[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Oct 4 21:12:40 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e7e78554 by security tracker role at 2023-10-04T20:12:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,99 @@
+CVE-2023-5402 (ACWE-269: Improper Privilege Management vulnerability existsthat could ...)
+ TODO: check
+CVE-2023-5399 (ACWE-22: Improper Limitation of a Pathname to a Restricted Directory ( ...)
+ TODO: check
+CVE-2023-5391 (ACWE-502:Deserialization of untrusted datavulnerability existsthat cou ...)
+ TODO: check
+CVE-2023-5377 (Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV.)
+ TODO: check
+CVE-2023-5375 (Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2.)
+ TODO: check
+CVE-2023-5374 (A vulnerability classified as critical was found in SourceCodester Onl ...)
+ TODO: check
+CVE-2023-5373 (A vulnerability classified as critical has been found in SourceCodeste ...)
+ TODO: check
+CVE-2023-5371 (RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3. ...)
+ TODO: check
+CVE-2023-5113 (Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are po ...)
+ TODO: check
+CVE-2023-4997 (Improper authorisation of regular users in ProIntegra Uptime DC softwa ...)
+ TODO: check
+CVE-2023-4497 (Easy Chat Server, in its 3.1 version and before, does not sufficiently ...)
+ TODO: check
+CVE-2023-4496 (Easy Chat Server, in its 3.1 version and before, does not sufficiently ...)
+ TODO: check
+CVE-2023-4495 (Easy Chat Server, in its 3.1 version and before, does not sufficiently ...)
+ TODO: check
+CVE-2023-4494 (Stack-based buffer overflow vulnerability in Easy Chat Server 3.1 vers ...)
+ TODO: check
+CVE-2023-4493 (Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 versio ...)
+ TODO: check
+CVE-2023-4492 (Vulnerability in Easy Address Book Web Server 1.6 version, affecting t ...)
+ TODO: check
+CVE-2023-4491 (Buffer overflow vulnerability in Easy Address Book Web Server 1.6 vers ...)
+ TODO: check
+CVE-2023-4090 (Cross-site Scripting (XSS) reflected vulnerability on WideStand until ...)
+ TODO: check
+CVE-2023-4037 (Blind SQL injection vulnerability in the Conacwin 3.7.1.2 web interfac ...)
+ TODO: check
+CVE-2023-44210 (Sensitive information disclosure and manipulation due to missing autho ...)
+ TODO: check
+CVE-2023-44209 (Local privilege escalation due to improper soft link handling. The fol ...)
+ TODO: check
+CVE-2023-44208 (Sensitive information disclosure and manipulation due to missing autho ...)
+ TODO: check
+CVE-2023-44075 (Cross Site Scripting vulnerability in Small CRM in PHP v.3.0 allows a ...)
+ TODO: check
+CVE-2023-43838 (An arbitrary file upload vulnerability in Personal Management System v ...)
+ TODO: check
+CVE-2023-43804 (urllib3 is a user-friendly HTTP client library for Python. urllib3 doe ...)
+ TODO: check
+CVE-2023-43261 (An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 b ...)
+ TODO: check
+CVE-2023-42824 (The issue was addressed with improved checks. This issue is fixed in i ...)
+ TODO: check
+CVE-2023-42809 (Redisson is a Java Redis client that uses the Netty framework. Prior t ...)
+ TODO: check
+CVE-2023-42808 (Common Voice is the web app for Mozilla Common Voice, a platform for c ...)
+ TODO: check
+CVE-2023-42449 (Hydra is the two-layer scalability solution for Cardano. Prior to vers ...)
+ TODO: check
+CVE-2023-42448 (Hydra is the layer-two scalability solution for Cardano. Prior to vers ...)
+ TODO: check
+CVE-2023-41094 (TouchLink packets processed after timeout or out of range due to Opera ...)
+ TODO: check
+CVE-2023-40684 (IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOn ...)
+ TODO: check
+CVE-2023-40561 (Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Enhance ...)
+ TODO: check
+CVE-2023-40559 (Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Dynamic ...)
+ TODO: check
+CVE-2023-40376 (IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7. ...)
+ TODO: check
+CVE-2023-3701 (Aqua Drive, in its 2.4 version, is vulnerable to a relative path trave ...)
+ TODO: check
+CVE-2023-3665 (A code injection vulnerability in Trellix ENS 10.7.0 April 2023 releas ...)
+ TODO: check
+CVE-2023-3576 (A memory leak flaw was found in Libtiff's tiffcrop utility. This issue ...)
+ TODO: check
+CVE-2023-3512 (Relative path traversal vulnerability in Setelsa Security's ConacWin C ...)
+ TODO: check
+CVE-2023-3038 (SQL injection vulnerability in HelpDezk Community affecting version 1. ...)
+ TODO: check
+CVE-2023-3037 (Improper authorization vulnerability in HelpDezk Community affecting v ...)
+ TODO: check
+CVE-2023-39191 (An improper input validation flaw was found in the eBPF subsystem in t ...)
+ TODO: check
+CVE-2023-38701 (Hydra is the layer-two scalability solution for Cardano. Users of the ...)
+ TODO: check
+CVE-2023-38538 (A race condition in an event subsystem led to a heap use-after-free is ...)
+ TODO: check
+CVE-2023-38537 (A race condition in a network transport subsystem led to a heap use-af ...)
+ TODO: check
+CVE-2023-37995 (Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole WP-Copy ...)
+ TODO: check
+CVE-2023-2809 (Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 ...)
+ TODO: check
CVE-2023-5370 (On CPU 0 the check for the SMCCC workaround is called before SMCCC sup ...)
NOT-FOR-US: FreeBSD
CVE-2023-5369 (Before correction, thecopy_file_rangesystem call checked only for the ...)
@@ -94,7 +190,7 @@ CVE-2023-4882 (DOS vulnerability that could allow an attacker to register a new
NOT-FOR-US: Open5GS
CVE-2023-4817 (This vulnerability allows an authenticated attacker to upload maliciou ...)
NOT-FOR-US: ICP DAS
-CVE-2023-4732 (A flaw was found in the Linux Kernel's memory management subsytem. A t ...)
+CVE-2023-4732 (A flaw was found in pfn_swap_entry_to_page in memory management subsys ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -249,6 +345,7 @@ CVE-2023-43785 [libX11: out-of-bounds memory access in _XkbReadKeySyms()]
NOTE: https://www.openwall.com/lists/oss-security/2023/10/03/1
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/6858d468d9ca55fb4c5fd70b223dbc78a3358a7f
CVE-2023-5346
+ {DSA-5515-1}
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-5345 (A use-after-free vulnerability in the Linux kernel's fs/smb/client com ...)
@@ -1039,7 +1136,7 @@ CVE-2023-4003 (One Identity Password Manager version 5.9.7.1 -An unauthenticated
NOT-FOR-US: One Identity Password Manager
CVE-2023-2585
NOT-FOR-US: Keycloak
-CVE-2023-2422
+CVE-2023-2422 (A flaw was found in Keycloak. A Keycloak server configured to support ...)
NOT-FOR-US: Keycloak
CVE-2023-44207 (Stored cross-site scripting (XSS) vulnerability in protection plan nam ...)
NOT-FOR-US: Acronis
@@ -2346,7 +2443,7 @@ CVE-2023-38255 (A potential attacker with or without (cookie theft) access to th
NOT-FOR-US: MODULYS GP
CVE-2023-37611 (Cross Site Scripting (XSS) vulnerability in Neos CMS 8.3.3 allows a re ...)
NOT-FOR-US: Neos CMS
-CVE-2023-4237 [ec2_key module prints out the private key directly to the standard output]
+CVE-2023-4237 (A flaw was found in the Ansible Automation Platform. When creating a n ...)
- ansible <unfixed>
[buster] - ansible <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2229979
@@ -4885,7 +4982,7 @@ CVE-2023-4624 (Server-Side Request Forgery (SSRF) in GitHub repository bookstack
NOT-FOR-US: bookstack
CVE-2023-4600 (The AffiliateWP for WordPress is vulnerable to unauthorized modificati ...)
NOT-FOR-US: AffiliateWP for WordPress
-CVE-2023-4571 (In Splunk IT Service Intelligence (ITSI) versions below 4.13.3 or 4.15 ...)
+CVE-2023-4571 (In Splunk IT Service Intelligence (ITSI) versions below below 4.13.3, ...)
NOT-FOR-US: Splunk
CVE-2023-4209 (The POEditor WordPress plugin before 0.9.8 does not have CSRF checks i ...)
NOT-FOR-US: WordPress plugin
@@ -5196,7 +5293,7 @@ CVE-2023-38283 (In OpenBGPD before 8.1, incorrect handling of BGP update data (l
NOTE: https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/006_bgpd.patch.sig
CVE-2023-34039 (Aria Operations for Networks contains an Authentication Bypass vulnera ...)
NOT-FOR-US: VMware
-CVE-2023-4586
+CVE-2023-4586 (A vulnerability was found in the Hot Rod client. This security issue o ...)
NOT-FOR-US: Infinispan
CVE-2023-4585 (Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thun ...)
- firefox 117.0-1
@@ -5416,6 +5513,7 @@ CVE-2023-4569 (A memory leak flaw was found in nft_set_catchall_flush in net/net
- linux 6.4.13-1
NOTE: https://git.kernel.org/linus/90e5b3462efa37b8bba82d7c4e63683856e188af (6.5-rc7)
CVE-2023-4567
+ REJECTED
- ansible <unfixed> (bug #1051725)
[bookworm] - ansible <no-dsa> (Minor issue)
[bullseye] - ansible <no-dsa> (Minor issue)
@@ -5801,7 +5899,7 @@ CVE-2023-40217 (An issue was discovered in Python before 3.8.18, 3.9.x before 3.
NOTE: Additional patches to stabilize the test suite may also be applied to all versions:
NOTE: 1. https://github.com/python/cpython/commit/64f99350351bc46e016b2286f36ba7cd669b79e3
NOTE: 2. https://github.com/python/cpython/commit/592bacb6fc0833336c0453e818e9b95016e9fd47
-CVE-2023-4380
+CVE-2023-4380 (A logic flaw exists in Ansible. Whenever a private project is created ...)
- ansible <unfixed> (bug #1051897)
[bookworm] - ansible <no-dsa> (Minor issue)
[bullseye] - ansible <no-dsa> (Minor issue)
@@ -8830,7 +8928,7 @@ CVE-2023-4104 (An invalid Polkit Authentication check and missing authentication
NOTE: https://www.openwall.com/lists/oss-security/2023/08/03/1
NOTE: https://github.com/mozilla-mobile/mozilla-vpn-client/pull/7055
NOTE: https://github.com/mozilla-mobile/mozilla-vpn-client/commit/6933a07164cd69636889403c959ac2c2b115e0f6
-CVE-2023-3971
+CVE-2023-3971 (An HTML injection flaw was found in Controller in the user interface s ...)
NOT-FOR-US: Red Hat Ansible Automation Controller
CVE-2023-34320 [arm: Guests can trigger a deadlock on Cortex-A77]
- xen 4.17.2-1
@@ -9045,7 +9143,8 @@ CVE-2023-34551 (In certain EZVIZ products, two stack buffer overflows in netClie
NOT-FOR-US: EZVIZ
CVE-2023-33493 (An Unrestricted Upload of File with Dangerous Type vulnerability in th ...)
NOT-FOR-US: Prestashop addon
-CVE-2023-32302 (Silverstripe Framework is the MVC framework that powers Silverstripe C ...)
+CVE-2023-32302
+ REJECTED
NOT-FOR-US: Silverstripe Framework
CVE-2023-31710 (TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1. ...)
NOT-FOR-US: TP-Link
@@ -13436,7 +13535,7 @@ CVE-2023-2625 (A vulnerability exists that can be exploited by an authenticated
NOT-FOR-US: ABB CoreTec
CVE-2023-3436 (Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is ...)
- xpdf <not-affected> (Debian uses poppler, which is not affected)
-CVE-2023-3428 [heap-buffer-overflow in coders/tiff.c]
+CVE-2023-3428 (A heap-based buffer overflow vulnerability was found in coders/tiff.c ...)
- imagemagick <unfixed>
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/a531d28e31309676ce8168c3b6dbbb5374b78790 (7.1.1-13)
NOTE: Prerequisite: https://github.com/ImageMagick/ImageMagick6/commit/2b4eabb9d09b278f16727c635e928bd951c58773 (6.9.12-55)
@@ -13675,7 +13774,7 @@ CVE-2023-32522 (A path traversal exists in a specific dll of Trend Micro Mobile
NOT-FOR-US: Trend Micro
CVE-2023-32521 (A path traversal exists in a specific service dll of Trend Micro Mobil ...)
NOT-FOR-US: Trend Micro
-CVE-2023-3361
+CVE-2023-3361 (A flaw was found in Red Hat OpenShift Data Science. When exporting a p ...)
NOT-FOR-US: OpenShift Data
CVE-2023-3422 (Use after free in Guest View in Google Chrome prior to 114.0.5735.198 ...)
{DSA-5440-1}
@@ -15538,7 +15637,7 @@ CVE-2023-2904 (The External Visitor Manager portal of HID\u2019s SAFE versions 5
NOT-FOR-US: HID SAFE
CVE-2023-2866 (If an attacker can trick an authenticated user into loading a maliciou ...)
NOT-FOR-US: Advantech
-CVE-2023-3153 [service monitor MAC flow is not rate limited]
+CVE-2023-3153 (A flaw was found in Open Virtual Network where the service monitor MAC ...)
- ovn 23.09.0-1 (bug #1043598)
[bookworm] - ovn <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2213279
@@ -25130,8 +25229,7 @@ CVE-2023-1834 (Rockwell Automation was made aware that Kinetix 5500 drives, manu
NOT-FOR-US: Rockwell Automation
CVE-2023-1833 (Authentication Bypass by Primary Weakness vulnerability in DTS Electro ...)
NOT-FOR-US: DTS Electronics Redline Router firmware
-CVE-2023-1832
- RESERVED
+CVE-2023-1832 (An improper access control flaw was found in Candlepin. An attacker ca ...)
NOT-FOR-US: Red Hat Satellite / Candlepin
CVE-2023-1831 (Mattermost fails to redact from audit logsthe user password during use ...)
- mattermost-server <itp> (bug #823556)
@@ -26885,8 +26983,7 @@ CVE-2023-1586 (Avast and AVG Antivirus for Windows were susceptible to a Time-of
NOT-FOR-US: Norton
CVE-2023-1585 (Avast and AVG Antivirus for Windows were susceptible to a Time-of-chec ...)
NOT-FOR-US: Norton
-CVE-2023-1584
- RESERVED
+CVE-2023-1584 (A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access ...)
NOT-FOR-US: Quarkus
CVE-2023-28751 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wpme ...)
NOT-FOR-US: WordPress plugin
@@ -31364,8 +31461,8 @@ CVE-2023-27435 (Cross-Site Request Forgery (CSRF) vulnerability in Sami Ahmed Si
TODO: check
CVE-2023-27434
RESERVED
-CVE-2023-27433
- RESERVED
+CVE-2023-27433 (Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Mak ...)
+ TODO: check
CVE-2023-27432 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WpSimple ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27431
@@ -32243,8 +32340,8 @@ CVE-2023-27123
RESERVED
CVE-2023-27122
RESERVED
-CVE-2023-27121
- RESERVED
+CVE-2023-27121 (A cross-site scripting (XSS) vulnerability in the component /framework ...)
+ TODO: check
CVE-2023-27120
RESERVED
CVE-2023-27119 (WebAssembly v1.0.29 was discovered to contain a segmentation fault via ...)
@@ -35263,8 +35360,8 @@ CVE-2023-25982 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2023-25981 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25980
- RESERVED
+CVE-2023-25980 (Cross-Site Request Forgery (CSRF) vulnerability in CAGE Web Design | R ...)
+ TODO: check
CVE-2023-25979 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Vide ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25978 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nate ...)
@@ -35780,8 +35877,8 @@ CVE-2023-25790
RESERVED
CVE-2023-25789 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tapf ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25788
- RESERVED
+CVE-2023-25788 (Cross-Site Request Forgery (CSRF) vulnerability in Saphali Saphali Woo ...)
+ TODO: check
CVE-2023-25787 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wbol ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25786 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Thom ...)
@@ -37195,8 +37292,8 @@ CVE-2023-25491 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilityin
NOT-FOR-US: WordPress plugin
CVE-2023-25490 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25489
- RESERVED
+CVE-2023-25489 (Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Update T ...)
+ TODO: check
CVE-2023-25488 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Duc ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25487 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade PixTypes ...)
@@ -38320,8 +38417,8 @@ CVE-2023-25027 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25026
RESERVED
-CVE-2023-25025
- RESERVED
+CVE-2023-25025 (Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole WP-Copy ...)
+ TODO: check
CVE-2023-25024 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Iceg ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25023 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sale ...)
@@ -46066,8 +46163,8 @@ CVE-2021-4301 (A vulnerability was found in slackero phpwcms up to 1.9.26 and cl
NOT-FOR-US: slackero phpwcms
CVE-2021-4300 (A vulnerability has been found in ghostlander Halcyon and classified a ...)
NOT-FOR-US: ghostlander Halcyon
-CVE-2023-22618
- RESERVED
+CVE-2023-22618 (If Security Hardening guide rules are not followed, then Nokia WaveLit ...)
+ TODO: check
CVE-2023-22617 (A remote attacker might be able to cause infinite recursion in PowerDN ...)
- pdns-recursor 4.8.1-1 (bug #1029367)
[bullseye] - pdns-recursor <not-affected> (Vulnerable code introduced later)
@@ -46470,8 +46567,8 @@ CVE-2023-22517
RESERVED
CVE-2023-22516
RESERVED
-CVE-2023-22515
- RESERVED
+CVE-2023-22515 (Atlassian has been made aware of an issue reported by a handful of cus ...)
+ TODO: check
CVE-2023-22514
RESERVED
CVE-2023-22513 (This High severity RCE (Remote Code Execution) vulnerability was intro ...)
@@ -55693,8 +55790,7 @@ CVE-2022-4134 (A flaw was found in openstack-glance. This issue could allow a re
NOTE: https://bugs.launchpad.net/ossn/+bug/1990157
CVE-2022-4133
REJECTED
-CVE-2022-4132 [Tomcat: Memory leak in JSS]
- RESERVED
+CVE-2022-4132 (A flaw was found in JSS. A memory leak in JSS requires non-standard co ...)
- jss <unfixed> (bug #1052575)
[bookworm] - jss <no-dsa> (Minor issue)
[bullseye] - jss <no-dsa> (Minor issue)
@@ -63375,8 +63471,8 @@ CVE-2023-20261
RESERVED
CVE-2023-20260
RESERVED
-CVE-2023-20259
- RESERVED
+CVE-2023-20259 (A vulnerability in an API endpoint of multiple Cisco Unified Communica ...)
+ TODO: check
CVE-2023-20258
RESERVED
CVE-2023-20257
@@ -63423,8 +63519,8 @@ CVE-2023-20237 (A vulnerability in Cisco Intersight Virtual Appliance could allo
NOT-FOR-US: Cisco
CVE-2023-20236 (A vulnerability in the iPXE boot function of Cisco IOS XR software cou ...)
NOT-FOR-US: Cisco
-CVE-2023-20235
- RESERVED
+CVE-2023-20235 (A vulnerability in the on-device application development workflow feat ...)
+ TODO: check
CVE-2023-20234 (A vulnerability in the CLI of Cisco FXOS Software could allow an authe ...)
NOT-FOR-US: Cisco FXOS Software
CVE-2023-20233 (A vulnerability in the Connectivity Fault Management (CFM) feature of ...)
@@ -63699,8 +63795,8 @@ CVE-2023-20103 (A vulnerability in Cisco Secure Network Analytics could allow an
NOT-FOR-US: Cisco
CVE-2023-20102 (A vulnerability in the web-based management interface of Cisco Secure ...)
NOT-FOR-US: Cisco
-CVE-2023-20101
- RESERVED
+CVE-2023-20101 (A vulnerability in Cisco Emergency Responder could allow an unauthenti ...)
+ TODO: check
CVE-2023-20100 (A vulnerability in the access point (AP) joining process of the Contro ...)
NOT-FOR-US: Cisco
CVE-2023-20099
@@ -64095,8 +64191,8 @@ CVE-2022-43908 (IBM Security Guardium 11.3 could allow an authenticated user to
NOT-FOR-US: IBM
CVE-2022-43907 (IBM Security Guardium 11.4 could allow a remote authenticated attacker ...)
NOT-FOR-US: IBM
-CVE-2022-43906
- RESERVED
+CVE-2022-43906 (IBM Security Guardium 11.5 could disclose sensitive information due to ...)
+ TODO: check
CVE-2022-43905
RESERVED
CVE-2022-43904 (IBM Security Guardium 11.3 and 11.4 could disclose sensitive informati ...)
@@ -85118,10 +85214,10 @@ CVE-2022-2462 (The Transposh WordPress Translation plugin for WordPress is vulne
NOT-FOR-US: Transposh WordPress Translation plugin for WordPress
CVE-2022-2461 (The Transposh WordPress Translation plugin for WordPress is vulnerable ...)
NOT-FOR-US: Transposh WordPress Translation plugin for WordPress
-CVE-2022-36277
- RESERVED
-CVE-2022-36276
- RESERVED
+CVE-2022-36277 (The 'sReferencia', 'sDescripcion', 'txtCodigo' and 'txtDescripcion' pa ...)
+ TODO: check
+CVE-2022-36276 (TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' p ...)
+ TODO: check
CVE-2022-2460 (The WPDating WordPress plugin before 7.4.0 does not properly escape us ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2459 (An issue has been discovered in GitLab EE affecting all versions befor ...)
@@ -147018,8 +147114,8 @@ CVE-2021-3786 (A potential vulnerability in the SMI callback function used in CS
NOT-FOR-US: Lenovo
CVE-2021-3785 (yourls is vulnerable to Improper Neutralization of Input During Web Pa ...)
NOT-FOR-US: yourls
-CVE-2021-3784
- RESERVED
+CVE-2021-3784 (Garuda Linux performs an insecure user creation and authentication tha ...)
+ TODO: check
CVE-2021-3783 (yourls is vulnerable to Improper Neutralization of Input During Web Pa ...)
NOT-FOR-US: yourls
CVE-2021-3782 (An internal reference count is held on the buffer pool, incremented ev ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7e78554a173cccf47b1cb86d7529d022c7dd771
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7e78554a173cccf47b1cb86d7529d022c7dd771
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231004/48b2624d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list