[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 30 09:12:16 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
72677401 by security tracker role at 2023-05-30T08:12:06+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2023-34205 (In Moov signedxml through 1.0.0, parsing the raw XML (as received) can ...)
+ TODO: check
+CVE-2023-34204 (imapsync through 2.229 uses predictable paths under /tmp and /var/tmp ...)
+ TODO: check
+CVE-2023-33955 (Minio Console is the UI for MinIO Object Storage. Unicode RIGHT-TO-LEF ...)
+ TODO: check
+CVE-2023-33245 (Minecraft through 1.19 and 1.20 pre-releases before 7 (Java) allow arb ...)
+ TODO: check
+CVE-2023-33198 (tgstation-server is a production scale tool for BYOND server managemen ...)
+ TODO: check
+CVE-2023-33193 (Emby Server is a user-installable home media server which stores and o ...)
+ TODO: check
+CVE-2023-33191 (Kyverno is a policy engine designed for Kubernetes. Kyverno seccomp co ...)
+ TODO: check
+CVE-2023-33189 (Pomerium is an identity and context-aware access proxy. With specially ...)
+ TODO: check
+CVE-2023-33186 (Zulip is an open-source team collaboration tool with unique topic-base ...)
+ TODO: check
+CVE-2023-33183 (Calendar app for Nextcloud easily sync events from various devices wit ...)
+ TODO: check
+CVE-2023-33182 (Contacts app for Nextcloud easily syncs contacts from various devices ...)
+ TODO: check
+CVE-2023-33175 (ToUI is a Python package for creating user interfaces (websites and de ...)
+ TODO: check
+CVE-2023-32698 (nFPM is an alternative to fpm. The file permissions on the checked-in ...)
+ TODO: check
+CVE-2023-32692 (CodeIgniter is a PHP full-stack web framework. This vulnerability allo ...)
+ TODO: check
+CVE-2023-32691 (gost (GO Simple Tunnel) is a simple tunnel written in golang. Sensitiv ...)
+ TODO: check
+CVE-2023-32687 (tgstation-server is a toolset to manage production BYOND servers. Star ...)
+ TODO: check
+CVE-2023-32072 (Tuleap is an open source tool for end to end traceability of applicati ...)
+ TODO: check
+CVE-2023-2970 (A vulnerability classified as problematic was found in MindSpore 2.0.0 ...)
+ TODO: check
+CVE-2023-2962 (A vulnerability, which was classified as critical, has been found in S ...)
+ TODO: check
+CVE-2023-2808 (Mattermost fails to normalize UTF confusable characters when determini ...)
+ TODO: check
+CVE-2023-2518 (The Easy Forms for Mailchimp WordPress plugin through 6.8.8 does not s ...)
+ TODO: check
+CVE-2023-2470 (The Add to Feedly WordPress plugin through 1.2.11 does not sanitize an ...)
+ TODO: check
+CVE-2014-125102 (A vulnerability classified as problematic was found in Bestwebsoft Rel ...)
+ TODO: check
CVE-2023-2953 [potential null pointer dereference flaw]
[experimental] - openldap 2.6.4+dfsg-1~exp1
- openldap <unfixed>
@@ -412,7 +458,7 @@ CVE-2023-33246 (For RocketMQ versions 5.1.0 and below, under certain conditions,
CVE-2023-32697 (SQLite JDBC is a library for accessing and creating SQLite database fi ...)
- xerial-sqlite-jdbc <unfixed> (bug #1036706)
NOTE: https://github.com/xerial/sqlite-jdbc/security/advisories/GHSA-6phf-6h5g-97j2
-CVE-2023-32685 [Clipboard based cross-site scripting (blocked with default CSP)]
+CVE-2023-32685 (Kanboard is project management software that focuses on the Kanban met ...)
- kanboard <unfixed> (bug #1036874)
[bookworm] - kanboard <no-dsa> (Minor issue)
NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-hjmw-gm82-r4gv
@@ -2299,8 +2345,8 @@ CVE-2023-2298
RESERVED
CVE-2023-2297 (The Profile Builder \u2013 User Profile & User Registration Forms plug ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-2296
- RESERVED
+CVE-2023-2296 (The Loginizer WordPress plugin before 1.7.9 does not escape a paramete ...)
+ TODO: check
CVE-2022-4945 (The Dataprobe cloud usernames and passwords are stored in plain text i ...)
NOT-FOR-US: Dataprobe
CVE-2022-48480 (Integer overflow vulnerability in some phones. Successful exploitation ...)
@@ -2341,10 +2387,10 @@ CVE-2023-2290
RESERVED
CVE-2023-2289
RESERVED
-CVE-2023-2288
- RESERVED
-CVE-2023-2287
- RESERVED
+CVE-2023-2288 (The Otter WordPress plugin before 2.2.6 does not sanitize some user-co ...)
+ TODO: check
+CVE-2023-2287 (The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not li ...)
+ TODO: check
CVE-2023-2286
RESERVED
CVE-2023-2285
@@ -2663,8 +2709,8 @@ CVE-2023-31104
RESERVED
CVE-2023-2257 (Authentication Bypass in Hub Business integration in Devolutions Works ...)
NOT-FOR-US: Devolutions
-CVE-2023-2256
- RESERVED
+CVE-2023-2256 (The Product Addons & Fields for WooCommerce WordPress plugin before 32 ...)
+ TODO: check
CVE-2023-2255 (Improper access control in editor components of The Document Foundatio ...)
{DSA-5415-1}
- libreoffice 4:7.4.5-3
@@ -3156,8 +3202,8 @@ CVE-2023-2225
RESERVED
CVE-2023-2224
RESERVED
-CVE-2023-2223
- RESERVED
+CVE-2023-2223 (The Login rebuilder WordPress plugin before 2.8.1 does not sanitise an ...)
+ TODO: check
CVE-2023-2222
RESERVED
CVE-2023-2221
@@ -3717,20 +3763,20 @@ CVE-2023-2119 (The Responsive Filterable Portfolio plugin for WordPress is vulne
NOT-FOR-US: Responsive Filterable Portfolio plugin for WordPress
CVE-2023-2118 (Insufficient access controlin support ticket feature in Devolutions Se ...)
NOT-FOR-US: Devolutions
-CVE-2023-2117
- RESERVED
+CVE-2023-2117 (The Image Optimizer by 10web WordPress plugin before 1.0.27 does not s ...)
+ TODO: check
CVE-2023-2116
RESERVED
CVE-2023-2115
RESERVED
CVE-2023-2114 (The NEX-Forms WordPress plugin before 8.4 does not properly escape the ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-2113
- RESERVED
+CVE-2023-2113 (The Autoptimize WordPress plugin before 3.1.7 does not sanitise and es ...)
+ TODO: check
CVE-2023-2112 (Desktop component service allows lateral movement between sessions in ...)
NOT-FOR-US: M-Files
-CVE-2023-2111
- RESERVED
+CVE-2023-2111 (The Fast & Effective Popups & Lead-Generation for WordPress plugin bef ...)
+ TODO: check
CVE-2023-2110
RESERVED
CVE-2023-30775 (A vulnerability was found in the libtiff library. This security flaw c ...)
@@ -4181,8 +4227,8 @@ CVE-2023-30603
RESERVED
CVE-2023-30602
RESERVED
-CVE-2023-30601
- RESERVED
+CVE-2023-30601 (Privilege escalation when enabling FQL/Audit logs allows user with JMX ...)
+ TODO: check
CVE-2023-30600
RESERVED
CVE-2023-30599
@@ -4241,8 +4287,8 @@ CVE-2023-30573
RESERVED
CVE-2023-30572
RESERVED
-CVE-2023-30571
- RESERVED
+CVE-2023-30571 (Libarchive through 3.6.2 can cause directories to have world-writable ...)
+ TODO: check
CVE-2023-29504
RESERVED
CVE-2023-29500
@@ -4375,8 +4421,8 @@ CVE-2023-2025 (OpenBlue Enterprise Manager Data Collector versions prior to 3.2.
NOT-FOR-US: OpenBlue Enterprise Manager Data Collector
CVE-2023-2024 (Improper authentication in OpenBlue Enterprise Manager Data Collector ...)
NOT-FOR-US: OpenBlue Enterprise Manager Data Collector
-CVE-2023-2023
- RESERVED
+CVE-2023-2023 (The Custom 404 Pro WordPress plugin before 3.7.3 does not escape some ...)
+ TODO: check
CVE-2023-2022
RESERVED
CVE-2023-2021 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...)
@@ -5317,8 +5363,8 @@ CVE-2023-30255
RESERVED
CVE-2023-30254
RESERVED
-CVE-2023-30253
- RESERVED
+CVE-2023-30253 (Dolibarr before 17.0.1 allows remote code execution by an authenticate ...)
+ TODO: check
CVE-2023-30252
RESERVED
CVE-2023-30251
@@ -7035,8 +7081,8 @@ CVE-2023-1940 (A vulnerability classified as critical was found in SourceCodeste
NOT-FOR-US: SourceCodester Simple and Beautiful Shopping Cart System
CVE-2023-1939 (No access control for the OTP key on OTP entries in Devolutions Rem ...)
NOT-FOR-US: Devolutions
-CVE-2023-1938
- RESERVED
+CVE-2023-1938 (The WP Fastest Cache WordPress plugin before 1.1.5 does not have CSRF ...)
+ TODO: check
CVE-2023-1937 (A vulnerability, which was classified as problematic, was found in zhe ...)
NOT-FOR-US: zhenfeng13 My-Blog
CVE-2014-125095 (A vulnerability was found in BestWebSoft Contact Form Plugin 1.3.4 and ...)
@@ -8977,7 +9023,7 @@ CVE-2023-1668 (A flaw was found in openvswitch (OVS). When processing an IP pack
NOTE: https://github.com/openvswitch/ovs/commit/61b39d8c4797f1b668e4d5e5350d639fca6082a9 (v3.1.1)
NOTE: https://github.com/openvswitch/ovs/commit/f36509fd64e339ffd33593451099be6baa12ffe6 (v2.15.8)
CVE-2023-1667 (A NULL pointer dereference was found In libssh during re-keying with a ...)
- {DSA-5409-1}
+ {DSA-5409-1 DLA-3437-1}
- libssh 0.10.5-1 (bug #1035832)
NOTE: https://www.libssh.org/security/advisories/CVE-2023-1667.txt
NOTE: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=a30339d7b16da7784413e4a4667feb3604ed0458 (libssh-0.10.5)
@@ -9993,8 +10039,8 @@ CVE-2023-1526 (Certain DesignJet and PageWide XL TAA compliant models may have r
NOT-FOR-US: HP
CVE-2023-1525 (The Site Reviews WordPress plugin before 6.7.1 does not sanitise and e ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-1524
- RESERVED
+CVE-2023-1524 (The Download Manager WordPress plugin before 3.2.71 does not adequatel ...)
+ TODO: check
CVE-2023-28655 (A malicious user could leverage this vulnerability to escalate privile ...)
NOT-FOR-US: SAUTER
CVE-2023-28652 (An authenticated malicious user could successfully upload a malicious ...)
@@ -12322,8 +12368,8 @@ CVE-2023-27990 (The XSS vulnerability in Zyxel ATP series firmware versions 4.32
NOT-FOR-US: Zyxel
CVE-2023-27989
RESERVED
-CVE-2023-27988
- RESERVED
+CVE-2023-27988 (The post-authentication command injection vulnerability in the Zyxel N ...)
+ TODO: check
CVE-2023-27987 (In Apache Linkis <=1.3.1,due to the default token generated by Linkis ...)
NOT-FOR-US: Apache Linkis
CVE-2023-1297
@@ -13470,8 +13516,8 @@ CVE-2023-27615
RESERVED
CVE-2023-27614 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Ian Haycox ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-27613
- RESERVED
+CVE-2023-27613 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MonitorC ...)
+ TODO: check
CVE-2023-27612
RESERVED
CVE-2023-27611
@@ -17429,8 +17475,8 @@ CVE-2023-26132
RESERVED
CVE-2023-26131
RESERVED
-CVE-2023-26130
- RESERVED
+CVE-2023-26130 (Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerab ...)
+ TODO: check
CVE-2023-26129 (All versions of the package bwm-ng are vulnerable to Command Injection ...)
NOT-FOR-US: bwm-ng Nodejs module (not the same as src:bwm-ng)
CVE-2023-26128 (All versions of the package keep-module-latest are vulnerable to Comma ...)
@@ -19201,8 +19247,8 @@ CVE-2023-0767
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-0767
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-0767
NOTE: https://hg.mozilla.org/projects/nss/rev/684586ec163ad4fbbf15ea2cd1ee5c2da43036ad
-CVE-2023-0766
- RESERVED
+CVE-2023-0766 (The Newsletter Popup WordPress plugin through 1.2 does not have CSRF c ...)
+ TODO: check
CVE-2023-0765 (The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not prop ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0764 (The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not perf ...)
@@ -19346,8 +19392,8 @@ CVE-2023-0735 (Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/w
NOT-FOR-US: Wallabag
CVE-2023-0734 (Improper Authorization in GitHub repository wallabag/wallabag prior to ...)
NOT-FOR-US: Wallabag
-CVE-2023-0733
- RESERVED
+CVE-2023-0733 (The Newsletter Popup WordPress plugin through 1.2 does not sanitise an ...)
+ TODO: check
CVE-2023-0732 (A vulnerability has been found in SourceCodester Online Eyewear Shop 1 ...)
NOT-FOR-US: SourceCodester
CVE-2023-25588
@@ -22912,8 +22958,8 @@ CVE-2023-0445
RESERVED
CVE-2023-0444 (A privilege escalation vulnerability exists in Delta Electronics Infra ...)
NOT-FOR-US: Delta Electronics InfraSuite Device Master
-CVE-2023-0443
- RESERVED
+CVE-2023-0443 (The AnyWhere Elementor WordPress plugin before 1.2.8 discloses a Freem ...)
+ TODO: check
CVE-2023-0442 (The Loan Comparison WordPress plugin before 1.5.3 does not validate an ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0441 (The Gallery Blocks with Lightbox WordPress plugin before 3.0.8 has an ...)
@@ -24706,8 +24752,8 @@ CVE-2023-23701 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2023-23700
RESERVED
-CVE-2023-23699
- RESERVED
+CVE-2023-23699 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2023-0342
RESERVED
CVE-2023-0341 (A stack buffer overflow exists in the ec_glob function of editorconfig ...)
@@ -24887,8 +24933,8 @@ CVE-2023-0330 (A vulnerability in the lsi53c895a device affects the latest versi
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2160151
NOTE: Proposed patch: https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.html
NOTE: No sanctioned upstream patch as of 2023-03-09
-CVE-2023-0329
- RESERVED
+CVE-2023-0329 (The Elementor Website Builder WordPress plugin before 3.12.2 does not ...)
+ TODO: check
CVE-2022-48261 (There is a misinterpretation of input vulnerability in BiSheng-WNM FW ...)
NOT-FOR-US: Huawei
CVE-2020-36652 (Incorrect Default Permissions vulnerability in Hitachi Automation Dire ...)
@@ -30445,8 +30491,8 @@ CVE-2022-4678 (The TemplatesNext ToolKit WordPress plugin before 3.2.8 does not
NOT-FOR-US: WordPress plugin
CVE-2022-4677 (The Leaflet Maps Marker WordPress plugin before 3.12.7 does not valida ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4676
- RESERVED
+CVE-2022-4676 (The OSM WordPress plugin through 6.01 does not validate and escape som ...)
+ TODO: check
CVE-2022-4675 (The Mongoose Page Plugin WordPress plugin before 1.9.0 does not valida ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4674 (The Ibtana WordPress plugin before 1.1.8.8 does not validate and escap ...)
@@ -36521,6 +36567,7 @@ CVE-2022-4256 (The All-in-One Addons for Elementor WordPress plugin before 2.4.4
CVE-2022-4255 (An info leak issue was identified in all versions of GitLab EE from 13 ...)
- gitlab <not-affected> (Specific to EE)
CVE-2022-4254 (sssd: libsss_certmap fails to sanitise certificate data used in LDAP f ...)
+ {DLA-3436-1}
- sssd 2.3.1-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2149894
NOTE: https://github.com/SSSD/sssd/issues/5135
@@ -52336,8 +52383,7 @@ CVE-2022-41767 (An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1
- mediawiki 1:1.35.8-1
NOTE: https://phabricator.wikimedia.org/T316304
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/836891
-CVE-2022-41766 [mediawiki: On action=rollback the message "alreadyrolled" can leak revision deleted user name]
- RESERVED
+CVE-2022-41766 (An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x ...)
- mediawiki <not-affected> (Vulnerable code not present, only affects 1.37 and later)
NOTE: https://phabricator.wikimedia.org/T307278
CVE-2022-41765 (An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x ...)
@@ -76675,149 +76721,149 @@ CVE-2022-2038
CVE-2022-2037 (Excessive Attack Surface in GitHub repository tooljet/tooljet prior to ...)
NOT-FOR-US: ToolJet
CVE-2022-32738
- RESERVED
+ REJECTED
CVE-2022-32737
- RESERVED
+ REJECTED
CVE-2022-32736
- RESERVED
+ REJECTED
CVE-2022-32735
- RESERVED
+ REJECTED
CVE-2022-32734
- RESERVED
+ REJECTED
CVE-2022-32733
- RESERVED
+ REJECTED
CVE-2022-32732
- RESERVED
+ REJECTED
CVE-2022-32731
- RESERVED
+ REJECTED
CVE-2022-32730
- RESERVED
+ REJECTED
CVE-2022-32729
- RESERVED
+ REJECTED
CVE-2022-32728
- RESERVED
+ REJECTED
CVE-2022-32727
- RESERVED
+ REJECTED
CVE-2022-32726
- RESERVED
+ REJECTED
CVE-2022-32725
- RESERVED
+ REJECTED
CVE-2022-32724
- RESERVED
+ REJECTED
CVE-2022-32723
- RESERVED
+ REJECTED
CVE-2022-32722
- RESERVED
+ REJECTED
CVE-2022-32721
- RESERVED
+ REJECTED
CVE-2022-32720
- RESERVED
+ REJECTED
CVE-2022-32719
- RESERVED
+ REJECTED
CVE-2022-32718
- RESERVED
+ REJECTED
CVE-2022-32717
- RESERVED
+ REJECTED
CVE-2022-32716
- RESERVED
+ REJECTED
CVE-2022-32715
- RESERVED
+ REJECTED
CVE-2022-32714
- RESERVED
+ REJECTED
CVE-2022-32713
- RESERVED
+ REJECTED
CVE-2022-32712
- RESERVED
+ REJECTED
CVE-2022-32711
- RESERVED
+ REJECTED
CVE-2022-32710
- RESERVED
+ REJECTED
CVE-2022-32709
- RESERVED
+ REJECTED
CVE-2022-32708
- RESERVED
+ REJECTED
CVE-2022-32707
- RESERVED
+ REJECTED
CVE-2022-32706
- RESERVED
+ REJECTED
CVE-2022-32705
- RESERVED
+ REJECTED
CVE-2022-32704
- RESERVED
+ REJECTED
CVE-2022-32703
- RESERVED
+ REJECTED
CVE-2022-32702
- RESERVED
+ REJECTED
CVE-2022-32701
- RESERVED
+ REJECTED
CVE-2022-32700
- RESERVED
+ REJECTED
CVE-2022-32699
- RESERVED
+ REJECTED
CVE-2022-32698
- RESERVED
+ REJECTED
CVE-2022-32697
- RESERVED
+ REJECTED
CVE-2022-32696
- RESERVED
+ REJECTED
CVE-2022-32695
- RESERVED
+ REJECTED
CVE-2022-32694
- RESERVED
+ REJECTED
CVE-2022-32693
- RESERVED
+ REJECTED
CVE-2022-32692
- RESERVED
+ REJECTED
CVE-2022-32691
- RESERVED
+ REJECTED
CVE-2022-32690
- RESERVED
+ REJECTED
CVE-2022-32689
- RESERVED
+ REJECTED
CVE-2022-32688
- RESERVED
+ REJECTED
CVE-2022-32687
- RESERVED
+ REJECTED
CVE-2022-32686
- RESERVED
+ REJECTED
CVE-2022-32685
- RESERVED
+ REJECTED
CVE-2022-32684
- RESERVED
+ REJECTED
CVE-2022-32683
- RESERVED
+ REJECTED
CVE-2022-32682
- RESERVED
+ REJECTED
CVE-2022-32681
- RESERVED
+ REJECTED
CVE-2022-32680
- RESERVED
+ REJECTED
CVE-2022-32679
- RESERVED
+ REJECTED
CVE-2022-32678
- RESERVED
+ REJECTED
CVE-2022-32677
- RESERVED
+ REJECTED
CVE-2022-32676
- RESERVED
+ REJECTED
CVE-2022-32675
- RESERVED
+ REJECTED
CVE-2022-32674
- RESERVED
+ REJECTED
CVE-2022-32673
- RESERVED
+ REJECTED
CVE-2022-32672
- RESERVED
+ REJECTED
CVE-2022-32671
- RESERVED
+ REJECTED
CVE-2022-32670
- RESERVED
+ REJECTED
CVE-2022-32669
- RESERVED
+ REJECTED
CVE-2022-32668
- RESERVED
+ REJECTED
CVE-2022-32667
- RESERVED
+ REJECTED
CVE-2022-32666
RESERVED
CVE-2022-32665 (In Boa, there is a possible command injection due to improper input va ...)
@@ -100868,18 +100914,18 @@ CVE-2022-24634
RESERVED
CVE-2022-24633 (All versions of FileCloud prior to 21.3 are vulnerable to user enumera ...)
NOT-FOR-US: FileCloud
-CVE-2022-24632
- RESERVED
-CVE-2022-24631
- RESERVED
-CVE-2022-24630
- RESERVED
-CVE-2022-24629
- RESERVED
-CVE-2022-24628
- RESERVED
-CVE-2022-24627
- RESERVED
+CVE-2022-24632 (An issue was discovered in AudioCodes Device Manager Express through 7 ...)
+ TODO: check
+CVE-2022-24631 (An issue was discovered in AudioCodes Device Manager Express through 7 ...)
+ TODO: check
+CVE-2022-24630 (An issue was discovered in AudioCodes Device Manager Express through 7 ...)
+ TODO: check
+CVE-2022-24629 (An issue was discovered in AudioCodes Device Manager Express through 7 ...)
+ TODO: check
+CVE-2022-24628 (An issue was discovered in AudioCodes Device Manager Express through 7 ...)
+ TODO: check
+CVE-2022-24627 (An issue was discovered in AudioCodes Device Manager Express through 7 ...)
+ TODO: check
CVE-2022-24626
RESERVED
CVE-2022-24625
@@ -100992,7 +101038,7 @@ CVE-2022-24582 (Accounting Journal Management 1.0 is vulnerable to XSS-PHPSESSID
CVE-2022-24581 (ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture v ...)
NOT-FOR-US: ACEweb Online Portal
CVE-2022-24580
- RESERVED
+ REJECTED
CVE-2022-24579
RESERVED
CVE-2022-24578 (GPAC 1.0.1 is affected by a heap-based buffer overflow in SFS_AddStrin ...)
@@ -136594,8 +136640,7 @@ CVE-2021-37847 (crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks t
NOT-FOR-US: Pengutronix Barebox
CVE-2021-37846
RESERVED
-CVE-2021-37845
- RESERVED
+CVE-2021-37845 (An issue was discovered in Citadel through webcit-932. A meddler-in-th ...)
- citadel <removed>
[buster] - citadel <ignored> (Minor issue)
[stretch] - citadel <postponed> (Minor issue, revisit when fixed upstream)
@@ -142350,7 +142395,7 @@ CVE-2021-3622 (A flaw was found in the hivex library. This flaw allows an attack
CVE-2021-35501 (PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name f ...)
NOT-FOR-US: PandoraFMS
CVE-2021-3621 (A flaw was found in SSSD, where the sssctl command was vulnerable to s ...)
- {DLA-2758-1}
+ {DLA-3436-1 DLA-2758-1}
- sssd 2.5.2-1 (bug #992710)
[bullseye] - sssd <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975142
@@ -162293,8 +162338,8 @@ CVE-2021-27827
RESERVED
CVE-2021-27826
RESERVED
-CVE-2021-27825
- RESERVED
+CVE-2021-27825 (A directory traversal vulnerability on Mercury MAC1200R devices allows ...)
+ TODO: check
CVE-2021-27824
RESERVED
CVE-2021-27823 (An information disclosure vulnerability was discovered in /index.class ...)
@@ -186141,8 +186186,7 @@ CVE-2020-29549
RESERVED
CVE-2020-29548 (An issue was discovered in SmarterTools SmarterMail through 100.0.7537 ...)
NOT-FOR-US: SmarterTools
-CVE-2020-29547
- RESERVED
+CVE-2020-29547 (An issue was discovered in Citadel through webcit-926. Meddler-in-the- ...)
- citadel <removed>
[buster] - citadel <ignored> (Minor issue)
[stretch] - citadel <postponed> (Minor issue, revisit when fixed upstream)
@@ -255381,8 +255425,7 @@ CVE-2019-19793 (In Cyxtera AppGate SDP Client 4.1.x through 4.3.x before 4.3.2 o
NOT-FOR-US: Cyxtera AppGate SDP Client
CVE-2019-19792 (A permissions issue in ESET Cyber Security before 6.8.300.0 for macOS ...)
NOT-FOR-US: ESET Cyber Security
-CVE-2019-19791 [Apache access rules and SOAP/REST endpoints issue]
- RESERVED
+CVE-2019-19791 (In LemonLDAP::NG (aka lemonldap-ng) before 2.0.7, the default Apache H ...)
- lemonldap-ng 2.0.7+ds-1
[buster] - lemonldap-ng 2.0.2+ds-7+deb10u3
[stretch] - lemonldap-ng <no-dsa> (Minor issue)
@@ -277124,7 +277167,7 @@ CVE-2019-14891 (A flaw was found in cri-o, as a result of all pod-related proces
CVE-2019-14890 (A vulnerability was found in Ansible Tower before 3.6.1 where an attac ...)
NOT-FOR-US: Ansible Tower
CVE-2019-14889 (A flaw was found with the libssh API function ssh_scp_new() in version ...)
- {DLA-2038-1}
+ {DLA-3437-1 DLA-2038-1}
- libssh 0.9.3-1 (bug #946548)
[stretch] - libssh <no-dsa> (Minor issue)
NOTE: https://www.libssh.org/security/advisories/CVE-2019-14889.txt
@@ -309632,7 +309675,7 @@ CVE-2019-3812 (QEMU, through version 2.10 and through version 3.1.0, is vulnerab
NOTE: vulnerable code not present prior 2.6.50, introduced in
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=78c71af8049c40657b646d9dd722867fa15c0f1b
CVE-2019-3811 (A vulnerability was found in sssd. If a user was configured with no ho ...)
- {DLA-1635-1}
+ {DLA-3436-1 DLA-1635-1}
- sssd 2.2.0-1 (bug #919051)
[stretch] - sssd <no-dsa> (Minor issue)
NOTE: Upstream ticket: https://pagure.io/SSSD/sssd/issue/3901
@@ -328434,6 +328477,7 @@ CVE-2018-16839 (Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer o
NOTE: https://curl.haxx.se/docs/CVE-2018-16839.html
NOTE: Fixed by: https://github.com/curl/curl/commit/f3a24d7916b9173c69a3e0ee790102993833d6c5
CVE-2018-16838 (A flaw was found in sssd Group Policy Objects implementation. When the ...)
+ {DLA-3436-1}
- sssd 2.2.0-1 (bug #931432)
[stretch] - sssd <no-dsa> (Minor issue)
[jessie] - sssd <not-affected> (GPO based access control introduced later)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7267740124e8217d7b0e79a41e07b595f8ed2516
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7267740124e8217d7b0e79a41e07b595f8ed2516
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230530/b9c599f7/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list