Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5f8ff200 by Salvatore Bonaccorso at 2023-07-29T22:41:34+02:00
Mark nomad as removed now from unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -875,12 +875,12 @@ CVE-2023-3782 (DoS of the OkHttp client when using a
BrotliInterceptor and surfi
CVE-2023-3779 (The Essential Addons For Elementor plugin for WordPress is
vulnerable ...)
NOT-FOR-US: WordPress plugin
CVE-2023-3300 (HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and
1.4.1 HTTP ...)
- - nomad <unfixed>
+ - nomad <removed>
NOTE:
https://discuss.hashicorp.com/t/hcsec-2023-22-nomad-search-api-leaks-information-about-csi-plugins/56272
CVE-2023-3299 (HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL
policies ...)
- nomad <not-affected> (Specific to Nomad Enterprise)
CVE-2023-3072 (HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and
1.4.10 ACL ...)
- - nomad <unfixed>
+ - nomad <removed>
NOTE:
https://discuss.hashicorp.com/t/hcsec-2023-20-nomad-acl-policies-without-label-are-applied-to-unexpected-resources/56270
CVE-2023-37362 (Weintek Weincloud v0.13.6 could allow an attacker to abuse
the reg ...)
NOT-FOR-US: Weincloud
@@ -26147,7 +26147,7 @@ CVE-2023-25758 (Onekey Touch devices through 4.0.0 and
Onekey Mini devices throu
CVE-2023-0822 (The affected product DIAEnergie (versions prior to v1.9.03.001)
contai ...)
NOT-FOR-US: DIAEnergie
CVE-2023-0821 (HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and
1.4.3 job ...)
- - nomad <unfixed> (bug #1034181)
+ - nomad <removed> (bug #1034181)
[bullseye] - nomad <no-dsa> (Minor issue)
NOTE:
https://discuss.hashicorp.com/t/hcsec-2023-05-nomad-client-vulnerable-to-decompression-bombs-in-artifact-block/50292
CVE-2023-0820 (The User Role by BestWebSoft WordPress plugin before 1.6.7 does
not pr ...)
@@ -60497,7 +60497,7 @@ CVE-2022-41609 (Auth. (subscriber+) Server-Side Request
Forgery (SSRF) vulnerabi
CVE-2022-41608 (Cross-Site Request Forgery (CSRF) vulnerability in Thomas
Belser Asgar ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41606 (HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and
1.3.5 job ...)
- - nomad <unfixed> (bug #1021670)
+ - nomad <removed> (bug #1021670)
[bullseye] - nomad <no-dsa> (Minor issue)
NOTE:
https://discuss.hashicorp.com/t/hcsec-2022-22-nomad-panics-on-job-submission-with-bad-artifact-stanza-source-url/45420
CVE-2022-41605
@@ -108503,22 +108503,22 @@ CVE-2022-24687 (HashiCorp Consul and Consul
Enterprise 1.9.0 through 1.9.14, 1.1
NOTE:
https://discuss.hashicorp.com/t/hcsec-2022-05-consul-ingress-gateway-panic-can-shutdown-servers/
NOTE:
https://github.com/hashicorp/consul/commit/d35c6a97cbdff252f5238d6b52f49786f896566a
(v1.9.15)
CVE-2022-24686 (HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17,
1.1.11, and ...)
- - nomad <unfixed> (bug #1021273)
+ - nomad <removed> (bug #1021273)
[bullseye] - nomad <no-dsa> (Minor issue)
NOTE:
https://discuss.hashicorp.com/t/hcsec-2022-01-nomad-artifact-download-race-condition/35559
CVE-2022-24685 (HashiCorp Nomad and Nomad Enterprise 1.0.17, 1.1.11, and 1.2.5
allow i ...)
- - nomad <unfixed> (bug #1021273)
+ - nomad <removed> (bug #1021273)
[bullseye] - nomad <no-dsa> (Minor issue)
NOTE:
https://discuss.hashicorp.com/t/hcsec-2022-03-nomad-malformed-job-parsing-results-in-excessive-cpu-usage/35561
NOTE: https://github.com/hashicorp/nomad/issues/12038
CVE-2022-24684 (HashiCorp Nomad and Nomad Enterprise 0.9.0 through 1.0.16,
1.1.11, and ...)
- - nomad <unfixed> (bug #1021273)
+ - nomad <removed> (bug #1021273)
[bullseye] - nomad <no-dsa> (Minor issue)
NOTE:
https://discuss.hashicorp.com/t/hcsec-2022-04-nomad-spread-job-stanza-may-trigger-panic-in-servers/35562
NOTE: https://github.com/hashicorp/nomad/issues/12039
NOTE:
https://github.com/hashicorp/nomad/commit/c49359ad58f0af18a5697a0b7b9b6cca9656d267
(v1.2.6)
CVE-2022-24683 (HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17,
1.1.11, and ...)
- - nomad <unfixed> (bug #1021273)
+ - nomad <removed> (bug #1021273)
[bullseye] - nomad <no-dsa> (Minor issue)
NOTE:
https://discuss.hashicorp.com/t/hcsec-2022-02-nomad-alloc-filesystem-and-container-escape/35560
CVE-2022-24682 (An issue was discovered in the Calendar feature in Zimbra
Collaboratio ...)
@@ -127730,7 +127730,7 @@ CVE-2021-43417
CVE-2021-43416
RESERVED
CVE-2021-43415 (HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and
1.2.0, w ...)
- - nomad <unfixed> (bug #1021273)
+ - nomad <removed> (bug #1021273)
[bullseye] - nomad <no-dsa> (Minor issue)
NOTE:
https://discuss.hashicorp.com/t/hcsec-2021-31-nomad-qemu-task-driver-allowed-paths-bypass-with-job-args/32288
NOTE: https://github.com/hashicorp/nomad/issues/11542
@@ -146037,7 +146037,7 @@ CVE-2021-37219 (HashiCorp Consul and Consul
Enterprise 1.10.1 Raft RPC layer all
NOTE:
https://discuss.hashicorp.com/t/hcsec-2021-22-consul-raft-rpc-privilege-escalation/29024
NOTE:
https://github.com/hashicorp/consul/commit/ccf8eb1947357434eb6e66303ddab79f4c9d4103
CVE-2021-37218 (HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows
non-server ...)
- - nomad <unfixed> (bug #1021273)
+ - nomad <removed> (bug #1021273)
[bullseye] - nomad <no-dsa> (Minor issue)
NOTE:
https://discuss.hashicorp.com/t/hcsec-2021-21-nomad-raft-rpc-privilege-escalation/29023
NOTE: https://github.com/hashicorp/nomad/pull/11089 (main)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f8ff200c24efdb22592dfad2f5820ed63331c8a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f8ff200c24efdb22592dfad2f5820ed63331c8a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
