[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Sep 12 21:13:04 BST 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
346dc4c8 by security tracker role at 2023-09-12T20:12:50+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,215 @@
+CVE-2023-4921 (A use-after-free vulnerability in the Linux kernel's net/sched: sch_qf ...)
+	TODO: check
+CVE-2023-4918 (A flaw was found in the Keycloak package, more specifically org.keyclo ...)
+	TODO: check
+CVE-2023-4914 (Relative Path Traversal in GitHub repository cecilapp/cecil prior to 7 ...)
+	TODO: check
+CVE-2023-4913 (Cross-site Scripting (XSS) - Reflected in GitHub repository cecilapp/c ...)
+	TODO: check
+CVE-2023-4759 (Arbitrary File Overwrite in Eclipse JGit <= 6.6.0  In Eclipse JGit, al ...)
+	TODO: check
+CVE-2023-4501 (User authentication with username and password credentials is ineffect ...)
+	TODO: check
+CVE-2023-41885 (Piccolo is an ORM and query builder which supports asyncio. In version ...)
+	TODO: check
+CVE-2023-41846 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...)
+	TODO: check
+CVE-2023-41764 (Microsoft Office Spoofing Vulnerability)
+	TODO: check
+CVE-2023-41331 (SOFARPC is a Java RPC framework. Versions prior to 5.11.0 are vulnerab ...)
+	TODO: check
+CVE-2023-41036 (Macvim is a text editor for MacOS. Prior to version 178, Macvim makes  ...)
+	TODO: check
+CVE-2023-41033 (A vulnerability has been identified in Parasolid V35.0 (All versions < ...)
+	TODO: check
+CVE-2023-41032 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...)
+	TODO: check
+CVE-2023-41013 (Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allow ...)
+	TODO: check
+CVE-2023-40834 (OpenCart v4.0.2.2 is vulnerable to Brute Force Attack.)
+	TODO: check
+CVE-2023-40784 (DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/modul ...)
+	TODO: check
+CVE-2023-40732 (A vulnerability has been identified in QMS Automotive (All versions <  ...)
+	TODO: check
+CVE-2023-40731 (A vulnerability has been identified in QMS Automotive (All versions <  ...)
+	TODO: check
+CVE-2023-40730 (A vulnerability has been identified in QMS Automotive (All versions <  ...)
+	TODO: check
+CVE-2023-40729 (A vulnerability has been identified in QMS Automotive (All versions <  ...)
+	TODO: check
+CVE-2023-40728 (A vulnerability has been identified in QMS Automotive (All versions <  ...)
+	TODO: check
+CVE-2023-40727 (A vulnerability has been identified in QMS Automotive (All versions <  ...)
+	TODO: check
+CVE-2023-40726 (A vulnerability has been identified in QMS Automotive (All versions <  ...)
+	TODO: check
+CVE-2023-40725 (A vulnerability has been identified in QMS Automotive (All versions <  ...)
+	TODO: check
+CVE-2023-40724 (A vulnerability has been identified in QMS Automotive (All versions <  ...)
+	TODO: check
+CVE-2023-40712 (Apache Airflow, versions before 2.7.1, is affected by a vulnerability  ...)
+	TODO: check
+CVE-2023-40611 (Apache Airflow, versions before 2.7.1, is affected by a vulnerability  ...)
+	TODO: check
+CVE-2023-40218 (An issue was discovered in the NPU kernel driver in Samsung Exynos Mob ...)
+	TODO: check
+CVE-2023-3712 (Files or Directories Accessible to External Parties vulnerability in H ...)
+	TODO: check
+CVE-2023-3711 (Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Print ...)
+	TODO: check
+CVE-2023-3710 (Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, A ...)
+	TODO: check
+CVE-2023-39637 (D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injecti ...)
+	TODO: check
+CVE-2023-39215 (Improper authentication in Zoom clients may allow an authenticated use ...)
+	TODO: check
+CVE-2023-39208 (Improper input validation in Zoom Desktop Client for Linux before vers ...)
+	TODO: check
+CVE-2023-39201 (Untrusted search path in CleanZoom before file date 07/24/2023 may all ...)
+	TODO: check
+CVE-2023-39150 (ConEmu before commit 230724 does not sanitize title responses correctl ...)
+	TODO: check
+CVE-2023-38164 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
+	TODO: check
+CVE-2023-38163 (Windows Defender Attack Surface Reduction Security Feature Bypass)
+	TODO: check
+CVE-2023-38162 (DHCP Server Service Denial of Service Vulnerability)
+	TODO: check
+CVE-2023-38161 (Windows GDI Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2023-38160 (Windows TCP/IP Information Disclosure Vulnerability)
+	TODO: check
+CVE-2023-38156 (Azure HDInsight Apache Ambari Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2023-38155 (Azure DevOps Server Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-38152 (DHCP Server Service Information Disclosure Vulnerability)
+	TODO: check
+CVE-2023-38150 (Windows Kernel Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2023-38149 (Windows TCP/IP Denial of Service Vulnerability)
+	TODO: check
+CVE-2023-38148 (Internet Connection Sharing (ICS) Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-38147 (Windows Miracast Wireless Display Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-38146 (Windows Themes Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-38144 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+	TODO: check
+CVE-2023-38143 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+	TODO: check
+CVE-2023-38142 (Windows Kernel Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2023-38141 (Windows Kernel Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2023-38140 (Windows Kernel Information Disclosure Vulnerability)
+	TODO: check
+CVE-2023-38139 (Windows Kernel Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2023-38076 (A vulnerability has been identified in JT2Go (All versions < V14.3.0.1 ...)
+	TODO: check
+CVE-2023-38075 (A vulnerability has been identified in JT2Go (All versions < V14.3.0.1 ...)
+	TODO: check
+CVE-2023-38074 (A vulnerability has been identified in JT2Go (All versions < V14.3.0.1 ...)
+	TODO: check
+CVE-2023-38073 (A vulnerability has been identified in JT2Go (All versions < V14.3.0.1 ...)
+	TODO: check
+CVE-2023-38072 (A vulnerability has been identified in JT2Go (All versions < V14.3.0.1 ...)
+	TODO: check
+CVE-2023-38071 (A vulnerability has been identified in JT2Go (All versions < V14.3.0.1 ...)
+	TODO: check
+CVE-2023-38070 (A vulnerability has been identified in JT2Go (All versions < V14.3.0.1 ...)
+	TODO: check
+CVE-2023-37881 (Weak access control in Wing FTP Server (Admin Web Client) allows for p ...)
+	TODO: check
+CVE-2023-37879 (Insecure storage of sensitive information in Wing FTP Server (User Web ...)
+	TODO: check
+CVE-2023-37878 (Insecure default permissions in Wing FTP Server (Admin Web Client) all ...)
+	TODO: check
+CVE-2023-37875 (Improper encoding or escaping of output in Wing FTP Server (User Web C ...)
+	TODO: check
+CVE-2023-36886 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
+	TODO: check
+CVE-2023-36805 (Windows MSHTML Platform Security Feature Bypass Vulnerability)
+	TODO: check
+CVE-2023-36804 (Windows GDI Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2023-36803 (Windows Kernel Information Disclosure Vulnerability)
+	TODO: check
+CVE-2023-36802 (Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2023-36801 (DHCP Server Service Information Disclosure Vulnerability)
+	TODO: check
+CVE-2023-36800 (Dynamics Finance and Operations Cross-site Scripting Vulnerability)
+	TODO: check
+CVE-2023-36799 (.NET Core and Visual Studio Denial of Service Vulnerability)
+	TODO: check
+CVE-2023-36796 (Visual Studio Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-36794 (Visual Studio Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-36793 (Visual Studio Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-36792 (Visual Studio Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-36788 (.NET Framework Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-36777 (Microsoft Exchange Server Information Disclosure Vulnerability)
+	TODO: check
+CVE-2023-36773 (3D Builder Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-36772 (3D Builder Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-36771 (3D Builder Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-36770 (3D Builder Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-36767 (Microsoft Office Security Feature Bypass Vulnerability)
+	TODO: check
+CVE-2023-36766 (Microsoft Excel Information Disclosure Vulnerability)
+	TODO: check
+CVE-2023-36765 (Microsoft Office Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2023-36764 (Microsoft SharePoint Server Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2023-36763 (Microsoft Outlook Information Disclosure Vulnerability)
+	TODO: check
+CVE-2023-36762 (Microsoft Word Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-36761 (Microsoft Word Information Disclosure Vulnerability)
+	TODO: check
+CVE-2023-36760 (3D Viewer Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-36759 (Visual Studio Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2023-36758 (Visual Studio Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2023-36757 (Microsoft Exchange Server Spoofing Vulnerability)
+	TODO: check
+CVE-2023-36756 (Microsoft Exchange Server Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-36745 (Microsoft Exchange Server Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-36744 (Microsoft Exchange Server Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-36742 (Visual Studio Code Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-36740 (3D Viewer Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-36739 (3D Viewer Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-36736 (Microsoft Identity Linux Broker Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-35355 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...)
+	TODO: check
+CVE-2023-34470 (AMI AptioV contains a vulnerability in BIOS where an Attacker may use  ...)
+	TODO: check
+CVE-2023-34469 (AMI AptioV contains a vulnerability in BIOS where an Attacker may use  ...)
+	TODO: check
+CVE-2023-33136 (Azure DevOps Server Remote Code Execution Vulnerability)
+	TODO: check
 CVE-2023-XXXX [receiving with Lightning: partial MPP might be accepted]
 	- electrum 4.4.6+dfsg-1
 	NOTE: https://github.com/spesmilo/electrum/security/advisories/GHSA-8r85-vp7r-hjxf
@@ -32,7 +244,7 @@ CVE-2023-4890 (The JQuery Accordion Menu Widget for WordPress plugin for WordPre
 	NOT-FOR-US: JQuery Accordion Menu Widget for WordPress plugin for WordPress
 CVE-2023-4887 (The Google Maps Plugin by Intergeo for WordPress plugin for WordPress  ...)
 	NOT-FOR-US: Google Maps Plugin by Intergeo for WordPress plugin for WordPress
-CVE-2023-4863
+CVE-2023-4863 (Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187  ...)
 	- chromium <unfixed> (unimportant)
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	- libwebp <unfixed> (bug #1051787)
@@ -10731,7 +10943,8 @@ CVE-2023-36192 (Sngrep v1.6.0 was discovered to contain a heap buffer overflow v
 	NOTE: Crash in CLI tool, no security impact
 	NOTE: https://github.com/irontec/sngrep/issues/438
 	NOTE: https://github.com/irontec/sngrep/commit/ad1daf15c8387bfbb48097c25197bf330d2d98fc
-CVE-2023-36191 (sqlite3 v3.40.1 was discovered to contain a segmentation violation at  ...)
+CVE-2023-36191
+	REJECTED
 	- sqlite3 <unfixed> (unimportant)
 	- sqlite <removed> (unimportant)
 	NOTE: https://www.sqlite.org/forum/forumpost/19f55ef73b
@@ -16653,8 +16866,8 @@ CVE-2023-30964
 	RESERVED
 CVE-2023-30963 (A security defect was discovered in Foundry Frontend which enabled use ...)
 	NOT-FOR-US: Palantir
-CVE-2023-30962
-	RESERVED
+CVE-2023-30962 (The Gotham Cerberus service was found to have a stored cross-site scri ...)
+	TODO: check
 CVE-2023-30961
 	RESERVED
 CVE-2023-30960 (A security defect was discovered in Foundry job-tracker that enabled u ...)
@@ -17970,8 +18183,8 @@ CVE-2023-2073 (A vulnerability was found in Campcodes Online Traffic Offense Man
 	NOT-FOR-US: Campcodes Online Traffic Offense Management System
 CVE-2023-2072 (The Rockwell Automation PowerMonitor 1000 contains stored cross-site s ...)
 	NOT-FOR-US: Rockwell
-CVE-2023-2071
-	RESERVED
+CVE-2023-2071 (Rockwell Automation FactoryTalk View Machine Edition on the PanelView  ...)
+	TODO: check
 CVE-2023-2070
 	RESERVED
 CVE-2023-2069 (An issue has been discovered in GitLab affecting all versions starting ...)
@@ -20932,8 +21145,8 @@ CVE-2022-48436
 	RESERVED
 CVE-2023-29464
 	RESERVED
-CVE-2023-29463
-	RESERVED
+CVE-2023-29463 (The JMX Console within the Rockwell Automation Pavilion8 is exposed to ...)
+	TODO: check
 CVE-2023-29462 (An arbitrary code execution vulnerability contained in Rockwell Automa ...)
 	NOT-FOR-US: Rockwell Automation
 CVE-2023-29461 (An arbitrary code execution vulnerability contained in Rockwell Automa ...)
@@ -21554,8 +21767,8 @@ CVE-2023-29334 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2023-29333 (Microsoft Access Denial of Service Vulnerability)
 	NOT-FOR-US: Microsoft
-CVE-2023-29332
-	RESERVED
+CVE-2023-29332 (Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerabilit ...)
+	TODO: check
 CVE-2023-29331 (.NET, .NET Framework, and Visual Studio Denial of Service Vulnerabilit ...)
 	NOT-FOR-US: Microsoft
 CVE-2023-29330 (Microsoft Teams Remote Code Execution Vulnerability)
@@ -23277,8 +23490,8 @@ CVE-2023-28833 (Nextcloud server is an open source home cloud implementation. In
 	- nextcloud-server <itp> (bug #941708)
 CVE-2023-28832 (A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 ( ...)
 	NOT-FOR-US: Siemens
-CVE-2023-28831
-	RESERVED
+CVE-2023-28831 (The ANSI C OPC UA SDK contains an integer overflow vulnerability that  ...)
+	TODO: check
 CVE-2023-28830 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.5 ...)
 	NOT-FOR-US: Siemens
 CVE-2023-28829 (A vulnerability has been identified in SIMATIC NET PC Software V14 (Al ...)
@@ -28827,8 +29040,8 @@ CVE-2023-27171
 	RESERVED
 CVE-2023-27170
 	RESERVED
-CVE-2023-27169
-	RESERVED
+CVE-2023-27169 (Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license cl ...)
+	TODO: check
 CVE-2023-27168
 	RESERVED
 CVE-2023-27167 (Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vu ...)
@@ -41761,8 +41974,7 @@ CVE-2023-0121 (A denial of service issue was discovered in GitLab CE/EE affectin
 	- gitlab 15.10.8+ds1-2
 CVE-2023-0120 (An issue has been discovered in GitLab affecting all versions starting ...)
 	- gitlab <unfixed>
-CVE-2023-0119
-	RESERVED
+CVE-2023-0119 (A stored Cross-site scripting vulnerability was found in foreman. The  ...)
 	- foreman <itp> (bug #663101)
 CVE-2023-0118
 	RESERVED
@@ -53351,14 +53563,14 @@ CVE-2022-4058 (The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4057 (The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-21523
-	RESERVED
-CVE-2023-21522
-	RESERVED
-CVE-2023-21521
-	RESERVED
-CVE-2023-21520
-	RESERVED
+CVE-2023-21523 (A Stored Cross-site Scripting (XSS) vulnerability in the Management Co ...)
+	TODO: check
+CVE-2023-21522 (A Reflected Cross-site Scripting (XSS) vulnerability in the Management ...)
+	TODO: check
+CVE-2023-21521 (An SQL Injection vulnerability in the Management Console(Operator Audi ...)
+	TODO: check
+CVE-2023-21520 (A PII Enumeration via Credential Recovery in the Self Service(Credenti ...)
+	TODO: check
 CVE-2023-21519
 	RESERVED
 CVE-2022-45467
@@ -60566,7 +60778,7 @@ CVE-2023-0002 (A problem with a protection mechanism in the Palo Alto Networks C
 	NOT-FOR-US: Palo Alto Networks
 CVE-2023-0001 (An information exposure vulnerability in the Palo Alto Networks Cortex ...)
 	NOT-FOR-US: Palo Alto Networks
-CVE-2022-43958 (A vulnerability has been identified in QMS Automotive (All versions).  ...)
+CVE-2022-43958 (A vulnerability has been identified in QMS Automotive (All versions <  ...)
 	NOT-FOR-US: QMS Automotive
 CVE-2022-43957
 	RESERVED
@@ -129428,11 +129640,11 @@ CVE-2021-44697 (Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlie
 	NOT-FOR-US: Adobe
 CVE-2021-44696 (Adobe Prelude version 22.1.1 (and earlier) is affected by an out-of-bo ...)
 	NOT-FOR-US: Adobe
-CVE-2021-44695 (A vulnerability has been identified in SIMATIC Drive Controller CPU 15 ...)
+CVE-2021-44695 (Affected devices don't process correctly certain special crafted packe ...)
 	NOT-FOR-US: Siemens
-CVE-2021-44694 (A vulnerability has been identified in SIMATIC Drive Controller CPU 15 ...)
+CVE-2021-44694 (Affected devices don't process correctly certain special crafted packe ...)
 	NOT-FOR-US: Siemens
-CVE-2021-44693 (A vulnerability has been identified in SIMATIC Drive Controller CPU 15 ...)
+CVE-2021-44693 (Affected devices don't process correctly certain special crafted packe ...)
 	NOT-FOR-US: Siemens
 CVE-2021-4079 (Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 a ...)
 	{DSA-5046-1}
@@ -130723,6 +130935,7 @@ CVE-2021-44275
 CVE-2021-44274
 	RESERVED
 CVE-2021-44273 (e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate va ...)
+	{DLA-3564-1}
 	- e2guardian 5.3.5-3 (bug #1003125)
 	[bullseye] - e2guardian 5.3.4-1+deb11u1
 	[stretch] - e2guardian <ignored> (SSL MITM engine not enabled in stretch)
@@ -144889,7 +145102,7 @@ CVE-2021-40367
 	RESERVED
 CVE-2021-40366 (A vulnerability has been identified in Climatix POL909 (AWB module) (A ...)
 	NOT-FOR-US: Siemens
-CVE-2021-40365 (A vulnerability has been identified in SIMATIC Drive Controller CPU 15 ...)
+CVE-2021-40365 (Affected devices don't process correctly certain special crafted packe ...)
 	NOT-FOR-US: Siemens
 CVE-2021-40364 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All version ...)
 	NOT-FOR-US: Siemens
@@ -276134,6 +276347,7 @@ CVE-2019-19346 (An insecure modification vulnerability in the /etc/passwd file w
 CVE-2019-19345 (A vulnerability was found in all openshift/mediawiki-apb 4.x.x version ...)
 	NOT-FOR-US: openshift
 CVE-2019-19344 (There is a use-after-free issue in all samba 4.9.x versions before 4.9 ...)
+	{DLA-3563-1}
 	- samba 2:4.11.5+dfsg-1 (bug #950499)
 	[stretch] - samba <not-affected> (Only affects Samba 4.9 onwards)
 	[jessie] - samba <not-affected> (Only affects Samba 4.9 onwards)
@@ -292184,7 +292398,7 @@ CVE-2019-14909 (A vulnerability was found in Keycloak 7.x where the user federat
 CVE-2019-14908
 	REJECTED
 CVE-2019-14907 (All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11 ...)
-	{DLA-2668-1}
+	{DLA-3563-1 DLA-2668-1}
 	- samba 2:4.11.5+dfsg-1
 	[jessie] - samba <no-dsa> (Minor issue)
 	NOTE: https://www.samba.org/samba/security/CVE-2019-14907.html
@@ -292208,7 +292422,7 @@ CVE-2019-14904 (A flaw was found in the solaris_zone module from the Ansible Com
 CVE-2019-14903
 	REJECTED
 CVE-2019-14902 (There is an issue in all samba 4.11.x versions before 4.11.5, all samb ...)
-	{DLA-2668-1}
+	{DLA-3563-1 DLA-2668-1}
 	- samba 2:4.11.5+dfsg-1
 	[jessie] - samba <ignored> (difficult and risky backport to 4.2 in jessie)
 	NOTE: https://www.samba.org/samba/security/CVE-2019-14902.html
@@ -292522,7 +292736,7 @@ CVE-2019-14849 (A vulnerability was found in 3scale before version 2.6, did not
 CVE-2019-14848
 	REJECTED
 CVE-2019-14847 (A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x b ...)
-	{DLA-2668-1}
+	{DLA-3563-1 DLA-2668-1}
 	- samba 2:4.11.0+dfsg-6
 	[jessie] - samba <no-dsa> (Minor issue)
 	NOTE: https://www.samba.org/samba/security/CVE-2019-14847.html
@@ -292566,7 +292780,7 @@ CVE-2019-14834 (A vulnerability was found in dnsmasq before version 2.81, where
 	NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=69bc94779c2f035a9fffdb5327a54c3aeca73ed5
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1764425
 CVE-2019-14833 (A flaw was found in Samba, all versions starting samba 4.5.0 before sa ...)
-	{DLA-2668-1}
+	{DLA-3563-1 DLA-2668-1}
 	- samba 2:4.11.1+dfsg-2
 	[jessie] - samba <no-dsa> (Minor issue)
 	NOTE: https://www.samba.org/samba/security/CVE-2019-14833.html
@@ -307033,7 +307247,7 @@ CVE-2019-10219 (A vulnerability was found in Hibernate-Validator. The SafeHtml v
 	NOTE: https://hibernate.atlassian.net/browse/HV-1739
 	NOTE: Fixed by https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56ceee
 CVE-2019-10218 (A flaw was found in the samba client, all samba versions before samba  ...)
-	{DLA-2668-1}
+	{DLA-3563-1 DLA-2668-1}
 	- samba 2:4.11.1+dfsg-2
 	[jessie] - samba <no-dsa> (Minor issue)
 	NOTE: https://www.samba.org/samba/security/CVE-2019-10218.html
@@ -465853,7 +466067,7 @@ CVE-2016-2125 (It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 alwa
 	NOTE: https://www.samba.org/samba/security/CVE-2016-2125.html
 	NOTE: Patch (with some more) here: https://download.samba.org/pub/samba/patches/security/samba-4.3.12-security-20016-12-19.patch
 CVE-2016-2124 (A flaw was found in the way samba implemented SMB1 authentication. An  ...)
-	{DSA-5003-1}
+	{DSA-5003-1 DLA-3563-1}
 	- samba 2:4.13.14+dfsg-1
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=12444
 	NOTE: https://www.samba.org/samba/security/CVE-2016-2124.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/346dc4c8ae18712771fd3997691db4375208abe8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/346dc4c8ae18712771fd3997691db4375208abe8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230912/7d5fd596/attachment.htm>


More information about the debian-security-tracker-commits mailing list