Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4d474e72 by security tracker role at 2023-05-24T20:12:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,112 @@
-CVE-2023-33246
+CVE-2023-33983 (The Introduction Client in Briar through 1.5.3 does not
implement out- ...)
+ TODO: check
+CVE-2023-33982 (Bramble Handshake Protocol (BHP) in Briar before 1.5.3 is not
forward ...)
+ TODO: check
+CVE-2023-33981 (Briar before 1.4.22 allows attackers to spoof other users'
messages in ...)
+ TODO: check
+CVE-2023-33980 (Bramble Synchronisation Protocol (BSP) in Briar before 1.4.22
allows a ...)
+ TODO: check
+CVE-2023-33950 (Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76,
and Lif ...)
+ TODO: check
+CVE-2023-33949 (In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and
earlier t ...)
+ TODO: check
+CVE-2023-33948 (The Dynamic Data Mapping module in Liferay Portal 7.4.3.67,
and Lifera ...)
+ TODO: check
+CVE-2023-33947 (The Object module in Liferay Portal 7.4.3.4 through 7.4.3.60,
and Life ...)
+ TODO: check
+CVE-2023-33946 (The Object module in Liferay Portal 7.4.3.4 through 7.4.3.48,
and Life ...)
+ TODO: check
+CVE-2023-33945 (SQL injection vulnerability in the upgrade process for SQL
Server in L ...)
+ TODO: check
+CVE-2023-33944 (Cross-site scripting (XSS) vulnerability in Layout module in
Liferay P ...)
+ TODO: check
+CVE-2023-33943 (Cross-site scripting (XSS) vulnerability in the Account module
in Life ...)
+ TODO: check
+CVE-2023-33942 (Cross-site scripting (XSS) vulnerability in the Web Content
Display wi ...)
+ TODO: check
+CVE-2023-33941 (Multiple cross-site scripting (XSS) vulnerabilities in the
Plugin for ...)
+ TODO: check
+CVE-2023-33940 (Cross-site scripting (XSS) vulnerability in IFrame type Remote
Apps in ...)
+ TODO: check
+CVE-2023-33939 (Cross-site scripting (XSS) vulnerability in the Modified Facet
widget ...)
+ TODO: check
+CVE-2023-33938 (Cross-site scripting (XSS) vulnerability in the App Builder
module's c ...)
+ TODO: check
+CVE-2023-33937 (Stored cross-site scripting (XSS) vulnerability in Form widget
configu ...)
+ TODO: check
+CVE-2023-33829 (A stored cross-site scripting (XSS) vulnerability in Cloudogu
GmbH SCM ...)
+ TODO: check
+CVE-2023-33800 (A stored cross-site scripting (XSS) vulnerability in the
Create Region ...)
+ TODO: check
+CVE-2023-33799 (A stored cross-site scripting (XSS) vulnerability in the
Create Contac ...)
+ TODO: check
+CVE-2023-33798 (A stored cross-site scripting (XSS) vulnerability in the
Create Rack ( ...)
+ TODO: check
+CVE-2023-33797 (A stored cross-site scripting (XSS) vulnerability in the
Create Sites ...)
+ TODO: check
+CVE-2023-33796 (A vulnerability in Netbox v3.5.1 allows unauthenticated
attackers to e ...)
+ TODO: check
+CVE-2023-33795 (A stored cross-site scripting (XSS) vulnerability in the
Create Contac ...)
+ TODO: check
+CVE-2023-33794 (A stored cross-site scripting (XSS) vulnerability in the
Create Tenant ...)
+ TODO: check
+CVE-2023-33793 (A stored cross-site scripting (XSS) vulnerability in the
Create Power ...)
+ TODO: check
+CVE-2023-33792 (A stored cross-site scripting (XSS) vulnerability in the
Create Site G ...)
+ TODO: check
+CVE-2023-33791 (A stored cross-site scripting (XSS) vulnerability in the
Create Provid ...)
+ TODO: check
+CVE-2023-33790 (A stored cross-site scripting (XSS) vulnerability in the
Create Locati ...)
+ TODO: check
+CVE-2023-33789 (A stored cross-site scripting (XSS) vulnerability in the
Create Contac ...)
+ TODO: check
+CVE-2023-33788 (A stored cross-site scripting (XSS) vulnerability in the
Create Provid ...)
+ TODO: check
+CVE-2023-33787 (A stored cross-site scripting (XSS) vulnerability in the
Create Tenant ...)
+ TODO: check
+CVE-2023-33786 (A stored cross-site scripting (XSS) vulnerability in the
Create Circui ...)
+ TODO: check
+CVE-2023-33785 (A stored cross-site scripting (XSS) vulnerability in the
Create Rack R ...)
+ TODO: check
+CVE-2023-33010 (A buffer overflow vulnerability in the ID processing function
in Zyxel ...)
+ TODO: check
+CVE-2023-33009 (A buffer overflow vulnerability in the notification function
in Zyxel ...)
+ TODO: check
+CVE-2023-31748 (Insecure permissions in MobileTrans v4.0.11 allows attackers
to escala ...)
+ TODO: check
+CVE-2023-31595 (IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect
Access Contro ...)
+ TODO: check
+CVE-2023-31460 (A vulnerability in the Connect Mobility Router component of
MiVoice Co ...)
+ TODO: check
+CVE-2023-31459 (A vulnerability in the Connect Mobility Router component of
Mitel MiVo ...)
+ TODO: check
+CVE-2023-31457 (A vulnerability in the Headquarters server component of Mitel
MiVoice ...)
+ TODO: check
+CVE-2023-2875 (A vulnerability, which was classified as problematic, was found
in eSc ...)
+ TODO: check
+CVE-2023-2874 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2023-2873 (A vulnerability classified as critical was found in Twister
Antivirus ...)
+ TODO: check
+CVE-2023-2872 (A vulnerability classified as problematic has been found in
FlexiHub 5 ...)
+ TODO: check
+CVE-2023-2871 (A vulnerability was found in FabulaTech USB for Remote Desktop
6.1.0.0 ...)
+ TODO: check
+CVE-2023-2870 (A vulnerability was found in EnTech Monitor Asset Manager 2.9.
It has ...)
+ TODO: check
+CVE-2023-2868 (A remote command injection vulnerability exists in the
Barracuda Email ...)
+ TODO: check
+CVE-2023-2865 (A vulnerability was found in SourceCodester Theme Park
Ticketing Syste ...)
+ TODO: check
+CVE-2023-2864 (A vulnerability was found in SourceCodester Online Jewelry
Store 1.0 a ...)
+ TODO: check
+CVE-2023-2863 (A vulnerability has been found in Simple Design Daily Journal
1.012.GP ...)
+ TODO: check
+CVE-2023-2862 (A vulnerability, which was classified as problematic, was found
in Sit ...)
+ TODO: check
+CVE-2023-2750 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-33246 (For RocketMQ versions 5.1.0 and below, under certain
conditions, there ...)
NOT-FOR-US: Apache RocketMQ
CVE-2023-32697 (SQLite JDBC is a library for accessing and creating SQLite
database fi ...)
- xerial-sqlite-jdbc <unfixed> (bug #1036706)
@@ -3829,10 +3937,10 @@ CVE-2023-2067
RESERVED
CVE-2023-2066
RESERVED
-CVE-2023-2065
- RESERVED
-CVE-2023-2064
- RESERVED
+CVE-2023-2065 (Authorization Bypass Through User-Controlled Key vulnerability
in Armo ...)
+ TODO: check
+CVE-2023-2064 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2023-2063
RESERVED
CVE-2023-2062
@@ -3869,8 +3977,8 @@ CVE-2023-2047 (A vulnerability was found in Campcodes
Advanced Online Voting Sys
NOT-FOR-US: Campcodes Advanced Online Voting System
CVE-2023-2046
RESERVED
-CVE-2023-2045
- RESERVED
+CVE-2023-2045 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2023-2044 (A vulnerability has been found in Control iD iDSecure 4.7.29.1
and cla ...)
NOT-FOR-US: Control iD iDSecure
CVE-2023-2043 (A vulnerability, which was classified as problematic, was found
in Con ...)
@@ -6503,8 +6611,7 @@ CVE-2023-1945
- thunderbird 1:102.10.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-1945
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-1945
-CVE-2023-1944
- RESERVED
+CVE-2023-1944 (This vulnerability enables ssh access to minikube container
using a de ...)
NOT-FOR-US: minikube
CVE-2023-1943
RESERVED
@@ -13143,8 +13250,7 @@ CVE-2023-24596
RESERVED
CVE-2023-22437
RESERVED
-CVE-2023-1174
- RESERVED
+CVE-2023-1174 (This vulnerability exposes a network port in minikube running
on macOS ...)
NOT-FOR-US: minikube
CVE-2023-1173
REJECTED
@@ -18803,8 +18909,8 @@ CVE-2023-25600
RESERVED
CVE-2023-25599
RESERVED
-CVE-2023-25598
- RESERVED
+CVE-2023-25598 (A vulnerability in the conferencing component of Mitel MiVoice
Connect ...)
+ TODO: check
CVE-2023-25597 (A vulnerability in the web conferencing component of Mitel
MiCollab th ...)
NOT-FOR-US: Mitel
CVE-2023-25596 (A vulnerability exists in ClearPass Policy Manager that allows
for an ...)
@@ -20268,8 +20374,8 @@ CVE-2023-25030
RESERVED
CVE-2023-25029
RESERVED
-CVE-2023-25028
- RESERVED
+CVE-2023-25028 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in chuy ...)
+ TODO: check
CVE-2023-25027 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Kibo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25026
@@ -27521,7 +27627,7 @@ CVE-2023-22742 (libgit2 is a cross-platform, linkable
library implementation of
NOTE:
https://github.com/libgit2/libgit2/commit/42e5db98b963ae503229c63e44e06e439df50e56
(v1.5.1)
NOTE:
https://github.com/libgit2/libgit2/security/advisories/GHSA-8643-3wh5-rmjq
CVE-2023-22741 (Sofia-SIP is an open-source SIP User-Agent library, compliant
with the ...)
- {DLA-3292-1}
+ {DSA-5410-1 DLA-3292-1}
- sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-4 (bug #1029654)
NOTE:
https://github.com/freeswitch/sofia-sip/commit/9defd6f72dd416ee4fcc1a23cccbb159990da0f6
(v1.13.11)
NOTE:
https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54
@@ -32042,7 +32148,7 @@ CVE-2022-47517 (An issue was discovered in the
libsofia-sip fork in drachtio-ser
NOT-FOR-US: libsofia-sip fork in drachtio-server
NOTE: CVE corresponds partially to issues fixed for CVE-2022-31002 for
src:sofia-sip
CVE-2022-47516 (An issue was discovered in the libsofia-sip fork in
drachtio-server be ...)
- {DLA-3334-1}
+ {DSA-5410-1 DLA-3334-1}
- sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-5 (bug #1031792)
NOTE: Report in fork:
https://github.com/drachtio/drachtio-server/issues/244
NOTE:
https://github.com/freeswitch/sofia-sip/commit/cadf505d88e2971d24b6a4379ddbb1398d8ec443
(v1.13.14)
@@ -32539,12 +32645,12 @@ CVE-2021-4245 (A vulnerability classified as
problematic has been found in chbro
NOT-FOR-US: rfc6902
CVE-2022-47449 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
RexTheme ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47448
- RESERVED
-CVE-2022-47447
- RESERVED
-CVE-2022-47446
- RESERVED
+CVE-2022-47448 (Cross-Site Request Forgery (CSRF) vulnerability in
dev.Xiligroup.Com - ...)
+ TODO: check
+CVE-2022-47447 (Cross-Site Request Forgery (CSRF) vulnerability in Mathieu
Chartier Wo ...)
+ TODO: check
+CVE-2022-47446 (Cross-Site Request Forgery (CSRF) vulnerability in Viadat
Creations St ...)
+ TODO: check
CVE-2022-47445
RESERVED
CVE-2022-47444 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
ProfileP ...)
@@ -33457,8 +33563,8 @@ CVE-2022-47182
RESERVED
CVE-2022-47181
RESERVED
-CVE-2022-47180
- RESERVED
+CVE-2022-47180 (Cross-Site Request Forgery (CSRF) vulnerability in Kopa Theme
Kopa Fra ...)
+ TODO: check
CVE-2022-47179 (Cross-Site Request Forgery (CSRF) vulnerability in Uwe Jacobs
OWM Weat ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47178
@@ -33513,8 +33619,8 @@ CVE-2022-47154 (Cross-Site Request Forgery (CSRF)
vulnerability in Pi Websolutio
NOT-FOR-US: WordPress plugin
CVE-2022-47153
RESERVED
-CVE-2022-47152
- RESERVED
+CVE-2022-47152 (Cross-Site Request Forgery (CSRF) vulnerability in Etison, LLC
ClickFu ...)
+ TODO: check
CVE-2022-47151
RESERVED
CVE-2022-47150
@@ -34471,8 +34577,8 @@ CVE-2022-46818
RESERVED
CVE-2022-46817 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Flyz ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-46816
- RESERVED
+CVE-2022-46816 (Cross-Site Request Forgery (CSRF) vulnerability in Booking
Ultra Pro A ...)
+ TODO: check
CVE-2022-46815 (Cross-Site Request Forgery (CSRF) vulnerability inLauri
Karisola / WP ...)
NOT-FOR-US: Lauri Karisola / WP Trio Conditional Shipping for
WooCommerce plugin
CVE-2022-46814
@@ -34515,8 +34621,8 @@ CVE-2022-46796
RESERVED
CVE-2022-46795
RESERVED
-CVE-2022-46794
- RESERVED
+CVE-2022-46794 (Cross-Site Request Forgery (CSRF) vulnerability in
weightbasedshipping ...)
+ TODO: check
CVE-2022-46793 (Cross-Site Request Forgery (CSRF) vulnerability in AdTribes.Io
Product ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4366 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
@@ -39067,8 +39173,8 @@ CVE-2022-45366
RESERVED
CVE-2022-45365
RESERVED
-CVE-2022-45364
- RESERVED
+CVE-2022-45364 (Cross-Site Request Forgery (CSRF) vulnerability in Glen Don L.
Mongaya ...)
+ TODO: check
CVE-2022-45363 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) in
Muffingroup B ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45362
@@ -39918,6 +40024,7 @@ CVE-2022-45062 (In Xfce xfce4-settings before 4.16.4
and 4.17.x before 4.17.1, t
NOTE: https://gitlab.xfce.org/xfce/xfce4-settings/-/issues/403
NOTE: https://gitlab.xfce.org/xfce/xfce4-settings/-/merge_requests/85
CVE-2022-45061 (An issue was discovered in Python before 3.11.1. An
unnecessary quadra ...)
+ {DLA-3432-1}
- python3.11 3.11.1-1
- python3.10 3.10.9-1
- python3.9 <removed>
@@ -50666,8 +50773,8 @@ CVE-2022-42227 (jsonlint 1.0 is vulnerable to
heap-buffer-overflow via /home/hjs
NOT-FOR-US: p-ranav/jsonlint (different from src:jsonlint)
CVE-2022-42226
RESERVED
-CVE-2022-42225
- RESERVED
+CVE-2022-42225 (Jumpserver 2.10.0 <= version <= 2.26.0 contains multiple
stored XSS vu ...)
+ TODO: check
CVE-2022-42224
RESERVED
CVE-2022-42223
@@ -66164,7 +66271,7 @@ CVE-2022-36375 (Authenticated (high role user)
WordPress Options Change vulnerab
NOT-FOR-US: WordPress plugin
CVE-2022-36371
RESERVED
-CVE-2022-36357 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
ULTIMATE ...)
+CVE-2022-36357 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Webpsilo ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36346 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in
Max Foun ...)
NOT-FOR-US: WordPress plugin
@@ -81147,19 +81254,19 @@ CVE-2022-31005 (Vapor is an HTTP web framework for
Swift. Users of Vapor prior t
CVE-2022-31004 (CVEProject/cve-services is an open source project used to
operate the ...)
NOT-FOR-US: CVEProject/cve-services
CVE-2022-31003 (Sofia-SIP is an open-source Session Initiation Protocol (SIP)
User-Age ...)
- {DLA-3091-1}
+ {DSA-5410-1 DLA-3091-1}
- sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-3 (bug #1016974)
[stretch] - sofia-sip <postponed> (Minor issue)
NOTE:
https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8w5j-6g2j-pxcp
NOTE:
https://github.com/freeswitch/sofia-sip/commit/907f2ac0ee504c93ebfefd676b4632a3575908c9
(v1.13.8)
CVE-2022-31002 (Sofia-SIP is an open-source Session Initiation Protocol (SIP)
User-Age ...)
- {DLA-3091-1}
+ {DSA-5410-1 DLA-3091-1}
- sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-3 (bug #1016974)
[stretch] - sofia-sip <postponed> (Minor issue)
NOTE:
https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-g3x6-p824-x6hm
NOTE:
https://github.com/freeswitch/sofia-sip/commit/51841eb53679434a386fb2dcbca925dcc48d58ba
(v1.13.8)
CVE-2022-31001 (Sofia-SIP is an open-source Session Initiation Protocol (SIP)
User-Age ...)
- {DLA-3091-1}
+ {DSA-5410-1 DLA-3091-1}
- sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-3 (bug #1016974)
[stretch] - sofia-sip <postponed> (Minor issue)
NOTE:
https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-79jq-hh82-cv9g
@@ -86838,6 +86945,7 @@ CVE-2022-1334 (The WP YouTube Live WordPress plugin
before 1.8.3 does not valida
CVE-2022-1333 (Mattermost Playbooks plugin v1.24.0 and earlier fails to
properly chec ...)
NOT-FOR-US: Mattermost Playbooks plugin
CVE-2015-20107 (In Python (aka CPython) up to 3.10.8, the mailcap module does
not add ...)
+ {DLA-3432-1}
- python3.10 3.10.6-1
- python3.9 <removed>
[bullseye] - python3.9 <no-dsa> (Minor issue)
@@ -109472,7 +109580,7 @@ CVE-2021-4190 (Large loop in the Kafka dissector in
Wireshark 3.6.0 allows denia
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-22.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17811
CVE-2021-4189 (A flaw was found in Python, specifically in the FTP (File
Transfer Pro ...)
- {DLA-2919-1}
+ {DLA-3432-1 DLA-2919-1}
- python3.10 <not-affected> (Fixed before initial upload to Debian
unstable)
- python3.9 3.9.7-1
[bullseye] - python3.9 <no-dsa> (Minor issue)
@@ -130115,7 +130223,7 @@ CVE-2021-3738 (In DCE/RPC it is possible to share the
handles (cookies for resou
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14468
NOTE: https://www.samba.org/samba/security/CVE-2021-3738.html
CVE-2021-3737 (A flaw was found in python. An improperly handled HTTP response
in the ...)
- {DLA-2808-1}
+ {DLA-3432-1 DLA-2808-1}
[experimental] - python3.9 3.9.6-1
- python3.9 3.9.7-1
[bullseye] - python3.9 <no-dsa> (Minor issue)
@@ -131326,7 +131434,7 @@ CVE-2021-39617
CVE-2021-39616 (Summary:Product: AndroidVersions: Android SoCAndroid ID:
A-204686438)
NOT-FOR-US: Android
CVE-2021-3733 (There's a flaw in urllib's AbstractBasicAuthHandler class. An
attacker ...)
- {DLA-2808-1}
+ {DLA-3432-1 DLA-2808-1}
- python3.9 3.9.7-1
[bullseye] - python3.9 <no-dsa> (Minor issue)
- python3.7 <removed>
@@ -166968,11 +167076,9 @@ CVE-2021-25751
RESERVED
CVE-2021-25750
RESERVED
-CVE-2021-25749
- RESERVED
+CVE-2021-25749 (Windows workloads can run as ContainerAdministrator even when
those wo ...)
- kubernetes <not-affected> (Windows-specific)
-CVE-2021-25748
- RESERVED
+CVE-2021-25748 (A security issue was discovered in ingress-nginx where a user
that can ...)
NOT-FOR-US: Kubernetes ingress-nginx component
CVE-2021-25747
RESERVED
@@ -167993,7 +168099,7 @@ CVE-2021-3178 (fs/nfsd/nfs3xdr.c in the Linux kernel
through 5.10.8, when there
NOTE:
https://patchwork.kernel.org/project/linux-nfs/patch/[email protected]/
NOTE: Disputed/mild security relevance/impact
CVE-2021-3177 (Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr
in _ctyp ...)
- {DLA-2919-1 DLA-2619-1}
+ {DLA-3432-1 DLA-2919-1 DLA-2619-1}
- python3.9 3.9.1-3
- python3.8 <removed>
- python3.7 <removed>
@@ -197672,7 +197778,7 @@ CVE-2020-26117 (In rfb/CSecurityTLS.cxx and
rfb/CSecurityTLS.java in TigerVNC be
NOTE:
https://github.com/TigerVNC/tigervnc/commit/b30f10c681ec87720cff85d490f67098568a9cba
(master)
NOTE:
https://github.com/TigerVNC/tigervnc/commit/f029745f63ac7d22fb91639b2cb5b3ab56134d6e
(master)
CVE-2020-26116 (http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12,
3.7.x be ...)
- {DLA-2456-1}
+ {DLA-3432-1 DLA-2456-1}
- python3.9 3.9.0~b5-1
- python3.8 3.8.5-1
- python3.7 <removed>
@@ -220896,7 +221002,7 @@ CVE-2019-20908 (An issue was discovered in
drivers/firmware/efi/efi.c in the Lin
NOTE: https://www.openwall.com/lists/oss-security/2020/06/14/1
NOTE: Fixed by:
https://git.kernel.org/linus/1957a85b0032a81e6482ca4aab883643b8dae06e
CVE-2019-20907 (In Lib/tarfile.py in Python through 3.8.3, an attacker is able
to craf ...)
- {DLA-2456-1 DLA-2337-1}
+ {DLA-3432-1 DLA-2456-1 DLA-2337-1}
- python3.9 3.9.0~b5-1 (low)
- python3.8 3.8.5-1 (low)
- python3.7 <removed> (low)
@@ -241480,7 +241586,7 @@ CVE-2020-8494 (In Kronos Web Time and Attendance
(webTA) 3.8.x and later 3.x ver
CVE-2020-8493 (A stored XSS vulnerability in Kronos Web Time and Attendance
(webTA) a ...)
NOT-FOR-US: Kronos Web Time and Attendance (webTA)
CVE-2020-8492 (Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through
3.6.10, 3.7 ...)
- {DLA-2280-1}
+ {DLA-3432-1 DLA-2280-1}
- python3.8 3.8.3~rc1-1
- python3.7 <removed>
[buster] - python3.7 3.7.3-2+deb10u2
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d474e72af62517ea477440f92f28697f3579b2c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d474e72af62517ea477440f92f28697f3579b2c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
