[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu May 11 21:38:31 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a744f936 by security tracker role at 2023-05-11T20:12:36+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,45 @@
+CVE-2023-32082 (etcd is a distributed key-value store for the data of a distributed sy ...)
+ TODO: check
+CVE-2023-32075 (The Customer Management Framework (CMF) for Pimcore adds functionality ...)
+ TODO: check
+CVE-2023-31498 (A privilege escalation issue was found in PHP Gurukul Hospital Managem ...)
+ TODO: check
+CVE-2023-31475 (An issue was discovered on GL.iNet devices before 3.216. The function ...)
+ TODO: check
+CVE-2023-31473 (An issue was discovered on GL.iNet devices before 3.216. There is an a ...)
+ TODO: check
+CVE-2023-31445 (Cassia Access controller before 2.1.1.2203171453, was discovered to ha ...)
+ TODO: check
+CVE-2023-2661 (A vulnerability was found in SourceCodester Online Computer and Laptop ...)
+ TODO: check
+CVE-2023-2660 (A vulnerability has been found in SourceCodester Online Computer and L ...)
+ TODO: check
+CVE-2023-2659 (A vulnerability, which was classified as critical, was found in Source ...)
+ TODO: check
+CVE-2023-2658 (A vulnerability, which was classified as critical, has been found in S ...)
+ TODO: check
+CVE-2023-2657 (A vulnerability classified as problematic was found in SourceCodester ...)
+ TODO: check
+CVE-2023-2656 (A vulnerability classified as critical has been found in SourceCodeste ...)
+ TODO: check
+CVE-2023-2653 (A vulnerability classified as critical was found in SourceCodester Los ...)
+ TODO: check
+CVE-2023-2652 (A vulnerability classified as critical has been found in SourceCodeste ...)
+ TODO: check
+CVE-2023-2490 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fern ...)
+ TODO: check
+CVE-2023-2444 (A cross site request forgery vulnerability exists in Rockwell Automati ...)
+ TODO: check
+CVE-2023-2443 (Rockwell Automation ThinManager product allows the use of medium stren ...)
+ TODO: check
CVE-2023-2455 [Row security policies disregard user ID changes after inlining]
+ {DSA-5401-1}
- postgresql-15 <unfixed>
- postgresql-13 <removed>
- postgresql-11 <removed>
NOTE: https://www.postgresql.org/about/news/postgresql-153-148-1311-1215-and-1120-released-2637/
CVE-2023-2454 [CREATE SCHEMA ... schema_element defeats protective search_path changes]
+ {DSA-5401-1}
- postgresql-15 <unfixed>
- postgresql-13 <removed>
- postgresql-11 <removed>
@@ -136,7 +172,7 @@ CVE-2023-32216
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32216
CVE-2023-32215
- {DSA-5400-1}
+ {DSA-5400-1 DLA-3417-1}
- firefox <unfixed>
- firefox-esr 102.11.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32215
@@ -147,19 +183,19 @@ CVE-2023-32214
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32214
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32214
CVE-2023-32213
- {DSA-5400-1}
+ {DSA-5400-1 DLA-3417-1}
- firefox <unfixed>
- firefox-esr 102.11.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32213
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32213
CVE-2023-32212
- {DSA-5400-1}
+ {DSA-5400-1 DLA-3417-1}
- firefox <unfixed>
- firefox-esr 102.11.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32212
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32212
CVE-2023-32211
- {DSA-5400-1}
+ {DSA-5400-1 DLA-3417-1}
- firefox <unfixed>
- firefox-esr 102.11.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32211
@@ -174,19 +210,19 @@ CVE-2023-32208
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32208
CVE-2023-32207
- {DSA-5400-1}
+ {DSA-5400-1 DLA-3417-1}
- firefox <unfixed>
- firefox-esr 102.11.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32207
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32207
CVE-2023-32206
- {DSA-5400-1}
+ {DSA-5400-1 DLA-3417-1}
- firefox <unfixed>
- firefox-esr 102.11.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32206
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32206
CVE-2023-32205
- {DSA-5400-1}
+ {DSA-5400-1 DLA-3417-1}
- firefox <unfixed>
- firefox-esr 102.11.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32205
@@ -3522,8 +3558,8 @@ CVE-2023-30396
RESERVED
CVE-2023-30395
RESERVED
-CVE-2023-30394
- RESERVED
+CVE-2023-30394 (MoveIT v1.1.11 was discovered to contain a cross-site scripting (XSS) ...)
+ TODO: check
CVE-2023-30393
RESERVED
CVE-2023-30392
@@ -3802,8 +3838,8 @@ CVE-2023-30258
RESERVED
CVE-2023-30257 (A buffer overflow in the component /proc/ftxxxx-debug of FiiO M6 Build ...)
NOT-FOR-US: FiiO M6
-CVE-2023-30256
- RESERVED
+CVE-2023-30256 (Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 all ...)
+ TODO: check
CVE-2023-30255
RESERVED
CVE-2023-30254
@@ -4129,7 +4165,7 @@ CVE-2023-30095 (A stored cross-site scripting (XSS) vulnerability in TotalJS mes
NOT-FOR-US: TotalJS
CVE-2023-30094 (A stored cross-site scripting (XSS) vulnerability in TotalJS Flow v10 ...)
NOT-FOR-US: TotalJS
-CVE-2023-30093 (An arbitrary file upload vulnerability in Open Networking Foundation O ...)
+CVE-2023-30093 (A cross-site scripting (XSS) vulnerability in Open Networking Foundati ...)
NOT-FOR-US: Open Network Operating System (ONOS)
CVE-2023-30092 (SourceCodester Online Pizza Ordering System v1.0 is vulnerable to SQL ...)
NOT-FOR-US: SourceCodester Online Pizza Ordering System
@@ -4629,8 +4665,8 @@ CVE-2023-29865
RESERVED
CVE-2023-29864
RESERVED
-CVE-2023-29863
- RESERVED
+CVE-2023-29863 (Medical Systems Co. Medisys Weblab Products v19.4.03 was discovered to ...)
+ TODO: check
CVE-2023-29862
RESERVED
CVE-2023-29861
@@ -4778,8 +4814,8 @@ CVE-2023-29793
RESERVED
CVE-2023-29792
RESERVED
-CVE-2023-29791
- RESERVED
+CVE-2023-29791 (kodbox <= 1.37 is vulnerable to Cross Site Scripting (XSS) via the deb ...)
+ TODO: check
CVE-2023-29790
RESERVED
CVE-2023-29789
@@ -5858,8 +5894,7 @@ CVE-2023-29402
RESERVED
CVE-2023-29401
RESERVED
-CVE-2023-29400 [html/template: improper handling of empty HTML attributes]
- RESERVED
+CVE-2023-29400 (Templates containing actions in unquoted HTML attributes (e.g. "attr={ ...)
- golang-1.20 1.20.4-1
[experimental] - golang-1.19 1.19.9-1
- golang-1.19 <unfixed>
@@ -6385,8 +6420,8 @@ CVE-2023-1836 (A cross-site scripting issue has been discovered in GitLab affect
- gitlab <unfixed>
CVE-2023-1835
RESERVED
-CVE-2023-1834
- RESERVED
+CVE-2023-1834 (Rockwell Automation was made aware that Kinetix 5500 drives, manufactu ...)
+ TODO: check
CVE-2023-1833 (Authentication Bypass by Primary Weakness vulnerability in DTS Electro ...)
NOT-FOR-US: DTS Electronics Redline Router firmware
CVE-2023-1832
@@ -6567,8 +6602,8 @@ CVE-2023-29197 (guzzlehttp/psr7 is a PSR-7 HTTP message library implementation i
NOTE: https://github.com/Nyholm/psr7/commit/1029a2671cbdd3e075a21952082c2be7c8018426 (1.6.1)
CVE-2023-29196 (Discourse is an open source platform for community discussion. This vu ...)
NOT-FOR-US: Discourse
-CVE-2023-29195
- RESERVED
+CVE-2023-29195 (Vitess is a database clustering system for horizontal scaling of MySQL ...)
+ TODO: check
CVE-2023-29194 (Vitess is a database clustering system for horizontal scaling of MySQL ...)
NOT-FOR-US: Vitess
CVE-2023-29193 (SpiceDB is an open source, Google Zanzibar-inspired, database system f ...)
@@ -7097,26 +7132,26 @@ CVE-2023-1711
RESERVED
CVE-2023-29032
RESERVED
-CVE-2023-29031
- RESERVED
-CVE-2023-29030
- RESERVED
-CVE-2023-29029
- RESERVED
-CVE-2023-29028
- RESERVED
-CVE-2023-29027
- RESERVED
-CVE-2023-29026
- RESERVED
-CVE-2023-29025
- RESERVED
-CVE-2023-29024
- RESERVED
-CVE-2023-29023
- RESERVED
-CVE-2023-29022
- RESERVED
+CVE-2023-29031 (A cross site scripting vulnerability was discovered in Rockwell Automa ...)
+ TODO: check
+CVE-2023-29030 (A cross site scripting vulnerability was discovered in Rockwell Automa ...)
+ TODO: check
+CVE-2023-29029 (A cross site scripting vulnerability was discovered in Rockwell Automa ...)
+ TODO: check
+CVE-2023-29028 (A cross site scripting vulnerability was discovered in Rockwell Automa ...)
+ TODO: check
+CVE-2023-29027 (A cross site scripting vulnerability was discovered in Rockwell Automa ...)
+ TODO: check
+CVE-2023-29026 (A cross site scripting vulnerability was discovered in Rockwell Automa ...)
+ TODO: check
+CVE-2023-29025 (A cross site scripting vulnerability was discovered in Rockwell Automa ...)
+ TODO: check
+CVE-2023-29024 (A cross site scripting vulnerability was discovered in Rockwell Automa ...)
+ TODO: check
+CVE-2023-29023 (A cross site scripting vulnerability was discovered in Rockwell Automa ...)
+ TODO: check
+CVE-2023-29022 (A cross site scripting vulnerability was discovered in Rockwell Automa ...)
+ TODO: check
CVE-2023-1710 (A sensitive information disclosure vulnerability in GitLab affecting a ...)
- gitlab <unfixed>
CVE-2023-1709
@@ -11107,8 +11142,8 @@ CVE-2023-27872
RESERVED
CVE-2023-27871 (IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensit ...)
NOT-FOR-US: IBM
-CVE-2023-27870
- RESERVED
+CVE-2023-27870 (IBM Spectrum Virtualize 8.5, under certain circumstances, could disclo ...)
+ TODO: check
CVE-2023-27869
RESERVED
CVE-2023-27868
@@ -12091,8 +12126,8 @@ CVE-2023-27556 (IBM Counter Fraud Management for Safer Payments 6.1.0.00, 6.2.0.
NOT-FOR-US: IBM
CVE-2023-27555 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 ...)
NOT-FOR-US: IBM
-CVE-2023-27554
- RESERVED
+CVE-2023-27554 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML E ...)
+ TODO: check
CVE-2023-27553
RESERVED
CVE-2023-27552
@@ -16495,24 +16530,24 @@ CVE-2023-0861 (NetModule NSRW web administration interface executes an OS comman
NOT-FOR-US: NetModule NSRW web administration interface
CVE-2023-0860 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...)
NOT-FOR-US: Modoboa
-CVE-2023-0859
- RESERVED
-CVE-2023-0858
- RESERVED
-CVE-2023-0857
- RESERVED
-CVE-2023-0856
- RESERVED
-CVE-2023-0855
- RESERVED
-CVE-2023-0854
- RESERVED
-CVE-2023-0853
- RESERVED
-CVE-2023-0852
- RESERVED
-CVE-2023-0851
- RESERVED
+CVE-2023-0859 (Arbitrary Files can be installed in the Setting Data Import function o ...)
+ TODO: check
+CVE-2023-0858 (Improper Authentication of RemoteUI of Office / Small Office Multifunc ...)
+ TODO: check
+CVE-2023-0857 (Unintentional change of settings during initial registration of system ...)
+ TODO: check
+CVE-2023-0856 (Buffer overflow in IPP sides attribute process of Office / Small Offic ...)
+ TODO: check
+CVE-2023-0855 (Buffer overflow in IPP number-up attribute process of Office / Small O ...)
+ TODO: check
+CVE-2023-0854 (Buffer overflow in NetBIOS QNAME registering and communication process ...)
+ TODO: check
+CVE-2023-0853 (Buffer overflow in mDNS NSEC record registering process of Office / Sm ...)
+ TODO: check
+CVE-2023-0852 (Buffer overflow in the Address Book of Mobile Device function of Offic ...)
+ TODO: check
+CVE-2023-0851 (Buffer overflow in CPCA Resource Download process of Office / Small Of ...)
+ TODO: check
CVE-2022-48327 (Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 al ...)
NOT-FOR-US: Mapos
CVE-2022-48326 (Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 al ...)
@@ -18445,8 +18480,8 @@ CVE-2023-25311
RESERVED
CVE-2023-25310
RESERVED
-CVE-2023-25309
- RESERVED
+CVE-2023-25309 (Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui version ...)
+ TODO: check
CVE-2023-25308
RESERVED
CVE-2023-25307
@@ -19877,7 +19912,7 @@ CVE-2023-24790
RESERVED
CVE-2023-24789 (jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injec ...)
NOT-FOR-US: jeecg-boot
-CVE-2023-24788 (RESERVED NotrinosERP v0.7 was discovered to contain a SQL injection vu ...)
+CVE-2023-24788 (NotrinosERP v0.7 was discovered to contain a SQL injection vulnerabili ...)
NOT-FOR-US: NotrinosERP
CVE-2023-24787
REJECTED
@@ -20616,8 +20651,7 @@ CVE-2023-0511 (Relative Path Traversal vulnerability in ForgeRock Access Managem
NOT-FOR-US: ForgeRock
CVE-2023-0510
RESERVED
-CVE-2023-24540 [html/template: improper handling of JavaScript whitespace]
- RESERVED
+CVE-2023-24540 (Not all valid JavaScript whitespace characters are considered to be wh ...)
- golang-1.20 1.20.4-1
[experimental] - golang-1.19 1.19.9-1
- golang-1.19 <unfixed>
@@ -20627,8 +20661,7 @@ CVE-2023-24540 [html/template: improper handling of JavaScript whitespace]
NOTE: https://github.com/golang/go/issues/59721
NOTE: https://github.com/golang/go/commit/ce7bd33345416e6d8cac901792060591cafc2797 (go1.19.9)
NOTE: https://github.com/golang/go/commit/4a28cad66655ee01c6e944271e23c33cab021765 (go1.20.4)
-CVE-2023-24539 [html/template: improper sanitization of CSS values]
- RESERVED
+CVE-2023-24539 (Angle brackets (<>) are not considered dangerous characters when inser ...)
- golang-1.20 1.20.4-1
[experimental] - golang-1.19 1.19.9-1
- golang-1.19 <unfixed>
@@ -26396,8 +26429,8 @@ CVE-2023-22722 (GLPI is a Free Asset and IT Management Software package. Version
NOTE: Only supported behind an authenticated HTTP zone
CVE-2023-22721 (Auth. Stored Cross-Site Scripting (XSS) inOi Yandex.Maps for WordPress ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-22720
- RESERVED
+CVE-2023-22720 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2023-22719
RESERVED
CVE-2023-22718 (Reflected Cross-Site Scripting (XSS) vulnerability in Jason Lau User M ...)
@@ -32383,8 +32416,8 @@ CVE-2022-47131 (A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10
NOT-FOR-US: Academy LMS
CVE-2022-47130 (A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows ...)
NOT-FOR-US: Academy LMS
-CVE-2022-47129
- RESERVED
+CVE-2022-47129 (PHPOK v6.3 was discovered to contain a remote code execution (RCE) vul ...)
+ TODO: check
CVE-2022-47128 (Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via ...)
NOT-FOR-US: Tenda
CVE-2022-47127 (Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via ...)
@@ -49288,6 +49321,7 @@ CVE-2022-42260 (NVIDIA vGPU Display Driver for Linux guest contains a vulnerabil
[bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1
- nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286)
CVE-2022-42259 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...)
+ {DLA-3418-1}
- nvidia-graphics-drivers 510.108.03-1 (bug #1025279)
[bullseye] - nvidia-graphics-drivers 470.161.03-1
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1025280)
@@ -49307,6 +49341,7 @@ CVE-2022-42259 (NVIDIA GPU Display Driver for Linux contains a vulnerability in
- nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286)
- nvidia-open-gpu-kernel-modules 515.86.01-1
CVE-2022-42258 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...)
+ {DLA-3418-1}
- nvidia-graphics-drivers 510.108.03-1 (bug #1025279)
[bullseye] - nvidia-graphics-drivers 470.161.03-1
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1025280)
@@ -49326,6 +49361,7 @@ CVE-2022-42258 (NVIDIA GPU Display Driver for Linux contains a vulnerability in
- nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286)
- nvidia-open-gpu-kernel-modules 515.86.01-1
CVE-2022-42257 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...)
+ {DLA-3418-1}
- nvidia-graphics-drivers 510.108.03-1 (bug #1025279)
[bullseye] - nvidia-graphics-drivers 470.161.03-1
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1025280)
@@ -69816,6 +69852,7 @@ CVE-2022-34682 (NVIDIA GPU Display Driver for Linux contains a vulnerability in
CVE-2022-34681 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...)
NOT-FOR-US: NVIDIA GPU Display Driver for Windows
CVE-2022-34680 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...)
+ {DLA-3418-1}
- nvidia-graphics-drivers 510.108.03-1 (bug #1025279)
[bullseye] - nvidia-graphics-drivers 470.161.03-1
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1025280)
@@ -69852,6 +69889,7 @@ CVE-2022-34679 (NVIDIA GPU Display Driver for Linux contains a vulnerability in
CVE-2022-34678 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
NOT-FOR-US: NVIDIA vGPU driver
CVE-2022-34677 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...)
+ {DLA-3418-1}
- nvidia-graphics-drivers 510.108.03-1 (bug #1025279)
[bullseye] - nvidia-graphics-drivers 470.161.03-1
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1025280)
@@ -69873,6 +69911,7 @@ CVE-2022-34677 (NVIDIA GPU Display Driver for Linux contains a vulnerability in
CVE-2022-34676 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...)
NOT-FOR-US: NVIDIA vGPU driver
CVE-2022-34675 (NVIDIA Display Driver for Linux contains a vulnerability in the Virtua ...)
+ {DLA-3418-1}
- nvidia-graphics-drivers 510.108.03-1 (bug #1025279)
[bullseye] - nvidia-graphics-drivers 470.161.03-1
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1025280)
@@ -69892,6 +69931,7 @@ CVE-2022-34675 (NVIDIA Display Driver for Linux contains a vulnerability in the
- nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286)
- nvidia-open-gpu-kernel-modules 515.86.01-1
CVE-2022-34674 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...)
+ {DLA-3418-1}
- nvidia-graphics-drivers 510.108.03-1 (bug #1025279)
[bullseye] - nvidia-graphics-drivers 470.161.03-1
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1025280)
@@ -69920,6 +69960,7 @@ CVE-2022-34672 (NVIDIA Control Panel for Windows contains a vulnerability where
CVE-2022-34671 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...)
NOT-FOR-US: NVIDIA GPU Display Driver for Windows
CVE-2022-34670 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...)
+ {DLA-3418-1}
- nvidia-graphics-drivers 510.108.03-1 (bug #1025279)
[bullseye] - nvidia-graphics-drivers 470.161.03-1
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1025280)
@@ -93198,7 +93239,7 @@ CVE-2022-26564 (HotelDruid Hotel Management Software v3.0.3 contains a cross-sit
[stretch] - hoteldruid <no-dsa> (Minor issue)
CVE-2022-26563
RESERVED
-CVE-2022-26562 (An issue in provider/libserver/ECKrbAuth.cpp of Kopano-Core v11.0.2.51 ...)
+CVE-2022-26562 (An issue in provider/libserver/ECKrbAuth.cpp of Kopano Core <= v11.0.2 ...)
{DLA-3354-1}
- kopanocore <removed> (bug #1016973)
NOTE: https://jira.kopano.io/browse/KC-2021
@@ -143843,8 +143884,8 @@ CVE-2021-34078 (lifion-verify-dependencies through 1.1.0 is vulnerable to OS com
NOT-FOR-US: Node lifion-verify-deps
CVE-2021-34077
RESERVED
-CVE-2021-34076
- RESERVED
+CVE-2021-34076 (File Upload vulnerability in PHPOK 5.7.140 allows remote attackers to ...)
+ TODO: check
CVE-2021-34075 (In Artica Pandora FMS <=754 in the File Manager component, there is se ...)
NOT-FOR-US: Artica Pandora FMS
CVE-2021-34074 (PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote c ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a744f93630394b289771a52de0706ec20e0a3ab6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a744f93630394b289771a52de0706ec20e0a3ab6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230511/b99624bc/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list