @@ CVE-2023-36853 (In Keysight Geolocation Server v2.4.2 and prior, a low privilege
NOT-FOR-US: Keysight Geolocation Server
CVE-2023-35134 (Weintek Weincloud v0.13.6 could allow an attacker to reset a passwor ...)
NOT-FOR-US: Weincloud
-CVE-2023-34478
+CVE-2023-34478 (Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a ...)
- shiro <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2023/07/24/4
TODO: check
@@ -406,7 +434,7 @@ CVE-2023-34967 (A Type Confusion vulnerability was found in Samba's mdssvc RPC s
CVE-2023-34966 (An infinite loop vulnerability was found in Samba's mdssvc RPC service ...)
- samba 2:4.18.5+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2023-34966.html
-CVE-2023-3750 [improper locking in virStoragePoolObjListSearch may lead to denial of service]
+CVE-2023-3750 (A flaw was found in libvirt. The virStoragePoolObjListSearch function ...)
- libvirt <unfixed> (bug #1041811)
[bookworm] - libvirt <no-dsa> (Minor issue)
[bullseye] - libvirt <not-affected> (Vulnerable code not present)
@@ -415,13 +443,13 @@ CVE-2023-3750 [improper locking in virStoragePoolObjListSearch may lead to denia
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2222210
NOTE: Introduced with: https://gitlab.com/libvirt/libvirt/-/commit/0c4b391e2a90c3e0f8a8721cb539e03f14eb1d5e (v8.3.0-rc1)
NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/9a47442366fcf8a7b6d7422016d7bbb6764a1098
-CVE-2023-3748 [Inifinite loop in babld message parsing may cause DoS]
+CVE-2023-3748 (A flaw was found in FRRouting when parsing certain babeld unicast hell ...)
- frr <unfixed>
NOTE: https://github.com/FRRouting/frr/issues/11808
NOTE: https://github.com/FRRouting/frr/pull/12950
NOTE: https://github.com/FRRouting/frr/pull/12952
NOTE: https://github.com/FRRouting/frr/commit/0a95d121ca8e1f43d41d952d6c82d111ca850085 (frr-8.5)
-CVE-2023-3745
+CVE-2023-3745 (A heap-based buffer overflow issue was found in ImageMagick's PushChar ...)
- imagemagick 8:6.9.11.24+dfsg-1
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1857
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/7486477aa00c5c7856b111506da075b6cdfa8b73 (6.9.11-0)
@@ -1256,7 +1284,7 @@ CVE-2023-3642 (A vulnerability was found in GZ Scripts Vacation Rental Website 1
NOT-FOR-US: GZ Scripts Vacation Rental Website
CVE-2023-3641 (A vulnerability has been found in khodakhah NodCMS 3.4.1 and classifie ...)
NOT-FOR-US: khodakhah NodCMS
-CVE-2023-3640 [x86/mm: a per-cpu entry area leak was identified through the init_cea_offsets function when prefetchnta and prefetcht2 instructions being used for the per-cpu entry area mapping to the user space]
+CVE-2023-3640 (A possible unauthorized memory access flaw was found in the Linux kern ...)
- linux <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2217523
CVE-2023-3635 (GzipSource does not handle an exception that might be raised when pars ...)
@@ -1464,7 +1492,7 @@ CVE-2023-3080 (The WP Mail Catcher plugin for WordPress is vulnerable to Stored
NOT-FOR-US: WP Mail Catcher plugin for WordPress
CVE-2023-3023 (The WP EasyCart plugin for WordPress is vulnerable to time-based SQL I ...)
NOT-FOR-US: WP EasyCart plugin for WordPress
-CVE-2023-3019 [e1000e: heap use-after-free in e1000e_write_packet_to_guest()]
+CVE-2023-3019 (A DMA reentrancy issue leading to a use-after-free error was found in ...)
- qemu <unfixed> (bug #1041102)
[bookworm] - qemu <no-dsa> (Minor issue)
[bullseye] - qemu <no-dsa> (Minor issue)
@@ -2050,7 +2078,7 @@ CVE-2023-31405 (SAP NetWeaver AS for Java - versions ENGINEAPI 7.50, SERVERCORE
NOT-FOR-US: SAP
CVE-2023-3605 (A vulnerability was found in PHPGurukul Online Shopping Portal 1.0. It ...)
NOT-FOR-US: PHPGurukul Online Shopping Portal
-CVE-2023-3417
+CVE-2023-3417 (Thunderbird allowed the Text Direction Override Unicode Character in f ...)
- thunderbird <not-affected> (Only affected version ever only in experimental)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-27/#CVE-2023-3417
CVE-2023-3600 (During the worker lifecycle, a use-after-free condition could have occ ...)
@@ -2226,7 +2254,7 @@ CVE-2023-2853 (Improper Neutralization of Input During Web Page Generation ('Cro
NOT-FOR-US: Softmed SelfPatron
CVE-2023-2852 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Softmed SelfPatron
-CVE-2023-3567
+CVE-2023-3567 (A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_scree ...)
- linux 6.1.11-1
[bullseye] - linux 5.10.178-1
[buster] - linux 4.19.282-1
@@ -2517,35 +2545,35 @@ CVE-2021-46894 (Use After Free (UAF) vulnerability in the uinput module.Successf
NOT-FOR-US: Huawei
CVE-2021-46892 (Encryption bypass vulnerability in Maintenance mode. Successful exploi ...)
NOT-FOR-US: Huawei
-CVE-2023-32258
+CVE-2023-32258 (A flaw was found in the Linux kernel's ksmbd, a high-performance in-ke ...)
- linux 6.3.7-1
[bookworm] - linux 6.1.37-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-20796/
NOTE: https://git.kernel.org/linus/abcc506a9a71976a8b4c9bf3ee6efd13229c1e19 (6.4-rc1)
-CVE-2023-32257
+CVE-2023-32257 (A flaw was found in the Linux kernel's ksmbd, a high-performance in-ke ...)
- linux 6.3.7-1
[bookworm] - linux 6.1.37-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-20596/
NOTE: https://git.kernel.org/linus/f5c779b7ddbda30866cf2a27c63e34158f858c73 (6.4-rc1)
-CVE-2023-32252
+CVE-2023-32252 (A flaw was found in the Linux kernel's ksmbd, a high-performance in-ke ...)
- linux 6.3.7-1
[bookworm] - linux 6.1.37-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-20590/
NOTE: https://git.kernel.org/linus/f5c779b7ddbda30866cf2a27c63e34158f858c73 (6.4-rc1)
-CVE-2023-32248 [ksmbd: fix NULL pointer dereference in smb2_get_info_filesystem()]
+CVE-2023-32248 (A flaw was found in the Linux kernel's ksmbd, a high-performance in-ke ...)
- linux 6.3.7-1
[bookworm] - linux 6.1.37-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-20479/
NOTE: https://git.kernel.org/linus/3ac00a2ab69b34189942afa9e862d5170cdcb018 (6.4-rc1)
-CVE-2023-32247 [ksmbd: destroy expired sessions]
+CVE-2023-32247 (A flaw was found in the Linux kernel's ksmbd, a high-performance in-ke ...)
- linux 6.3.7-1
[bookworm] - linux 6.1.37-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -3429,7 +3457,7 @@ CVE-2023-2861 [9pfs: prevent opening special files]
[bullseye] - qemu <no-dsa> (Minor issue)
[buster] - qemu <no-dsa> (Minor issue)
NOTE: https://gitlab.com/qemu-project/qemu/-/commit/f6b0de53fb87ddefed348a39284c8e2f28dc4eda
-CVE-2023-2860 [ipv6: sr: fix out-of-bounds read when setting HMAC data.]
+CVE-2023-2860 (An out-of-bounds read vulnerability was found in the SR-IPv6 implement ...)
- linux 5.19.11-1
[bullseye] - linux 5.10.148-1
[buster] - linux 4.19.260-1
@@ -3676,7 +3704,7 @@ CVE-2023-3393 (Code Injection in GitHub repository fossbilling/fossbilling prior
NOT-FOR-US: fossbilling
CVE-2023-3391 (A vulnerability was found in SourceCodester Human Resource Management ...)
NOT-FOR-US: SourceCodester Human Resource Management System
-CVE-2023-3384
+CVE-2023-3384 (A flaw was found in the Quay registry. While the image labels created ...)
NOT-FOR-US: Quay
CVE-2023-3383 (A vulnerability, which was classified as critical, was found in Source ...)
NOT-FOR-US: SourceCodester Game Result Matrix System
@@ -4131,7 +4159,7 @@ CVE-2023-34340 (Improper Authentication vulnerability in Apache Software Foundat
NOT-FOR-US: Apache Accumulo
CVE-2023-3340 (A vulnerability was found in SourceCodester Online School Fees System ...)
NOT-FOR-US: SourceCodester Online School Fees System
-CVE-2023-3338 (A flaw null pointer dereference in the Linux kernel DECnet networking ...)
+CVE-2023-3338 (A null pointer dereference flaw was found in the Linux kernel's DECnet ...)
- linux 6.1.4-1
NOTE: https://www.openwall.com/lists/oss-security/2023/06/24/3
NOTE: https://git.kernel.org/linus/1202cdd665315c525b5237e96e0bedc76d7e754f (6.1-rc1)
@@ -4246,7 +4274,7 @@ CVE-2023-31411 (A remote unprivileged attacker can modify and access configurati
NOT-FOR-US: SICK
CVE-2023-31410 (A remote unprivileged attacker can intercept the communication via e.g ...)
NOT-FOR-US: SICK
-CVE-2023-2908 (A null pointer dereference issue was discovered in Libtiff's tif_dir.c ...)
+CVE-2023-2908 (A null pointer dereference issue was found in Libtiff's tif_dir.c file ...)
- tiff 4.5.1~rc3-1
[bookworm] - tiff <no-dsa> (Minor issue)
[bullseye] - tiff <no-dsa> (Minor issue)
@@ -5737,13 +5765,13 @@ CVE-2023-33958 (notation is a CLI tool to sign and verify OCI artifacts and cont
NOT-FOR-US: notation
CVE-2023-33957 (notation is a CLI tool to sign and verify OCI artifacts and container ...)
NOT-FOR-US: notation
-CVE-2023-33952
+CVE-2023-33952 (A double-free vulnerability was found in the vmwgfx driver in the Linu ...)
- linux 6.1.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-20292/
NOTE: https://git.kernel.org/linus/9ef8d83e8e25d5f1811b3a38eb1484f85f64296c (6.4-rc1)
-CVE-2023-33951 [drm/vmwgfx: Do not drop the reference to the handle too soon]
+CVE-2023-33951 (A race condition vulnerability was found in the vmwgfx driver in the L ...)
- linux 6.1.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -9043,8 +9071,8 @@ CVE-2023-2311
RESERVED
CVE-2023-2310 (A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer E ...)
NOT-FOR-US: Schweitzer Engineering Laboratories
-CVE-2023-2309
- RESERVED
+CVE-2023-2309 (The wpForo Forum WordPress plugin before 2.1.9 does not escape some re ...)
+ TODO: check
CVE-2023-2308
RESERVED
CVE-2023-2307 (Cross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik ...)
@@ -18143,8 +18171,7 @@ CVE-2023-1388 (A heap-based overflow vulnerability in TA prior to version 5.7.9
NOT-FOR-US: Trellix
CVE-2023-1387 (Grafana is an open-source platform for monitoring and observability. ...)
- grafana <removed>
-CVE-2023-1386 [9pfs: SUID/SGID bits not dropped on file write]
- RESERVED
+CVE-2023-1386 (A flaw was found in the 9p passthrough filesystem (9pfs) implementatio ...)
- qemu <unfixed>
[bookworm] - qemu <no-dsa> (Minor issue)
[bullseye] - qemu <no-dsa> (Minor issue)
@@ -24568,10 +24595,10 @@ CVE-2023-26080
RESERVED
CVE-2023-26079
RESERVED
-CVE-2023-26078
- RESERVED
-CVE-2023-26077
- RESERVED
+CVE-2023-26078 (Privilege escalation vulnerability was discovered in Atera Agent 1.8.4 ...)
+ TODO: check
+CVE-2023-26077 (Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a D ...)
+ TODO: check
CVE-2023-26076 (An issue was discovered in Samsung Mobile Chipset and Baseband Modem C ...)
NOT-FOR-US: Samsung
CVE-2023-26075 (An issue was discovered in Samsung Mobile Chipset and Baseband Modem C ...)
@@ -52038,8 +52065,7 @@ CVE-2023-20595
RESERVED
CVE-2023-20594
RESERVED
-CVE-2023-20593 [use-after-free in AMD Zen2 processors]
- RESERVED
+CVE-2023-20593 (An issue in \u201cZen 2\u201d CPUs, under specific microarchitectural ...)
- amd64-microcode 3.20230719.1 (bug #1041863)
NOTE: https://www.openwall.com/lists/oss-security/2023/07/24/1
NOTE: https://lock.cmpxchg8b.com/zenbleed.html
@@ -91271,8 +91297,8 @@ CVE-2022-30282
RESERVED
CVE-2022-30281
RESERVED
-CVE-2022-30280
- RESERVED
+CVE-2022-30280 (/SecurityManagement/html/createuser.jsf in Nokia NetAct 22 allows CSRF ...)
+ TODO: check
CVE-2022-30279 (An issue was discovered in Stormshield Network Security (SNS) 4.3.x be ...)
NOT-FOR-US: Stormshield Network Security (SNS)
CVE-2022-30278 (A vulnerability in Black Duck Hub\u2019s embedded MadCap Flare documen ...)
@@ -95445,16 +95471,16 @@ CVE-2022-28869 (A vulnerability affecting F-Secure SAFE browser was discovered.
NOT-FOR-US: F-Secure
CVE-2022-28868 (An Address bar spoofing vulnerability was discovered in Safe Browser f ...)
NOT-FOR-US: F-Secure
-CVE-2022-28867
- RESERVED
+CVE-2022-28867 (An issue was discovered in Nokia NetAct 22 through the Administration ...)
+ TODO: check
CVE-2022-28866 (Multiple Improper Access Control was discovered in Nokia AirFrame BMC ...)
NOT-FOR-US: Nokia AirFrame BMC Web GUI
-CVE-2022-28865
- RESERVED
-CVE-2022-28864
- RESERVED
-CVE-2022-28863
- RESERVED
+CVE-2022-28865 (An issue was discovered in Nokia NetAct 22 through the Site Configurat ...)
+ TODO: check
+CVE-2022-28864 (An issue was discovered in Nokia NetAct 22 through the Administration ...)
+ TODO: check
+CVE-2022-28863 (An issue was discovered in Nokia NetAct 22. A remote user, authenticat ...)
+ TODO: check
CVE-2022-28862 (In Archibus Web Central before 26.2, multiple SQL Injection vulnerabil ...)
NOT-FOR-US: ARCHIBUS Web Central
CVE-2022-28861 (The server in Citilog 8.0 allows an attacker (in a man in the middle p ...)
@@ -110556,7 +110582,7 @@ CVE-2022-0365 (The affected product is vulnerable to an authenticated OS command
NOT-FOR-US: Ricon Mobile
CVE-2022-0364 (The Modern Events Calendar Lite WordPress plugin before 6.4.0 does not ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0363 (The myCred WordPress plugin before 2.4.4 does not have any authorisati ...)
+CVE-2022-0363 (The myCred WordPress plugin before 2.4.3.1 does not have any authorisa ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0362 (SQL Injection in Packagist showdoc/showdoc prior to 2.10.3.)
NOT-FOR-US: ShowDoc
@@ -112468,7 +112494,7 @@ CVE-2022-0289 (Use after free in Safe browsing in Google Chrome prior to 97.0.46
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0288 (The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPr ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0287 (The myCred WordPress plugin before 2.4.3.1 does not have any authorisa ...)
+CVE-2022-0287 (The myCred WordPress plugin before 2.4.4.1 does not have any authorisa ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0286 (A flaw was found in the Linux kernel. A null pointer dereference in bo ...)
- linux 5.14.6-1
@@ -113462,7 +113488,7 @@ CVE-2022-0216 (A use-after-free vulnerability was found in the LSI53C895A SCSI H
NOTE: https://gitlab.com/qemu-project/qemu/-/commit/4367a20cc442c56b05611b4224de9a61908f9eac (v7.1.0-rc0)
CVE-2022-0215 (The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0214 (The Popup | Custom Popup Builder WordPress plugin before 1.3.1 autoloa ...)
+CVE-2022-0214 (The Custom Popup Builder WordPress plugin before 1.3.1 autoload data f ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0213 (vim is vulnerable to Heap-based Buffer Overflow)
{DLA-3182-1 DLA-2947-1}
@@ -114550,7 +114576,7 @@ CVE-2022-0166 (A privilege escalation vulnerability in the McAfee Agent prior to
NOT-FOR-US: McAfee
CVE-2022-0165 (The Page Builder KingComposer WordPress plugin through 2.9.6 does not ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0164 (The Coming soon and Maintenance mode WordPress plugin before 3.6.8 doe ...)
+CVE-2022-0164 (The Coming soon and Maintenance mode WordPress plugin before 3.5.3 doe ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0163 (The Smart Forms WordPress plugin before 2.6.71 does not have authorisa ...)
NOT-FOR-US: WordPress plugin
@@ -115337,7 +115363,7 @@ CVE-2022-0142 (The Visual Form Builder WordPress plugin before 3.0.8 is vulnerab
NOT-FOR-US: WordPress plugin
CVE-2022-0141 (The Visual Form Builder WordPress plugin before 3.0.8 does not enforce ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0140 (The Visual Form Builder WordPress plugin before 3.0.8 does not perform ...)
+CVE-2022-0140 (The Visual Form Builder WordPress plugin before 3.0.6 does not perform ...)
NOT-FOR-US: WordPress plugin
CVE-2021-46150 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
NOT-FOR-US: MediaWiki extension CheckUser
@@ -139678,8 +139704,8 @@ CVE-2021-39423
RESERVED
CVE-2021-39422
RESERVED
-CVE-2021-39421
- RESERVED
+CVE-2021-39421 (A cross-site scripting (XSS) vulnerability in SeedDMS v6.0.15 allows a ...)
+ TODO: check
CVE-2021-39420 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in VFront 0. ...)
NOT-FOR-US: VFront
CVE-2021-39419
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e6f6214a77eaaf9a3915e5ec680c47211d4f50f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e6f6214a77eaaf9a3915e5ec680c47211d4f50f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230724/8c570dd2/attachment.htm>
More information about the debian-security-tracker-commits
mailing list