[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Sep 6 21:12:45 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f471ae6b by security tracker role at 2023-09-06T20:12:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,38 +1,138 @@
-CVE-2023-41947
+CVE-2023-4809 (In pf packet processing with a 'scrub fragment reassemble' rule, a pac ...)
+ TODO: check
+CVE-2023-4634 (The Media Library Assistant plugin for WordPress is vulnerable to Loca ...)
+ TODO: check
+CVE-2023-4623 (A use-after-free vulnerability in the Linux kernel's net/sched: sch_hf ...)
+ TODO: check
+CVE-2023-4622 (A use-after-free vulnerability in the Linux kernel's af_unix component ...)
+ TODO: check
+CVE-2023-4621
+ REJECTED
+CVE-2023-4589 (Insufficient verification of data authenticity vulnerability in Deline ...)
+ TODO: check
+CVE-2023-4588 (File accessibility vulnerability in Delinea Secret Server, in its v10. ...)
+ TODO: check
+CVE-2023-4498 (Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated access ...)
+ TODO: check
+CVE-2023-4244 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...)
+ TODO: check
+CVE-2023-4208 (A use-after-free vulnerability in the Linux kernel's net/sched: cls_u3 ...)
+ TODO: check
+CVE-2023-4207 (A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw ...)
+ TODO: check
+CVE-2023-4206 (A use-after-free vulnerability in the Linux kernel's net/sched: cls_ro ...)
+ TODO: check
+CVE-2023-41601 (Multiple cross-site scripting (XSS) vulnerabilities in install/index.p ...)
+ TODO: check
+CVE-2023-41330 (knplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or PD ...)
+ TODO: check
+CVE-2023-41328 (Frappe is a low code web framework written in Python and Javascript. A ...)
+ TODO: check
+CVE-2023-41319 (Fides is an open-source privacy engineering platform for managing the ...)
+ TODO: check
+CVE-2023-41150 (F-RevoCRM 7.3 series prior to version7.3.8 contains a cross-site scrip ...)
+ TODO: check
+CVE-2023-41149 (F-RevoCRM version7.3.7 and version7.3.8 contains an OS command injecti ...)
+ TODO: check
+CVE-2023-41050 (AccessControl provides a general security framework for use in Zope. P ...)
+ TODO: check
+CVE-2023-40601 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Estatik ...)
+ TODO: check
+CVE-2023-40591 (go-ethereum (geth) is a golang execution layer implementation of the E ...)
+ TODO: check
+CVE-2023-40560 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Greg ...)
+ TODO: check
+CVE-2023-40554 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Blog2Soc ...)
+ TODO: check
+CVE-2023-40553 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Plausibl ...)
+ TODO: check
+CVE-2023-40552 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gurc ...)
+ TODO: check
+CVE-2023-40531 (Archer AX6000 firmware versions prior to 'Archer AX6000(JP)_V1_1.3.0 B ...)
+ TODO: check
+CVE-2023-40357 (Multiple TP-LINK products allow a network-adjacent authenticated attac ...)
+ TODO: check
+CVE-2023-40329 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPZe ...)
+ TODO: check
+CVE-2023-40328 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Carr ...)
+ TODO: check
+CVE-2023-40193 (Deco M4 firmware versions prior to 'Deco M4(JP)_V2_1.5.8 Build 2023061 ...)
+ TODO: check
+CVE-2023-40007 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ujwo ...)
+ TODO: check
+CVE-2023-39935 (Archer C5400 firmware versions prior to 'Archer C5400(JP)_V2_230506' a ...)
+ TODO: check
+CVE-2023-39511 (Cacti is an open source operational monitoring and fault management fr ...)
+ TODO: check
+CVE-2023-39265 (Apache Superset would allow for SQLite database connections to be inco ...)
+ TODO: check
+CVE-2023-39264 (By default, stack traces for errors were enabled, which resulted in th ...)
+ TODO: check
+CVE-2023-39224 (Archer C5 firmware all versions and Archer C7 firmware versions prior ...)
+ TODO: check
+CVE-2023-38588 (Archer C3150 firmware versions prior to 'Archer C3150(JP)_V2_230511' a ...)
+ TODO: check
+CVE-2023-38568 (Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504' allow ...)
+ TODO: check
+CVE-2023-38563 (Archer C1200 firmware versions prior to 'Archer C1200(JP)_V2_230508' a ...)
+ TODO: check
+CVE-2023-38486 (A vulnerability in the secure boot implementation on affectedAruba 920 ...)
+ TODO: check
+CVE-2023-38485 (Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 900 ...)
+ TODO: check
+CVE-2023-38484 (Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 900 ...)
+ TODO: check
+CVE-2023-37941 (If an attacker gains write access to the Apache Superset metadata data ...)
+ TODO: check
+CVE-2023-37284 (Improper authentication vulnerability in Archer C20 firmware versions ...)
+ TODO: check
+CVE-2023-36489 (Multiple TP-LINK products allow a network-adjacent unauthenticated att ...)
+ TODO: check
+CVE-2023-36388 (Improper REST API permission in Apache Superset up to and including 2. ...)
+ TODO: check
+CVE-2023-36387 (An improper default REST API permission for Gamma users in Apache Supe ...)
+ TODO: check
+CVE-2023-32672 (An Incorrect authorisation check in SQLLab in Apache Superset versions ...)
+ TODO: check
+CVE-2023-32619 (Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and A ...)
+ TODO: check
+CVE-2023-31188 (Multiple TP-LINK products allow a network-adjacent authenticated attac ...)
+ TODO: check
+CVE-2023-41947 (A missing permission check in Jenkins Frugal Testing Plugin 1.1 and ea ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-41946
+CVE-2023-41946 (A cross-site request forgery (CSRF) vulnerability in Jenkins Frugal Te ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-41945
+CVE-2023-41945 (Jenkins Assembla Auth Plugin 1.14 and earlier does not verify that the ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-41944
+CVE-2023-41944 (Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not esca ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-41943
+CVE-2023-41943 (Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perf ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-41942
+CVE-2023-41942 (A cross-site request forgery (CSRF) vulnerability in Jenkins AWS CodeC ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-41941
+CVE-2023-41941 (A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3. ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-41940
+CVE-2023-41940 (Jenkins TAP Plugin 2.3 and earlier does not escape TAP file contents, ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-41939
+CVE-2023-41939 (Jenkins SSH2 Easy Plugin 1.4 and earlier does not verify that permissi ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-41938
+CVE-2023-41938 (A cross-site request forgery (CSRF) vulnerability in Jenkins Ivy Plugi ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-41937
+CVE-2023-41937 (Jenkins Bitbucket Push and Pull Request Plugin 2.4.0 through 2.8.3 (bo ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-41936
+CVE-2023-41936 (Jenkins Google Login Plugin 1.7 and earlier uses a non-constant time c ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-41935
+CVE-2023-41935 (Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380. ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-41934
+CVE-2023-41934 (Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earli ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-41933
+CVE-2023-41933 (Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earli ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-41932
+CVE-2023-41932 (Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earli ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-41931
+CVE-2023-41931 (Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earli ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-41930
+CVE-2023-41930 (Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earli ...)
NOT-FOR-US: Jenkins plugin
CVE-2023-4779 (The User Submitted Posts plugin for WordPress is vulnerable to Stored ...)
NOT-FOR-US: User Submitted Posts plugin for WordPress
@@ -418,12 +518,12 @@ CVE-2023-41164
NOTE: https://github.com/django/django/commit/3f41d6d62929dfe53eda8109b3b836f26645bdce (main)
NOTE: https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9 (4.2.5)
NOTE: https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e (3.2.21)
-CVE-2023-4015 [netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR]
+CVE-2023-4015 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...)
- linux 6.4.11-1
[bullseye] - linux <not-affected> (Vulnerable code not in a Debian released version)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/0a771f7b266b02d262900c75f1e175c7fe76fec2 (6.5-rc4)
-CVE-2023-3777 [netfilter: nf_tables: skip bound chain on rule flush]
+CVE-2023-3777 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...)
- linux 6.4.11-1
[bullseye] - linux 5.10.191-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -1276,7 +1376,7 @@ CVE-2023-39616 (AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid re
NOTE: Testcase: https://aomedia.googlesource.com/aom/+/d90659acbb1487949195006d46c4582c62f1b90f (3.7.0_rc2)
NOTE: For Debian this was initially fixed in Debian unstable with 3.7.0~rc3-1 but reverted with the
NOTE: 3.7.0~really3.6.1-1 upload re-introducing the issue.
-CVE-2023-39615 (Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer over ...)
+CVE-2023-39615 (Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds rea ...)
- libxml2 <unfixed> (bug #1051230)
[bookworm] - libxml2 <no-dsa> (Minor issue)
[bullseye] - libxml2 <no-dsa> (Minor issue)
@@ -27144,14 +27244,14 @@ CVE-2023-27530 (A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4
NOTE: https://github.com/rack/rack/commit/9aac3757fe19cdb0476504c9245170115bec9668 (v2.2.6.3)
NOTE: https://github.com/rack/rack/commit/b632718265fa5ffa547b060331341a1e216b4ffa (v2.1.4.3)
NOTE: https://github.com/rack/rack/commit/5f6e2fcbbdbff2dfaa21baa693e9d23d12ac1459 (v2.0.9.3)
-CVE-2023-27526
- RESERVED
+CVE-2023-27526 (A non Admin authenticated user could incorrectly create resources usin ...)
+ TODO: check
CVE-2023-27525 (An authenticated user with Gamma role authorization could have access ...)
NOT-FOR-US: Apache Superset
CVE-2023-27524 (Session Validation attacks in Apache Superset versions up to and inclu ...)
NOT-FOR-US: Apache Superset
-CVE-2023-27523
- RESERVED
+CVE-2023-27523 (Improper data authorization check on Jinja templated queries in Apache ...)
+ TODO: check
CVE-2023-27522 (HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_pr ...)
{DSA-5376-1 DLA-3401-1}
- apache2 2.4.56-1 (bug #1032476)
@@ -27514,7 +27614,7 @@ CVE-2023-1116 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/
NOT-FOR-US: pimcore
CVE-2023-1115 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
NOT-FOR-US: pimcore
-CVE-2023-1114 (Improper Input Validation, Missing Authorization vulnerability in Esko ...)
+CVE-2023-1114 (Missing Authorization vulnerability in Eskom e-Belediye allows Informa ...)
NOT-FOR-US: Eskom Bilgisayar e-Belediye
CVE-2023-1113 (A vulnerability was found in SourceCodester Simple Payroll System 1.0. ...)
NOT-FOR-US: SourceCodester Simple Payroll System
@@ -30883,8 +30983,8 @@ CVE-2023-26102 (All versions of the package rangy are vulnerable to Prototype Po
NOT-FOR-US: Node rangy
CVE-2023-0926
RESERVED
-CVE-2023-0925
- RESERVED
+CVE-2023-0925 (Version 10.11 of webMethods OneData runs an embedded instance of Azul ...)
+ TODO: check
CVE-2023-0924 (The ZYREX POPUP WordPress plugin through 1.0 does not validate the typ ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0923
@@ -56495,7 +56595,7 @@ CVE-2023-20902
RESERVED
CVE-2023-20901
RESERVED
-CVE-2023-20900 (VMware Tools contains a SAML token signature bypass vulnerability.A ma ...)
+CVE-2023-20900 (A malicious actor that has been granted Guest Operation Privileges ht ...)
- open-vm-tools 2:12.3.0-1 (bug #1050970)
NOTE: https://www.openwall.com/lists/oss-security/2023/08/31/1
NOTE: https://github.com/vmware/open-vm-tools/blob/CVE-2023-20900.patch/CVE-2023-20900.patch
@@ -59332,8 +59432,8 @@ CVE-2023-20271
RESERVED
CVE-2023-20270
RESERVED
-CVE-2023-20269
- RESERVED
+CVE-2023-20269 (A vulnerability in the remote access VPN feature of Cisco Adaptive Sec ...)
+ TODO: check
CVE-2023-20268
RESERVED
CVE-2023-20267
@@ -59344,8 +59444,8 @@ CVE-2023-20265
RESERVED
CVE-2023-20264
RESERVED
-CVE-2023-20263
- RESERVED
+CVE-2023-20263 (A vulnerability in the web-based management interface of Cisco HyperFl ...)
+ TODO: check
CVE-2023-20262
RESERVED
CVE-2023-20261
@@ -59370,8 +59470,8 @@ CVE-2023-20252
RESERVED
CVE-2023-20251
RESERVED
-CVE-2023-20250
- RESERVED
+CVE-2023-20250 (A vulnerability in the web-based management interface of Cisco Small B ...)
+ TODO: check
CVE-2023-20249
RESERVED
CVE-2023-20248
@@ -59384,8 +59484,8 @@ CVE-2023-20245
RESERVED
CVE-2023-20244
RESERVED
-CVE-2023-20243
- RESERVED
+CVE-2023-20243 (A vulnerability in the RADIUS message processing feature of Cisco Iden ...)
+ TODO: check
CVE-2023-20242 (A vulnerability in the web-based management interface of Cisco Unified ...)
NOT-FOR-US: Cisco
CVE-2023-20241
@@ -59394,8 +59494,8 @@ CVE-2023-20240
RESERVED
CVE-2023-20239
RESERVED
-CVE-2023-20238
- RESERVED
+CVE-2023-20238 (A vulnerability in the single sign-on (SSO) implementation of Cisco Br ...)
+ TODO: check
CVE-2023-20237 (A vulnerability in Cisco Intersight Virtual Appliance could allow an u ...)
NOT-FOR-US: Cisco
CVE-2023-20236
@@ -145474,8 +145574,8 @@ CVE-2021-39861 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.00
NOT-FOR-US: Adobe
CVE-2021-39860 (Acrobat Pro DC versions 2021.005.20060 (and earlier), 2020.004.30006 ( ...)
NOT-FOR-US: Adobe
-CVE-2021-39859
- RESERVED
+CVE-2021-39859 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ TODO: check
CVE-2021-39858 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
NOT-FOR-US: Adobe
CVE-2021-39857 (Adobe Acrobat Reader DC add-on for Internet Explorer versions 2021.005 ...)
@@ -153674,8 +153774,8 @@ CVE-2021-36647 (Use of a Broken or Risky Cryptographic Algorithm in the function
[bullseye] - mbedtls <no-dsa> (Minor issue)
[buster] - mbedtls <no-dsa> (Minor issue)
NOTE: https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/mbedtls-security-advisory-2021-07-1/
-CVE-2021-36646
- RESERVED
+CVE-2021-36646 (A Cross Site Scrtpting (XSS) vulnerability in KodExplorer 4.45 allows ...)
+ TODO: check
CVE-2021-36645
RESERVED
CVE-2021-36644
@@ -155168,8 +155268,8 @@ CVE-2021-36062 (Adobe Connect version 11.2.2 (and earlier) is affected by a Refl
NOT-FOR-US: Adobe
CVE-2021-36061 (Adobe Connect version 11.2.2 (and earlier) is affected by a secure des ...)
NOT-FOR-US: Adobe
-CVE-2021-36060
- RESERVED
+CVE-2021-36060 (Adobe Media Encoder version 15.2 (and earlier) is affected by an out-o ...)
+ TODO: check
CVE-2021-36059 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...)
NOT-FOR-US: Adobe
CVE-2021-36058 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Integer ...)
@@ -155281,8 +155381,8 @@ CVE-2021-36038 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and ear
NOT-FOR-US: Magento
CVE-2021-36037 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
NOT-FOR-US: Magento
-CVE-2021-36036
- RESERVED
+CVE-2021-36036 (Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 ...)
+ TODO: check
CVE-2021-36035 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
NOT-FOR-US: Magento
CVE-2021-36034 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
@@ -155307,12 +155407,12 @@ CVE-2021-36025 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and ear
NOT-FOR-US: Magento
CVE-2021-36024 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
NOT-FOR-US: Magento
-CVE-2021-36023
- RESERVED
+CVE-2021-36023 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ TODO: check
CVE-2021-36022 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
NOT-FOR-US: Magento
-CVE-2021-36021
- RESERVED
+CVE-2021-36021 (Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 ...)
+ TODO: check
CVE-2021-36020 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
NOT-FOR-US: Magento
CVE-2021-36019 (Adobe After Effects version 18.2.1 (and earlier) is affected by an Out ...)
@@ -155393,8 +155493,8 @@ CVE-2021-35982 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.00
NOT-FOR-US: Adobe
CVE-2021-35981 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
NOT-FOR-US: Adobe
-CVE-2021-35980
- RESERVED
+CVE-2021-35980 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ TODO: check
CVE-2021-35979 (An issue was discovered in Digi RealPort through 4.8.488.0. The 'encry ...)
NOT-FOR-US: Digi RealPort
CVE-2021-35978 (An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ...)
@@ -174488,8 +174588,8 @@ CVE-2021-3445 (A flaw was found in libdnf's signature verification functionality
- libdnf 0.55.2-6 (bug #986802)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1932079
NOTE: https://github.com/rpm-software-management/libdnf/commit/930f2582f91077b3f338b84cf9567559d52713de
-CVE-2021-28644
- RESERVED
+CVE-2021-28644 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ TODO: check
CVE-2021-28643 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
NOT-FOR-US: Adobe
CVE-2021-28642 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
@@ -194586,8 +194686,8 @@ CVE-2021-21090 (Adobe InCopy version 16.0 (and earlier) is affected by an path t
NOT-FOR-US: Adobe
CVE-2021-21089 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
NOT-FOR-US: Acrobat
-CVE-2021-21088
- RESERVED
+CVE-2021-21088 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ TODO: check
CVE-2021-21087 (Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 1 ...)
NOT-FOR-US: Adobe
CVE-2021-21086 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
@@ -252478,14 +252578,14 @@ CVE-2020-10134 (Pairing in Bluetooth\xae Core v5.2 and earlier may permit an una
NOTE: Bluetooth protocol issue
CVE-2020-10133
RESERVED
-CVE-2020-10132
- RESERVED
-CVE-2020-10131
- RESERVED
-CVE-2020-10130
- RESERVED
-CVE-2020-10129
- RESERVED
+CVE-2020-10132 (SearchBlox before Version 9.1 is vulnerable to cross-origin resource s ...)
+ TODO: check
+CVE-2020-10131 (SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection i ...)
+ TODO: check
+CVE-2020-10130 (SearchBlox before Version 9.1 is vulnerable to business logic bypass w ...)
+ TODO: check
+CVE-2020-10129 (SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation ...)
+ TODO: check
CVE-2020-10128 (SearchBlox product with version before 9.2.1 is vulnerable to stored c ...)
TODO: check
CVE-2020-10127
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f471ae6bee250a0033be3fdc67d7154835b0df37
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f471ae6bee250a0033be3fdc67d7154835b0df37
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230906/354ac41b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list