[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 12 09:12:26 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a372ec80 by security tracker role at 2023-05-12T08:12:08+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2023-32243 (Improper Authentication vulnerability in WPDeveloper Essential Addons ...)
+ TODO: check
+CVE-2023-32059 (Vyper is a Pythonic smart contract language for the Ethereum virtual m ...)
+ TODO: check
+CVE-2023-32058 (Vyper is a Pythonic smart contract language for the Ethereum virtual m ...)
+ TODO: check
+CVE-2023-31531 (Motorola CX2L Router 1.0.1 was discovered to contain a command injecti ...)
+ TODO: check
+CVE-2023-31530 (Motorola CX2L Router 1.0.1 was discovered to contain a command injecti ...)
+ TODO: check
+CVE-2023-31529 (Motorola CX2L Router 1.0.1 was discovered to contain a command injecti ...)
+ TODO: check
+CVE-2023-31528 (Motorola CX2L Router 1.0.1 was discovered to contain a command injecti ...)
+ TODO: check
+CVE-2023-31508 (A cross-site scripting (XSS) vulnerability in PrestaShop v1.7.7.4 allo ...)
+ TODO: check
+CVE-2023-31502 (Altenergy Power Control Software C1.2.5 was discovered to contain a re ...)
+ TODO: check
+CVE-2023-31497 (Incorrect access control in Quick Heal Technologies Limited Seqrite En ...)
+ TODO: check
+CVE-2023-2674 (Improper Access Control in GitHub repository openemr/openemr prior to ...)
+ TODO: check
+CVE-2023-2670 (A vulnerability was found in SourceCodester Lost and Found Information ...)
+ TODO: check
+CVE-2023-2669 (A vulnerability was found in SourceCodester Lost and Found Information ...)
+ TODO: check
+CVE-2023-2668 (A vulnerability was found in SourceCodester Lost and Found Information ...)
+ TODO: check
+CVE-2023-2667 (A vulnerability has been found in SourceCodester Lost and Found Inform ...)
+ TODO: check
+CVE-2023-2666 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...)
+ TODO: check
+CVE-2023-2665 (Storage of Sensitive Data in a Mechanism without Access Control in Git ...)
+ TODO: check
+CVE-2023-2664 (In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tre ...)
+ TODO: check
+CVE-2023-2663 (In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree l ...)
+ TODO: check
+CVE-2023-2662 (In Xpdf 4.04 (and earlier), a bad color space object in the input PDF ...)
+ TODO: check
+CVE-2023-2511
+ REJECTED
+CVE-2023-2510
+ REJECTED
+CVE-2023-2502
+ REJECTED
+CVE-2023-2501
+ REJECTED
CVE-2023-32082 (etcd is a distributed key-value store for the data of a distributed sy ...)
TODO: check
CVE-2023-32075 (The Customer Management Framework (CMF) for Pimcore adds functionality ...)
@@ -1065,8 +1113,8 @@ CVE-2023-31148 (An Improper Input Validation vulnerability in the Schweitzer E
NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31147
RESERVED
-CVE-2023-31146
- RESERVED
+CVE-2023-31146 (Vyper is a Pythonic smart contract language for the Ethereum virtual m ...)
+ TODO: check
CVE-2023-31145
RESERVED
CVE-2023-31144 (Craft CMS is a content management system. Starting in version 3.0.0 an ...)
@@ -1881,7 +1929,7 @@ CVE-2023-2187
CVE-2023-2186
RESERVED
CVE-2023-2185
- RESERVED
+ REJECTED
CVE-2023-2184
RESERVED
CVE-2023-2183
@@ -3686,8 +3734,8 @@ CVE-2023-30332
RESERVED
CVE-2023-30331 (An issue in the render function of beetl v3.15.0 allows attackers to e ...)
NOT-FOR-US: beetl
-CVE-2023-30330
- RESERVED
+CVE-2023-30330 (SoftExpert (SE) Excellence Suite 2.x versions before 2.1.3 is vulnerab ...)
+ TODO: check
CVE-2023-30329
RESERVED
CVE-2023-30328 (An issue in the helper tool of Mailbutler GmbH Shimo VPN Client for ma ...)
@@ -3966,8 +4014,8 @@ CVE-2023-30194 (Prestashop posstaticfooter <= 1.0.0 is vulnerable to SQL Injecti
NOT-FOR-US: Prestashop
CVE-2023-30193
RESERVED
-CVE-2023-30192
- RESERVED
+CVE-2023-30192 (Prestashop possearchproducts 1.7 is vulnerable to SQL Injection via Po ...)
+ TODO: check
CVE-2023-30191
RESERVED
CVE-2023-30190
@@ -4778,10 +4826,10 @@ CVE-2023-29811
RESERVED
CVE-2023-29810
RESERVED
-CVE-2023-29809
- RESERVED
-CVE-2023-29808
- RESERVED
+CVE-2023-29809 (SQL injection vulnerability found in Maximilian Vogt companymaps (cmap ...)
+ TODO: check
+CVE-2023-29808 (Cross Site Scripting (XSS) vulnerability in vogtmh cmaps (companymaps) ...)
+ TODO: check
CVE-2023-29807
RESERVED
CVE-2023-29806
@@ -4816,8 +4864,8 @@ CVE-2023-29792
RESERVED
CVE-2023-29791 (kodbox <= 1.37 is vulnerable to Cross Site Scripting (XSS) via the deb ...)
TODO: check
-CVE-2023-29790
- RESERVED
+CVE-2023-29790 (kodbox 1.2.x through 1.3.7 has a Sensitive Information Leakage issue.)
+ TODO: check
CVE-2023-29789
RESERVED
CVE-2023-29788
@@ -6262,34 +6310,34 @@ CVE-2023-29288
RESERVED
CVE-2023-29287
RESERVED
-CVE-2023-29286
- RESERVED
-CVE-2023-29285
- RESERVED
-CVE-2023-29284
- RESERVED
-CVE-2023-29283
- RESERVED
-CVE-2023-29282
- RESERVED
-CVE-2023-29281
- RESERVED
-CVE-2023-29280
- RESERVED
-CVE-2023-29279
- RESERVED
-CVE-2023-29278
- RESERVED
-CVE-2023-29277
- RESERVED
-CVE-2023-29276
- RESERVED
-CVE-2023-29275
- RESERVED
-CVE-2023-29274
- RESERVED
-CVE-2023-29273
- RESERVED
+CVE-2023-29286 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...)
+ TODO: check
+CVE-2023-29285 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...)
+ TODO: check
+CVE-2023-29284 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...)
+ TODO: check
+CVE-2023-29283 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...)
+ TODO: check
+CVE-2023-29282 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...)
+ TODO: check
+CVE-2023-29281 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...)
+ TODO: check
+CVE-2023-29280 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...)
+ TODO: check
+CVE-2023-29279 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...)
+ TODO: check
+CVE-2023-29278 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...)
+ TODO: check
+CVE-2023-29277 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...)
+ TODO: check
+CVE-2023-29276 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...)
+ TODO: check
+CVE-2023-29275 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...)
+ TODO: check
+CVE-2023-29274 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...)
+ TODO: check
+CVE-2023-29273 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...)
+ TODO: check
CVE-2023-1860 (A vulnerability was found in Keysight IXIA Hawkeye 3.3.16.28. It has b ...)
NOT-FOR-US: Keysight IXIA Hawkeye
CVE-2023-1859
@@ -6389,8 +6437,8 @@ CVE-2023-29248
RESERVED
CVE-2023-29247 (Task instance details page in the UI is vulnerable to a stored XSS.Thi ...)
- airflow <itp> (bug #819700)
-CVE-2023-29246
- RESERVED
+CVE-2023-29246 (An attacker who has gained access to an admin account can perform RCE ...)
+ TODO: check
CVE-2023-29239
RESERVED
CVE-2023-29238
@@ -7130,8 +7178,8 @@ CVE-2023-1712 (Use of Hard-coded, Security-relevant Constants in GitHub reposito
NOT-FOR-US: deepset-ai haystack
CVE-2023-1711
RESERVED
-CVE-2023-29032
- RESERVED
+CVE-2023-29032 (An attacker that has gained access to certain private information can ...)
+ TODO: check
CVE-2023-29031 (A cross site scripting vulnerability was discovered in Rockwell Automa ...)
NOT-FOR-US: Rockwell Automation
CVE-2023-29030 (A cross site scripting vulnerability was discovered in Rockwell Automa ...)
@@ -7453,8 +7501,8 @@ CVE-2023-1674 (A vulnerability was found in SourceCodester School Registration a
NOT-FOR-US: SourceCodester School Registration and Fee System
CVE-2023-1673
RESERVED
-CVE-2023-28936
- RESERVED
+CVE-2023-28936 (Attacker can access arbitrary recording/room Vendor: The Apache Softw ...)
+ TODO: check
CVE-2023-28935 (** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Ele ...)
NOT-FOR-US: Apache UIMA UICC
CVE-2023-28744
@@ -8889,12 +8937,12 @@ CVE-2023-28524
RESERVED
CVE-2023-28523
RESERVED
-CVE-2023-28522
- RESERVED
+CVE-2023-28522 (IBM API Connect V10 could allow an authenticated user to perform actio ...)
+ TODO: check
CVE-2023-28521
RESERVED
-CVE-2023-28520
- RESERVED
+CVE-2023-28520 (IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site sc ...)
+ TODO: check
CVE-2023-28519
RESERVED
CVE-2023-28518
@@ -9474,18 +9522,18 @@ CVE-2023-28363
RESERVED
CVE-2023-28362
RESERVED
-CVE-2023-28361
- RESERVED
-CVE-2023-28360
- RESERVED
-CVE-2023-28359
- RESERVED
-CVE-2023-28358
- RESERVED
-CVE-2023-28357
- RESERVED
-CVE-2023-28356
- RESERVED
+CVE-2023-28361 (A Cross-site WebSocket Hijacking (CSWSH) vulnerability found in UniFi ...)
+ TODO: check
+CVE-2023-28360 (An omission of security-relevant information vulnerability exists in B ...)
+ TODO: check
+CVE-2023-28359 (A NoSQL injection vulnerability has been identified in the listEmojiCu ...)
+ TODO: check
+CVE-2023-28358 (A vulnerability has been discovered in Rocket.Chat where a markdown pa ...)
+ TODO: check
+CVE-2023-28357 (A vulnerability has been identified in Rocket.Chat, where the ACL chec ...)
+ TODO: check
+CVE-2023-28356 (A vulnerability has been identified where a maliciously crafted messag ...)
+ TODO: check
CVE-2023-28355
RESERVED
CVE-2023-28354
@@ -9699,8 +9747,8 @@ CVE-2022-48404
RESERVED
CVE-2022-48403
RESERVED
-CVE-2023-28325
- RESERVED
+CVE-2023-28325 (An improper authorization vulnerability exists in Rocket.Chat <6.0 tha ...)
+ TODO: check
CVE-2023-28324
RESERVED
CVE-2023-28323
@@ -22798,7 +22846,7 @@ CVE-2023-0389
CVE-2023-0388 (The Random Text WordPress plugin through 0.3.0 does not properly sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0387
- RESERVED
+ REJECTED
CVE-2023-0386 (A flaw was found in the Linux kernel, where unauthorized access to the ...)
- linux 6.1.11-1
NOTE: https://git.kernel.org/linus/4f11ada10d0ad3fd53e2bd67806351de63a4f9c3 (6.2-rc6)
@@ -27494,9 +27542,9 @@ CVE-2023-0027 (Rockwell Automation Modbus TCP Server AOI prior to 2.04.00 is vul
CVE-2022-4854
RESERVED
CVE-2022-4853
- RESERVED
+ REJECTED
CVE-2022-4852
- RESERVED
+ REJECTED
CVE-2022-4851 (Improper Handling of Values in GitHub repository usememos/memos prior ...)
NOT-FOR-US: usememos
CVE-2022-4850 (Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos ...)
@@ -27566,7 +27614,7 @@ CVE-2022-48189
CVE-2022-48188
RESERVED
CVE-2022-48187
- RESERVED
+ REJECTED
CVE-2022-48186 (A certificate validation vulnerability exists in the Baiying Android a ...)
NOT-FOR-US: Baiying Android application
CVE-2022-48185
@@ -33420,15 +33468,15 @@ CVE-2020-36609 (A vulnerability was found in annyshow DuxCMS 2.1. It has been cl
CVE-2022-46792 (Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization ...)
NOT-FOR-US: Hasura GraphQL
CVE-2022-46791
- RESERVED
+ REJECTED
CVE-2022-46790
- RESERVED
+ REJECTED
CVE-2022-46789
- RESERVED
+ REJECTED
CVE-2022-46788
- RESERVED
+ REJECTED
CVE-2022-46787
- RESERVED
+ REJECTED
CVE-2022-46786 (SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (is ...)
NOT-FOR-US: SquaredUp Dashboard Server
CVE-2022-46785 (SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (is ...)
@@ -33508,7 +33556,7 @@ CVE-2022-46755 (Wyse Management Suite 3.8 and below contain an improper access c
CVE-2022-46754 (Wyse Management Suite 3.8 and below contain an improper access control ...)
NOT-FOR-US: Wyse Management Suite
CVE-2022-46753
- RESERVED
+ REJECTED
CVE-2022-46752 (Dell BIOS contains an Improper Authorization vulnerability. An unauthe ...)
NOT-FOR-US: Dell
CVE-2022-46751
@@ -33795,7 +33843,7 @@ CVE-2022-46683 (Jenkins Google Login Plugin 1.4 through 1.6 (both inclusive) imp
CVE-2022-46682 (Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML pars ...)
NOT-FOR-US: Jenkins plugin
CVE-2022-46681
- RESERVED
+ REJECTED
CVE-2022-46680
RESERVED
CVE-2022-46679 (Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficien ...)
@@ -48801,7 +48849,7 @@ CVE-2022-42444 (IBM App Connect Enterprise 11.0.0.8 through 11.0.0.19 and 12.0.1
NOT-FOR-US: IBM
CVE-2022-42443
RESERVED
-CVE-2022-42442 ("IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, ...)
+CVE-2022-42442 (IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 2 ...)
NOT-FOR-US: IBM
CVE-2022-42441
RESERVED
@@ -62772,9 +62820,9 @@ CVE-2022-2602 [io_uring/af_unix: defer registered files gc to io_uring release]
CVE-2021-46831
RESERVED
CVE-2022-37304
- RESERVED
+ REJECTED
CVE-2022-37303
- RESERVED
+ REJECTED
CVE-2022-37302 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...)
NOT-FOR-US: EcoStruxure Control Expert
CVE-2022-37301 (A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists ...)
@@ -68123,7 +68171,7 @@ CVE-2022-34866 (Passage Drive versions v1.4.0 to v1.5.1.0 and Passage Drive for
CVE-2022-32765 (An OS command injection vulnerability exists in the sysupgrade command ...)
NOT-FOR-US: Robustel R1510
CVE-2022-2331
- RESERVED
+ REJECTED
CVE-2022-2330 (Improper Restriction of XML External Entity Reference vulnerability in ...)
NOT-FOR-US: DLP Endpoint for Windows
CVE-2022-2329 (A CWE-190: Integer Overflow or Wraparound vulnerability exists that co ...)
@@ -70663,7 +70711,7 @@ CVE-2022-34463
CVE-2022-34462 (Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a ...)
NOT-FOR-US: EMC
CVE-2022-34461
- RESERVED
+ REJECTED
CVE-2022-34460 (Prior Dell BIOS versions contain an improper input validation vulnerab ...)
NOT-FOR-US: Dell
CVE-2022-34459 (Dell Command | Update, Dell Update, and Alienware Update versions prio ...)
@@ -70795,7 +70843,7 @@ CVE-2022-34397 (Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Soluti
CVE-2022-34396 (Dell OpenManage Server Administrator (OMSA) version 10.3.0.0 and earli ...)
NOT-FOR-US: Dell
CVE-2022-34395
- RESERVED
+ REJECTED
CVE-2022-34394 (Dell OS10, version 10.5.3.4, contains an Improper Certificate Validati ...)
NOT-FOR-US: Dell
CVE-2022-34393 (Dell BIOS contains an improper input validation vulnerability. A local ...)
@@ -72185,7 +72233,7 @@ CVE-2022-33935 (Dell EMC Data Protection Advisor versions 19.6 and earlier, cont
CVE-2022-33934 (Dell PowerScale OneFS, versions 8.2.x through 9.4.x contain multiple s ...)
NOT-FOR-US: Dell
CVE-2022-33933
- RESERVED
+ REJECTED
CVE-2022-33932 (Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9. ...)
NOT-FOR-US: Dell
CVE-2022-33931 (Dell Wyse Management Suite 3.6.1 and below contains an Improper Access ...)
@@ -75587,13 +75635,13 @@ CVE-2022-2001 (The DX Share Selection plugin for WordPress is vulnerable to Cros
CVE-2022-32498 (Dell EMC PowerStore, Versions prior to v3.0.0.0 contain a DLL Hijackin ...)
NOT-FOR-US: Dell
CVE-2022-32497
- RESERVED
+ REJECTED
CVE-2022-32496
- RESERVED
+ REJECTED
CVE-2022-32495
- RESERVED
+ REJECTED
CVE-2022-32494
- RESERVED
+ REJECTED
CVE-2022-32493 (Dell BIOS contains an Stack-Based Buffer Overflow vulnerability. A loc ...)
NOT-FOR-US: Dell
CVE-2022-32492 (Dell BIOS contains an improper input validation vulnerability. A local ...)
@@ -75623,7 +75671,7 @@ CVE-2022-32481 (Dell PowerProtect Cyber Recovery, versions prior to 19.11, conta
CVE-2022-32480 (Dell PowerScale OneFS, versions 9.0.0, up to and including 9.1.0.19, 9 ...)
NOT-FOR-US: Dell
CVE-2022-32479
- RESERVED
+ REJECTED
CVE-2022-32478 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
NOT-FOR-US: Insyde
CVE-2022-32477 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
@@ -79344,7 +79392,7 @@ CVE-2022-31244 (Nokia OneNDS 17r2 has Insecure Permissions vulnerability that al
CVE-2022-31243 (Update description and links DMA transactions which are targeted at in ...)
NOT-FOR-US: Insyde
CVE-2022-31242
- RESERVED
+ REJECTED
CVE-2022-31241
RESERVED
CVE-2022-31240
@@ -79389,7 +79437,7 @@ CVE-2022-31229 (Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error m
CVE-2022-31228 (Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vu ...)
NOT-FOR-US: Dell
CVE-2022-31227
- RESERVED
+ REJECTED
CVE-2022-31226 (Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability ...)
NOT-FOR-US: Dell
CVE-2022-31225 (Dell BIOS versions contain an Unchecked Return Value vulnerability. A ...)
@@ -85815,11 +85863,11 @@ CVE-2022-29103 (Windows Remote Access Connection Manager Elevation of Privilege
CVE-2022-29102 (Windows Failover Cluster Information Disclosure Vulnerability.)
NOT-FOR-US: Microsoft
CVE-2022-29101
- RESERVED
+ REJECTED
CVE-2022-29100
- RESERVED
+ REJECTED
CVE-2022-29099
- RESERVED
+ REJECTED
CVE-2022-29098 (Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak ...)
NOT-FOR-US: Dell
CVE-2022-29097 (Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in De ...)
@@ -85841,11 +85889,11 @@ CVE-2022-29090 (Dell Wyse Management Suite 3.6.1 and below contains a Sensitive
CVE-2022-29089 (Dell Networking OS10, versions prior to October 2021 with Smart Fabric ...)
NOT-FOR-US: Dell
CVE-2022-29088
- RESERVED
+ REJECTED
CVE-2022-29087
- RESERVED
+ REJECTED
CVE-2022-29086
- RESERVED
+ REJECTED
CVE-2022-29085 (Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0 ...)
NOT-FOR-US: Dell
CVE-2022-29084 (Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5 ...)
@@ -92459,7 +92507,7 @@ CVE-2022-26855 (Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incor
CVE-2022-26854 (Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptograph ...)
NOT-FOR-US: Dell
CVE-2022-26853
- RESERVED
+ REJECTED
CVE-2022-26852 (Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable see ...)
NOT-FOR-US: Dell
CVE-2022-26851 (Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name f ...)
@@ -97985,15 +98033,15 @@ CVE-2022-24946 (Improper Resource Locking vulnerability in Mitsubishi Electric M
CVE-2022-24945
REJECTED
CVE-2022-24944
- RESERVED
+ REJECTED
CVE-2022-24943
- RESERVED
+ REJECTED
CVE-2022-24942 (Heap based buffer overflow in HTTP Server functionality in Micrium uC- ...)
NOT-FOR-US: Micrium uC-HTTP
CVE-2022-24941
- RESERVED
+ REJECTED
CVE-2022-24940
- RESERVED
+ REJECTED
CVE-2022-24939 (A malformed packet containing an invalid destination address, causes a ...)
NOT-FOR-US: Ember ZNet
CVE-2022-24938 (A malformed packet causes a stack overflow in the Ember ZNet stack. Th ...)
@@ -99582,11 +99630,11 @@ CVE-2022-24442 (JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (S
CVE-2022-24428 (Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2. ...)
NOT-FOR-US: Dell
CVE-2022-24427
- RESERVED
+ REJECTED
CVE-2022-24426 (Dell Command | Update, Dell Update, and Alienware Update version 4.4.0 ...)
NOT-FOR-US: Dell
CVE-2022-24425
- RESERVED
+ REJECTED
CVE-2022-24424 (Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vul ...)
NOT-FOR-US: EMC
CVE-2022-24423 (Dell iDRAC8 versions prior to 2.83.83.83 contain a denial of service v ...)
@@ -104620,11 +104668,11 @@ CVE-2022-23166 (Sysaid \u2013 Sysaid Local File Inclusion (LFI) \u2013 An unauth
CVE-2022-23165 (Sysaid \u2013 Sysaid 14.2.0 Reflected Cross-Site Scripting (XSS) - The ...)
NOT-FOR-US: SysAid
CVE-2022-23164
- RESERVED
+ REJECTED
CVE-2022-23163 (Dell PowerScale OneFS, 8.2,x, 9.1.0.x, 9.2.1.x, and 9.3.0.x contain a ...)
NOT-FOR-US: Dell PowerScale OneFS
CVE-2022-23162
- RESERVED
+ REJECTED
CVE-2022-23161 (Dell PowerScale OneFS versions 8.2.x - 9.3.0.x contain a denial-of-ser ...)
NOT-FOR-US: Dell PowerScale OneFS
CVE-2022-23160 (Dell PowerScale OneFS, versions 8.2.0-9.3.0, contains an Improper Hand ...)
@@ -107001,9 +107049,9 @@ CVE-2022-0096 (Use after free in Storage in Google Chrome prior to 97.0.4692.71
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0095
- RESERVED
+ REJECTED
CVE-2022-0094
- RESERVED
+ REJECTED
CVE-2022-0093 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...)
- gitlab <unfixed>
CVE-2022-0092
@@ -131697,8 +131745,8 @@ CVE-2021-39038 (IBM WebSphere Application Server 9.0 and IBM WebSphere Applicati
NOT-FOR-US: IBM
CVE-2021-39037
RESERVED
-CVE-2021-39036
- RESERVED
+CVE-2021-39036 (IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripti ...)
+ TODO: check
CVE-2021-39035 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, ...)
NOT-FOR-US: IBM
CVE-2021-39034 (IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by a ...)
@@ -163220,9 +163268,9 @@ CVE-2021-26675 (A stack-based buffer overflow in dnsproxy in ConnMan before 1.39
- connman 1.36-2.1
NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e4079a20f617a4b076af503f6e4e8b0304c9f2cb
CVE-2021-26674
- RESERVED
+ REJECTED
CVE-2021-26673
- RESERVED
+ REJECTED
CVE-2021-26672
RESERVED
CVE-2021-26671
@@ -184923,33 +184971,33 @@ CVE-2020-29412
CVE-2020-29411
RESERVED
CVE-2020-29410
- RESERVED
+ REJECTED
CVE-2020-29409
RESERVED
CVE-2020-29408
- RESERVED
+ REJECTED
CVE-2020-29407
- RESERVED
+ REJECTED
CVE-2020-29406
- RESERVED
+ REJECTED
CVE-2020-29405
- RESERVED
+ REJECTED
CVE-2020-29404
- RESERVED
+ REJECTED
CVE-2020-29403
- RESERVED
+ REJECTED
CVE-2020-29402
- RESERVED
+ REJECTED
CVE-2020-29401
- RESERVED
+ REJECTED
CVE-2020-29400
- RESERVED
+ REJECTED
CVE-2020-29399
- RESERVED
+ REJECTED
CVE-2020-29398
- RESERVED
+ REJECTED
CVE-2020-29397
- RESERVED
+ REJECTED
CVE-2020-29396 (A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterp ...)
- odoo <not-affected> (Fixed before initial upload to Debian)
NOTE: https://github.com/odoo/odoo/issues/63712
@@ -226193,8 +226241,8 @@ CVE-2020-13379 (The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF In
- grafana <removed>
NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/4
NOTE: https://grafana.com/blog/2020/06/03/grafana-6.7.4-and-7.0.2-released-with-important-security-fix/
-CVE-2020-13378
- RESERVED
+CVE-2020-13378 (Loadbalancer.org Enterprise VA MAX through 8.3.8 has an OS Command Inj ...)
+ TODO: check
CVE-2020-13377
RESERVED
CVE-2020-13376 (SecurEnvoy SecurMail 9.3.503 allows attackers to upload executable fil ...)
@@ -245043,45 +245091,45 @@ CVE-2020-6610 (GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocat
CVE-2020-6609 (GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_page ...)
- libredwg <itp> (bug #595191)
CVE-2020-6608
- RESERVED
+ REJECTED
CVE-2020-6607
- RESERVED
+ REJECTED
CVE-2020-6606
- RESERVED
+ REJECTED
CVE-2020-6605
- RESERVED
+ REJECTED
CVE-2020-6604
- RESERVED
+ REJECTED
CVE-2020-6603
- RESERVED
+ REJECTED
CVE-2020-6602
- RESERVED
+ REJECTED
CVE-2020-6601
- RESERVED
+ REJECTED
CVE-2020-6600
- RESERVED
+ REJECTED
CVE-2020-6599
- RESERVED
+ REJECTED
CVE-2020-6598
- RESERVED
+ REJECTED
CVE-2020-6597
- RESERVED
+ REJECTED
CVE-2020-6596
- RESERVED
+ REJECTED
CVE-2020-6595
- RESERVED
+ REJECTED
CVE-2020-6594
- RESERVED
+ REJECTED
CVE-2020-6593
- RESERVED
+ REJECTED
CVE-2020-6592
- RESERVED
+ REJECTED
CVE-2020-6591
- RESERVED
+ REJECTED
CVE-2020-6590 (Forcepoint Web Security Content Gateway versions prior to 8.5.4 improp ...)
NOT-FOR-US: Forcepoint Web Security Content Gateway
CVE-2020-6589
- RESERVED
+ REJECTED
CVE-2020-6588
RESERVED
CVE-2020-6587
@@ -285567,41 +285615,41 @@ CVE-2019-11806 (OX App Suite 7.10.1 and earlier has Insecure Permissions.)
CVE-2019-11805
RESERVED
CVE-2019-11804
- RESERVED
+ REJECTED
CVE-2019-11803
- RESERVED
+ REJECTED
CVE-2019-11802
- RESERVED
+ REJECTED
CVE-2019-11801
- RESERVED
+ REJECTED
CVE-2019-11800
- RESERVED
+ REJECTED
CVE-2019-11799
- RESERVED
+ REJECTED
CVE-2019-11798
- RESERVED
+ REJECTED
CVE-2019-11797
- RESERVED
+ REJECTED
CVE-2019-11796
- RESERVED
+ REJECTED
CVE-2019-11795
- RESERVED
+ REJECTED
CVE-2019-11794
- RESERVED
+ REJECTED
CVE-2019-11793
- RESERVED
+ REJECTED
CVE-2019-11792
- RESERVED
+ REJECTED
CVE-2019-11791
- RESERVED
+ REJECTED
CVE-2019-11790
- RESERVED
+ REJECTED
CVE-2019-11789
- RESERVED
+ REJECTED
CVE-2019-11788
- RESERVED
+ REJECTED
CVE-2019-11787
- RESERVED
+ REJECTED
CVE-2019-11786 (Improper access control in Odoo Community 13.0 and earlier and Odoo En ...)
- odoo <not-affected> (Fixed before initial upload to Debian)
NOTE: https://github.com/odoo/odoo/issues/63711
@@ -302148,7 +302196,7 @@ CVE-2019-6150
CVE-2019-6149 (An unquoted search path vulnerability was identified in Lenovo Dynamic ...)
NOT-FOR-US: Lenovo
CVE-2019-6148
- RESERVED
+ REJECTED
CVE-2019-6147 (Forcepoint NGFW Security Management Center (SMC) versions lower than 6 ...)
NOT-FOR-US: Forcepoint NGFW Security Management Center
CVE-2019-6146 (It has been reported that cross-site scripting (XSS) is possible in Fo ...)
@@ -302162,7 +302210,7 @@ CVE-2019-6143 (Forcepoint Next Generation Firewall (Forcepoint NGFW) 6.4.x befor
CVE-2019-6142 (It has been reported that XSS is possible in Forcepoint Email Security ...)
NOT-FOR-US: Forcepoint
CVE-2019-6141
- RESERVED
+ REJECTED
CVE-2019-6140 (A configuration issue has been discovered in Forcepoint Email Security ...)
NOT-FOR-US: Forcepoint Email Security
CVE-2019-6139 (Forcepoint User ID (FUID) server versions up to 1.2 have a remote arbi ...)
@@ -329744,32 +329792,32 @@ CVE-2018-15656 (An issue was discovered in the registration API endpoint in 42Ge
CVE-2018-15655 (An issue was discovered in 42Gears SureMDM before 2018-11-27, related ...)
NOT-FOR-US: 42Gears
CVE-2018-15654
- RESERVED
+ REJECTED
CVE-2018-15653
- RESERVED
+ REJECTED
CVE-2018-15652
- RESERVED
+ REJECTED
CVE-2018-15651
- RESERVED
+ REJECTED
CVE-2018-15650
- RESERVED
+ REJECTED
CVE-2018-15649
- RESERVED
+ REJECTED
CVE-2018-15648
- RESERVED
+ REJECTED
CVE-2018-15647
- RESERVED
+ REJECTED
CVE-2018-15646
- RESERVED
+ REJECTED
CVE-2018-15645 (Improper access control in message routing in Odoo Community 12.0 and ...)
- odoo <not-affected> (Fixed before initial upload to Debian)
NOTE: https://github.com/odoo/odoo/issues/63705
CVE-2018-15644
- RESERVED
+ REJECTED
CVE-2018-15643
- RESERVED
+ REJECTED
CVE-2018-15642
- RESERVED
+ REJECTED
CVE-2018-15641 (Cross-site scripting (XSS) issue in web module in Odoo Community 11.0 ...)
- odoo 14.0.0+dfsg.2-1
NOTE: https://github.com/odoo/odoo/issues/63704
@@ -329777,14 +329825,14 @@ CVE-2018-15640 (Improper access control in the Helpdesk App of Odoo Enterprise 1
- odoo <not-affected> (Only in enterprise version)
NOTE: https://github.com/odoo/odoo/issues/32514
CVE-2018-15639
- RESERVED
+ REJECTED
CVE-2018-15638 (Cross-site scripting (XSS) issue in mail module in Odoo Community 13.0 ...)
- odoo <not-affected> (Fixed before initial upload to Debian)
NOTE: https://github.com/odoo/odoo/issues/63703
CVE-2018-15637
- RESERVED
+ REJECTED
CVE-2018-15636
- RESERVED
+ REJECTED
CVE-2018-15635 (Cross-site scripting vulnerability in the Discuss App of Odoo Communit ...)
- odoo <not-affected> (Fixed before initial upload to Debian)
NOTE: https://github.com/odoo/odoo/issues/32515
@@ -329801,7 +329849,7 @@ CVE-2018-15631 (Improper access control in the Discuss App of Odoo Community 12.
- odoo <not-affected> (Fixed before initial upload to Debian)
NOTE: https://github.com/odoo/odoo/issues/32514
CVE-2018-15630
- RESERVED
+ REJECTED
CVE-2018-15629
REJECTED
CVE-2018-15628
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a372ec8051928dc0356510e041064ec82f33407b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a372ec8051928dc0356510e041064ec82f33407b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230512/e15058b7/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list