Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d8595da1 by security tracker role at 2023-05-05T20:12:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,26 @@
-CVE-2023-32269 [netrom: Fix use-after-free caused by accept on already
connected socket]
+CVE-2023-2554 (External Control of File Name or Path in GitHub repository
unilogies/b ...)
+ TODO: check
+CVE-2023-2553 (Cross-site Scripting (XSS) - Stored in GitHub repository
unilogies/bum ...)
+ TODO: check
+CVE-2023-2552 (Cross-Site Request Forgery (CSRF) in GitHub repository
unilogies/bumsy ...)
+ TODO: check
+CVE-2023-2551 (PHP Remote File Inclusion in GitHub repository unilogies/bumsys
prior ...)
+ TODO: check
+CVE-2023-2550 (Cross-site Scripting (XSS) - Stored in GitHub repository
thorsten/phpm ...)
+ TODO: check
+CVE-2023-2540
+ REJECTED
+CVE-2023-2539
+ REJECTED
+CVE-2023-2537
+ REJECTED
+CVE-2023-2536
+ REJECTED
+CVE-2023-2516 (Cross-site Scripting (XSS) - Stored in GitHub repository
nilsteampassn ...)
+ TODO: check
+CVE-2023-2427 (Cross-site Scripting (XSS) - Reflected in GitHub repository
thorsten/p ...)
+ TODO: check
+CVE-2023-32269 (An issue was discovered in the Linux kernel before 6.1.11. In
net/netr ...)
- linux 6.1.11-1
[bullseye] - linux 5.10.178-1
[buster] - linux 4.19.282-1
@@ -11,7 +33,8 @@ CVE-2023-31414 (Kibana versions 8.0.0 through 8.7.0 contain
an arbitrary code ex
- kibana <itp> (bug #700337)
CVE-2023-31413 (Filebeat versions through 7.17.9 and 8.6.2 have a flaw in
httpjson inp ...)
TODO: check
-CVE-2023-2535 (Sensitive information exposure in the Web Frontend of KNIME
Business H ...)
+CVE-2023-2535
+ REJECTED
NOT-FOR-US: KNIME
CVE-2023-2531 (Improper Restriction of Excessive Authentication Attempts in
GitHub re ...)
NOT-FOR-US: azuracast
@@ -3040,8 +3063,8 @@ CVE-2023-30436
RESERVED
CVE-2023-30435
RESERVED
-CVE-2023-30434
- RESERVED
+CVE-2023-30434 (IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9,
5.1.3.0 ...)
+ TODO: check
CVE-2023-30433
RESERVED
CVE-2023-30432
@@ -3445,10 +3468,10 @@ CVE-2023-30245
RESERVED
CVE-2023-30244
RESERVED
-CVE-2023-30243
- RESERVED
-CVE-2023-30242
- RESERVED
+CVE-2023-30243 (Beijing Netcon NS-ASG Application Security Gateway v6.3 is
vulnerable ...)
+ TODO: check
+CVE-2023-30242 (NS-ASG v6.3 was discovered to contain a SQL injection
vulnerability vi ...)
+ TODO: check
CVE-2023-30241
RESERVED
CVE-2023-30240
@@ -3824,10 +3847,10 @@ CVE-2023-30056
RESERVED
CVE-2023-30055
RESERVED
-CVE-2023-30054
- RESERVED
-CVE-2023-30053
- RESERVED
+CVE-2023-30054 (TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection
vulnera ...)
+ TODO: check
+CVE-2023-30053 (TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to
Command Inject ...)
+ TODO: check
CVE-2023-30052
RESERVED
CVE-2023-30051
@@ -3906,8 +3929,8 @@ CVE-2023-30015
RESERVED
CVE-2023-30014
RESERVED
-CVE-2023-30013
- RESERVED
+CVE-2023-30013 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and
V9.1.0u.6369_B20230113 cont ...)
+ TODO: check
CVE-2023-30012
RESERVED
CVE-2023-30011
@@ -4049,28 +4072,28 @@ CVE-2023-29944
RESERVED
CVE-2023-29943
RESERVED
-CVE-2023-29942
- RESERVED
-CVE-2023-29941
- RESERVED
+CVE-2023-29942 (llvm-project commit a0138390 was discovered to contain a
segmentation ...)
+ TODO: check
+CVE-2023-29941 (llvm-project commit a0138390 was discovered to contain a
segmentation ...)
+ TODO: check
CVE-2023-29940
RESERVED
-CVE-2023-29939
- RESERVED
+CVE-2023-29939 (llvm-project commit a0138390 was discovered to contain a
segmentation ...)
+ TODO: check
CVE-2023-29938
RESERVED
CVE-2023-29937
RESERVED
CVE-2023-29936
RESERVED
-CVE-2023-29935
- RESERVED
-CVE-2023-29934
- RESERVED
-CVE-2023-29933
- RESERVED
-CVE-2023-29932
- RESERVED
+CVE-2023-29935 (llvm-project commit a0138390 was discovered to contain an
assertion fa ...)
+ TODO: check
+CVE-2023-29934 (llvm-project commit 6c01b5c was discovered to contain a
segmentation f ...)
+ TODO: check
+CVE-2023-29933 (llvm-project commit bd456297 was discovered to contain a
segmentation ...)
+ TODO: check
+CVE-2023-29932 (llvm-project commit fdbc55a5 was discovered to contain a
segmentation ...)
+ TODO: check
CVE-2023-29931
RESERVED
CVE-2023-29930
@@ -4619,8 +4642,8 @@ CVE-2023-29661
RESERVED
CVE-2023-29660
RESERVED
-CVE-2023-29659
- RESERVED
+CVE-2023-29659 (A Segmentation fault caused by a floating point exception
exists in li ...)
+ TODO: check
CVE-2023-29658
RESERVED
CVE-2023-29657
@@ -14959,8 +14982,8 @@ CVE-2023-26287
RESERVED
CVE-2023-26286 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a
non-privileged local ...)
NOT-FOR-US: IBM
-CVE-2023-26285
- RESERVED
+CVE-2023-26285 (IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a
remote attac ...)
+ TODO: check
CVE-2023-26284 (IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0
through ...)
NOT-FOR-US: IBM
CVE-2023-26283 (IBM WebSphere Application Server 9.0 is vulnerable to
cross-site scrip ...)
@@ -25341,8 +25364,8 @@ CVE-2023-22876 (IBM Sterling B2B Integrator Standard
Edition 6.0.0.0 through 6.0
NOT-FOR-US: IBM
CVE-2023-22875 (IBM QRadar SIEM 7.4 and 7.5copies certificate key files used
for SSL/T ...)
NOT-FOR-US: IBM
-CVE-2023-22874
- RESERVED
+CVE-2023-22874 (IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a
denial ...)
+ TODO: check
CVE-2023-22873
RESERVED
CVE-2023-22872
@@ -44054,8 +44077,8 @@ CVE-2022-43921
RESERVED
CVE-2022-43920 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through
6.1.2.1 c ...)
NOT-FOR-US: IBM
-CVE-2022-43919
- RESERVED
+CVE-2022-43919 (IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an
authenticat ...)
+ TODO: check
CVE-2022-43918
RESERVED
CVE-2022-43917 (IBM WebSphere Application Server 8.5 and 9.0 traditional
container use ...)
@@ -44160,8 +44183,8 @@ CVE-2022-43868
RESERVED
CVE-2022-43867 (IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local
attacke ...)
NOT-FOR-US: IBM
-CVE-2022-43866
- RESERVED
+CVE-2022-43866 (IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable
to cross ...)
+ TODO: check
CVE-2022-43865
RESERVED
CVE-2022-43864 (IBM Business Automation Workflow 22.0.2 could allow a remote
attacker ...)
@@ -58138,8 +58161,8 @@ CVE-2022-38709 (IBM Robotic Process Automation 21.0.1,
21.0.2, and 21.0.3 for Cl
NOT-FOR-US: IBM
CVE-2022-38708 (IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be
vulnerable to ...)
NOT-FOR-US: IBM
-CVE-2022-38707
- RESERVED
+CVE-2022-38707 (IBM Cognos Command Center 10.2.4.1 could allow a local
attacker to obt ...)
+ TODO: check
CVE-2022-38706
RESERVED
CVE-2022-38705 (IBM CICS TX 11.1 Standard and Advanced could allow a remote
attacker t ...)
@@ -107919,6 +107942,7 @@ CVE-2021-45913 (A hardcoded key in ControlUp
Real-Time Agent (cuAgent.exe) befor
CVE-2021-45912 (An unauthenticated Named Pipe channel in Controlup Real-Time
Agent (cu ...)
NOT-FOR-US: ControlUp Real-Time Agent
CVE-2021-44775 (Cross-site scripting (XSS) issue in Website app of Odoo
Community 15.0 ...)
+ {DSA-5399-1}
- odoo <unfixed>
NOTE: https://github.com/odoo/odoo/issues/107691
NOTE: 14.0 patch at
https://github.com/odoo/odoo/commit/74532a0839b57337cc26ffc66b2884039e68f23b
@@ -108505,10 +108529,12 @@ CVE-2021-45681 (An issue was discovered in the
derive-com-impl crate before 0.1.
CVE-2021-45680 (An issue was discovered in the vec-const crate before 2.0.0
for Rust. ...)
NOT-FOR-US: Rust crate vec-const
CVE-2021-45111 (Improper access control in Odoo Community 15.0 and earlier and
Odoo En ...)
+ {DSA-5399-1}
- odoo <unfixed>
NOTE: https://github.com/odoo/odoo/issues/107683
NOTE: 14.0 patch at
https://github.com/odoo/odoo/commit/d326153e016f93c22f40ad8fb146bb4108bb94dc
CVE-2021-45071 (Cross-site scripting (XSS) issue Odoo Community 15.0 and
earlier and O ...)
+ {DSA-5399-1}
- odoo <unfixed>
NOTE: https://github.com/odoo/odoo/issues/107697
NOTE: 14.0 patch at
https://github.com/odoo/odoo/commit/609b6503af97af5cf00ff497760f71cd71860c48
@@ -108516,6 +108542,7 @@ CVE-2021-44547 (A sandboxing issue in Odoo Community
15.0 and Odoo Enterprise 15
- odoo <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/odoo/odoo/issues/107696
CVE-2021-44476 (A sandboxing issue in Odoo Community 15.0 and earlier and Odoo
Enterpr ...)
+ {DSA-5399-1}
- odoo <unfixed>
NOTE: https://github.com/odoo/odoo/issues/107684
NOTE: 14.0 patch at
https://github.com/odoo/odoo/commit/be2c857a2e19b0a752555ab377ce5e1cb081a186
@@ -108537,22 +108564,27 @@ CVE-2021-4176 (livehelperchat is vulnerable to
Improper Neutralization of Input
CVE-2021-4175 (livehelperchat is vulnerable to Improper Neutralization of
Input Durin ...)
NOT-FOR-US: livehelperchat
CVE-2021-26947 (Cross-site scripting (XSS) issue Odoo Community 15.0 and
earlier and O ...)
+ {DSA-5399-1}
- odoo <unfixed>
NOTE: https://github.com/odoo/odoo/issues/107694
NOTE: 14.0 patch at
https://github.com/odoo/odoo/commit/e451c4fbffa9472cd3686492e8ba41430ab3b235
CVE-2021-23186 (A sandboxing issue in Odoo Community 15.0 and earlier and Odoo
Enterpr ...)
+ {DSA-5399-1}
- odoo <unfixed>
NOTE: https://github.com/odoo/odoo/issues/107688
NOTE:
https://github.com/odoo/odoo/commit/c1d6d4a1d9148275213c7f3c286658366df03bd7
CVE-2021-23178 (Improper access control in Odoo Community 15.0 and earlier and
Odoo En ...)
+ {DSA-5399-1}
- odoo <unfixed>
NOTE: https://github.com/odoo/odoo/issues/107690
NOTE: 14.0 patch at
https://github.com/odoo/odoo/commit/5ac55247b576312ea4f1f274c94d955dd23335d1
CVE-2021-23176 (Improper access control in reporting engine of l10n_fr_fec
module in O ...)
+ {DSA-5399-1}
- odoo <unfixed>
NOTE: https://github.com/odoo/odoo/issues/107682
NOTE: 14.0 patch at
https://github.com/odoo/odoo/commit/f166400c7ddd1bc571fcad52d18d2371f2c3fd87
CVE-2021-23166 (A sandboxing issue in Odoo Community 15.0 and earlier and Odoo
Enterpr ...)
+ {DSA-5399-1}
- odoo <unfixed>
NOTE: https://github.com/odoo/odoo/issues/107687
NOTE: 14.0 patch at
https://github.com/odoo/odoo/commit/1f1e03ff29f711dd26cfbcadc60b7d03fdb59ed7
@@ -136363,10 +136395,12 @@ CVE-2021-3654 (A vulnerability was found in
openstack-nova's console proxy, noVN
NOTE: https://bugs.launchpad.net/nova/+bug/1927677
NOTE: Errata: https://www.openwall.com/lists/oss-security/2021/09/27/1
CVE-2021-26263 (Cross-site scripting (XSS) issue in Discuss app of Odoo
Community 14.0 ...)
+ {DSA-5399-1}
- odoo <unfixed>
NOTE: https://github.com/odoo/odoo/issues/107693
NOTE: 14.0 patch at
https://github.com/odoo/odoo/commit/ff1db4a6aea522cf3dfc80ca88e64ffecfb5e07c
CVE-2021-23203 (Improper access control in reporting engine of Odoo Community
14.0 thr ...)
+ {DSA-5399-1}
- odoo <unfixed>
NOTE: https://github.com/odoo/odoo/issues/107695
NOTE: 14.0 patch at
https://github.com/odoo/odoo/commit/f2c1ee5a622db33a4411e7f9285f09387d1d7480
@@ -249216,8 +249250,8 @@ CVE-2020-4916 (IBM Cloud Pak System 2.3 is vulnerable
to cross-site scripting. T
NOT-FOR-US: IBM
CVE-2020-4915
RESERVED
-CVE-2020-4914
- RESERVED
+CVE-2020-4914 (IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not
invalidate ...)
+ TODO: check
CVE-2020-4913 (IBM Cloud Pak System 2.3 could reveal credential information in
the HT ...)
NOT-FOR-US: IBM
CVE-2020-4912 (IBM Cloud Pak System 2.3 Self Service Console could allow a
privilege ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8595da15bb72de63a21f8fa744cbae435317532
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8595da15bb72de63a21f8fa744cbae435317532
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
