[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 5 21:12:39 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d8595da1 by security tracker role at 2023-05-05T20:12:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,26 @@
-CVE-2023-32269 [netrom: Fix use-after-free caused by accept on already connected socket]
+CVE-2023-2554 (External Control of File Name or Path in GitHub repository unilogies/b ...)
+ TODO: check
+CVE-2023-2553 (Cross-site Scripting (XSS) - Stored in GitHub repository unilogies/bum ...)
+ TODO: check
+CVE-2023-2552 (Cross-Site Request Forgery (CSRF) in GitHub repository unilogies/bumsy ...)
+ TODO: check
+CVE-2023-2551 (PHP Remote File Inclusion in GitHub repository unilogies/bumsys prior ...)
+ TODO: check
+CVE-2023-2550 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...)
+ TODO: check
+CVE-2023-2540
+ REJECTED
+CVE-2023-2539
+ REJECTED
+CVE-2023-2537
+ REJECTED
+CVE-2023-2536
+ REJECTED
+CVE-2023-2516 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...)
+ TODO: check
+CVE-2023-2427 (Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/p ...)
+ TODO: check
+CVE-2023-32269 (An issue was discovered in the Linux kernel before 6.1.11. In net/netr ...)
- linux 6.1.11-1
[bullseye] - linux 5.10.178-1
[buster] - linux 4.19.282-1
@@ -11,7 +33,8 @@ CVE-2023-31414 (Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code ex
- kibana <itp> (bug #700337)
CVE-2023-31413 (Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson inp ...)
TODO: check
-CVE-2023-2535 (Sensitive information exposure in the Web Frontend of KNIME Business H ...)
+CVE-2023-2535
+ REJECTED
NOT-FOR-US: KNIME
CVE-2023-2531 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...)
NOT-FOR-US: azuracast
@@ -3040,8 +3063,8 @@ CVE-2023-30436
RESERVED
CVE-2023-30435
RESERVED
-CVE-2023-30434
- RESERVED
+CVE-2023-30434 (IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 ...)
+ TODO: check
CVE-2023-30433
RESERVED
CVE-2023-30432
@@ -3445,10 +3468,10 @@ CVE-2023-30245
RESERVED
CVE-2023-30244
RESERVED
-CVE-2023-30243
- RESERVED
-CVE-2023-30242
- RESERVED
+CVE-2023-30243 (Beijing Netcon NS-ASG Application Security Gateway v6.3 is vulnerable ...)
+ TODO: check
+CVE-2023-30242 (NS-ASG v6.3 was discovered to contain a SQL injection vulnerability vi ...)
+ TODO: check
CVE-2023-30241
RESERVED
CVE-2023-30240
@@ -3824,10 +3847,10 @@ CVE-2023-30056
RESERVED
CVE-2023-30055
RESERVED
-CVE-2023-30054
- RESERVED
-CVE-2023-30053
- RESERVED
+CVE-2023-30054 (TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnera ...)
+ TODO: check
+CVE-2023-30053 (TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Inject ...)
+ TODO: check
CVE-2023-30052
RESERVED
CVE-2023-30051
@@ -3906,8 +3929,8 @@ CVE-2023-30015
RESERVED
CVE-2023-30014
RESERVED
-CVE-2023-30013
- RESERVED
+CVE-2023-30013 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 cont ...)
+ TODO: check
CVE-2023-30012
RESERVED
CVE-2023-30011
@@ -4049,28 +4072,28 @@ CVE-2023-29944
RESERVED
CVE-2023-29943
RESERVED
-CVE-2023-29942
- RESERVED
-CVE-2023-29941
- RESERVED
+CVE-2023-29942 (llvm-project commit a0138390 was discovered to contain a segmentation ...)
+ TODO: check
+CVE-2023-29941 (llvm-project commit a0138390 was discovered to contain a segmentation ...)
+ TODO: check
CVE-2023-29940
RESERVED
-CVE-2023-29939
- RESERVED
+CVE-2023-29939 (llvm-project commit a0138390 was discovered to contain a segmentation ...)
+ TODO: check
CVE-2023-29938
RESERVED
CVE-2023-29937
RESERVED
CVE-2023-29936
RESERVED
-CVE-2023-29935
- RESERVED
-CVE-2023-29934
- RESERVED
-CVE-2023-29933
- RESERVED
-CVE-2023-29932
- RESERVED
+CVE-2023-29935 (llvm-project commit a0138390 was discovered to contain an assertion fa ...)
+ TODO: check
+CVE-2023-29934 (llvm-project commit 6c01b5c was discovered to contain a segmentation f ...)
+ TODO: check
+CVE-2023-29933 (llvm-project commit bd456297 was discovered to contain a segmentation ...)
+ TODO: check
+CVE-2023-29932 (llvm-project commit fdbc55a5 was discovered to contain a segmentation ...)
+ TODO: check
CVE-2023-29931
RESERVED
CVE-2023-29930
@@ -4619,8 +4642,8 @@ CVE-2023-29661
RESERVED
CVE-2023-29660
RESERVED
-CVE-2023-29659
- RESERVED
+CVE-2023-29659 (A Segmentation fault caused by a floating point exception exists in li ...)
+ TODO: check
CVE-2023-29658
RESERVED
CVE-2023-29657
@@ -14959,8 +14982,8 @@ CVE-2023-26287
RESERVED
CVE-2023-26286 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...)
NOT-FOR-US: IBM
-CVE-2023-26285
- RESERVED
+CVE-2023-26285 (IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attac ...)
+ TODO: check
CVE-2023-26284 (IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0 through ...)
NOT-FOR-US: IBM
CVE-2023-26283 (IBM WebSphere Application Server 9.0 is vulnerable to cross-site scrip ...)
@@ -25341,8 +25364,8 @@ CVE-2023-22876 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0
NOT-FOR-US: IBM
CVE-2023-22875 (IBM QRadar SIEM 7.4 and 7.5copies certificate key files used for SSL/T ...)
NOT-FOR-US: IBM
-CVE-2023-22874
- RESERVED
+CVE-2023-22874 (IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial ...)
+ TODO: check
CVE-2023-22873
RESERVED
CVE-2023-22872
@@ -44054,8 +44077,8 @@ CVE-2022-43921
RESERVED
CVE-2022-43920 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 c ...)
NOT-FOR-US: IBM
-CVE-2022-43919
- RESERVED
+CVE-2022-43919 (IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticat ...)
+ TODO: check
CVE-2022-43918
RESERVED
CVE-2022-43917 (IBM WebSphere Application Server 8.5 and 9.0 traditional container use ...)
@@ -44160,8 +44183,8 @@ CVE-2022-43868
RESERVED
CVE-2022-43867 (IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacke ...)
NOT-FOR-US: IBM
-CVE-2022-43866
- RESERVED
+CVE-2022-43866 (IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross ...)
+ TODO: check
CVE-2022-43865
RESERVED
CVE-2022-43864 (IBM Business Automation Workflow 22.0.2 could allow a remote attacker ...)
@@ -58138,8 +58161,8 @@ CVE-2022-38709 (IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cl
NOT-FOR-US: IBM
CVE-2022-38708 (IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to ...)
NOT-FOR-US: IBM
-CVE-2022-38707
- RESERVED
+CVE-2022-38707 (IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obt ...)
+ TODO: check
CVE-2022-38706
RESERVED
CVE-2022-38705 (IBM CICS TX 11.1 Standard and Advanced could allow a remote attacker t ...)
@@ -107919,6 +107942,7 @@ CVE-2021-45913 (A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) befor
CVE-2021-45912 (An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cu ...)
NOT-FOR-US: ControlUp Real-Time Agent
CVE-2021-44775 (Cross-site scripting (XSS) issue in Website app of Odoo Community 15.0 ...)
+ {DSA-5399-1}
- odoo <unfixed>
NOTE: https://github.com/odoo/odoo/issues/107691
NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/74532a0839b57337cc26ffc66b2884039e68f23b
@@ -108505,10 +108529,12 @@ CVE-2021-45681 (An issue was discovered in the derive-com-impl crate before 0.1.
CVE-2021-45680 (An issue was discovered in the vec-const crate before 2.0.0 for Rust. ...)
NOT-FOR-US: Rust crate vec-const
CVE-2021-45111 (Improper access control in Odoo Community 15.0 and earlier and Odoo En ...)
+ {DSA-5399-1}
- odoo <unfixed>
NOTE: https://github.com/odoo/odoo/issues/107683
NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/d326153e016f93c22f40ad8fb146bb4108bb94dc
CVE-2021-45071 (Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and O ...)
+ {DSA-5399-1}
- odoo <unfixed>
NOTE: https://github.com/odoo/odoo/issues/107697
NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/609b6503af97af5cf00ff497760f71cd71860c48
@@ -108516,6 +108542,7 @@ CVE-2021-44547 (A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15
- odoo <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/odoo/odoo/issues/107696
CVE-2021-44476 (A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterpr ...)
+ {DSA-5399-1}
- odoo <unfixed>
NOTE: https://github.com/odoo/odoo/issues/107684
NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/be2c857a2e19b0a752555ab377ce5e1cb081a186
@@ -108537,22 +108564,27 @@ CVE-2021-4176 (livehelperchat is vulnerable to Improper Neutralization of Input
CVE-2021-4175 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
NOT-FOR-US: livehelperchat
CVE-2021-26947 (Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and O ...)
+ {DSA-5399-1}
- odoo <unfixed>
NOTE: https://github.com/odoo/odoo/issues/107694
NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/e451c4fbffa9472cd3686492e8ba41430ab3b235
CVE-2021-23186 (A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterpr ...)
+ {DSA-5399-1}
- odoo <unfixed>
NOTE: https://github.com/odoo/odoo/issues/107688
NOTE: https://github.com/odoo/odoo/commit/c1d6d4a1d9148275213c7f3c286658366df03bd7
CVE-2021-23178 (Improper access control in Odoo Community 15.0 and earlier and Odoo En ...)
+ {DSA-5399-1}
- odoo <unfixed>
NOTE: https://github.com/odoo/odoo/issues/107690
NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/5ac55247b576312ea4f1f274c94d955dd23335d1
CVE-2021-23176 (Improper access control in reporting engine of l10n_fr_fec module in O ...)
+ {DSA-5399-1}
- odoo <unfixed>
NOTE: https://github.com/odoo/odoo/issues/107682
NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/f166400c7ddd1bc571fcad52d18d2371f2c3fd87
CVE-2021-23166 (A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterpr ...)
+ {DSA-5399-1}
- odoo <unfixed>
NOTE: https://github.com/odoo/odoo/issues/107687
NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/1f1e03ff29f711dd26cfbcadc60b7d03fdb59ed7
@@ -136363,10 +136395,12 @@ CVE-2021-3654 (A vulnerability was found in openstack-nova's console proxy, noVN
NOTE: https://bugs.launchpad.net/nova/+bug/1927677
NOTE: Errata: https://www.openwall.com/lists/oss-security/2021/09/27/1
CVE-2021-26263 (Cross-site scripting (XSS) issue in Discuss app of Odoo Community 14.0 ...)
+ {DSA-5399-1}
- odoo <unfixed>
NOTE: https://github.com/odoo/odoo/issues/107693
NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/ff1db4a6aea522cf3dfc80ca88e64ffecfb5e07c
CVE-2021-23203 (Improper access control in reporting engine of Odoo Community 14.0 thr ...)
+ {DSA-5399-1}
- odoo <unfixed>
NOTE: https://github.com/odoo/odoo/issues/107695
NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/f2c1ee5a622db33a4411e7f9285f09387d1d7480
@@ -249216,8 +249250,8 @@ CVE-2020-4916 (IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. T
NOT-FOR-US: IBM
CVE-2020-4915
RESERVED
-CVE-2020-4914
- RESERVED
+CVE-2020-4914 (IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate ...)
+ TODO: check
CVE-2020-4913 (IBM Cloud Pak System 2.3 could reveal credential information in the HT ...)
NOT-FOR-US: IBM
CVE-2020-4912 (IBM Cloud Pak System 2.3 Self Service Console could allow a privilege ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8595da15bb72de63a21f8fa744cbae435317532
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8595da15bb72de63a21f8fa744cbae435317532
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230505/2be538dc/attachment.htm>
More information about the debian-security-tracker-commits
mailing list