Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dd4691ce by security tracker role at 2023-08-31T08:12:08+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2023-4655 (Cross-site Scripting (XSS) - Reflected in GitHub repository
instantsof ...)
+ TODO: check
+CVE-2023-4654 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in
GitHub ...)
+ TODO: check
+CVE-2023-4653 (Cross-site Scripting (XSS) - Stored in GitHub repository
instantsoft/i ...)
+ TODO: check
+CVE-2023-4652 (Cross-site Scripting (XSS) - Stored in GitHub repository
instantsoft/i ...)
+ TODO: check
+CVE-2023-4651 (Server-Side Request Forgery (SSRF) in GitHub repository
instantsoft/ic ...)
+ TODO: check
+CVE-2023-4650 (Improper Access Control in GitHub repository instantsoft/icms2
prior t ...)
+ TODO: check
+CVE-2023-4649 (Session Fixation in GitHub repository instantsoft/icms2 prior
to 2.16. ...)
+ TODO: check
+CVE-2023-4500 (The Order Tracking Pro plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2023-4471 (The Order Tracking Pro plugin for WordPress is vulnerable to
Reflected ...)
+ TODO: check
+CVE-2023-4315 (The Woo Custom Emails for WordPress is vulnerable to Reflected
Cross-S ...)
+ TODO: check
+CVE-2023-4245 (The WooCommerce PDF Invoice Builder for WordPress is vulnerable
to una ...)
+ TODO: check
+CVE-2023-4163 (In Brocade Fabric OS before v9.2.0a, a local authenticated
privileged ...)
+ TODO: check
+CVE-2023-4162 (A segmentation fault can occur in Brocade Fabric OS after
Brocade Fab ...)
+ TODO: check
+CVE-2023-4161 (The WooCommerce PDF Invoice Builder for WordPress is vulnerable
to Cro ...)
+ TODO: check
+CVE-2023-4160 (The WooCommerce PDF Invoice Builder plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2023-4000 (The Waiting: One-click countdowns plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2023-41163 (A Reflected Cross-site scripting (XSS) vulnerability in the
file manag ...)
+ TODO: check
+CVE-2023-41041 (Graylog is a free and open log management platform. In a
multi-node Gr ...)
+ TODO: check
+CVE-2023-41040 (GitPython is a python library used to interact with Git
repositories. ...)
+ TODO: check
+CVE-2023-3999 (The Waiting: One-click countdowns plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2023-3764 (The WooCommerce PDF Invoice Builder plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2023-3677 (The WooCommerce PDF Invoice Builder plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2023-3636 (The WP Project Manager plugin for WordPress is vulnerable to
privilege ...)
+ TODO: check
+CVE-2023-3489 (The firmwaredownload command on Brocade Fabric OS v9.2.0 could
log th ...)
+ TODO: check
+CVE-2023-3404 (The ProfileGrid plugin for WordPress is vulnerable to
unauthorized dec ...)
+ TODO: check
+CVE-2023-3162 (The Stripe Payment Plugin for WooCommerce plugin for WordPress
is vuln ...)
+ TODO: check
+CVE-2023-39139 (An issue in Archive v3.3.7 allows attackers to execute a path
traversa ...)
+ TODO: check
+CVE-2023-39138 (An issue in ZIPFoundation v0.9.16 allows attackers to execute
a path t ...)
+ TODO: check
+CVE-2023-39137 (An issue in Archive v3.3.7 allows attackers to spoof zip
filenames whi ...)
+ TODO: check
+CVE-2023-39136 (An unhandled edge case in the component _sanitizedPath of
ZipArchive v ...)
+ TODO: check
+CVE-2023-39135 (An issue in Zip Swift v2.1.2 allows attackers to execute a
path traver ...)
+ TODO: check
+CVE-2023-38970 (Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru
v.2.9.7 allo ...)
+ TODO: check
+CVE-2023-31925 (Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3
Authentication ...)
+ TODO: check
+CVE-2023-31714 (Chitor-CMS before v1.1.2 was discovered to contain multiple
SQL inject ...)
+ TODO: check
+CVE-2023-31424 (Brocade SANnav Web interface before Brocade SANnav v2.3.0 and
v2.2.2a ...)
+ TODO: check
+CVE-2023-31423 (Possible information exposure through log file vulnerability
where se ...)
+ TODO: check
+CVE-2023-2354 (The CHP Ads Block Detector plugin for WordPress is vulnerable
to Store ...)
+ TODO: check
+CVE-2023-2353 (The CHP Ads Block Detector plugin for WordPress is vulnerable
to unaut ...)
+ TODO: check
+CVE-2023-2352 (The CHP Ads Block Detector plugin for WordPress is vulnerable
to Cross ...)
+ TODO: check
CVE-2023-4640 (The controller responsible for setting the logging level does
not incl ...)
TODO: check
CVE-2023-4624 (Server-Side Request Forgery (SSRF) in GitHub repository
bookstackapp/b ...)
@@ -4949,6 +5027,7 @@ CVE-2023-3321 (A vulnerability exists by allowing
low-privileged users to read a
CVE-2023-3248 (The All-in-one Floating Contact Form WordPress plugin before
2.1.2 doe ...)
NOT-FOR-US: WordPress plugin
CVE-2023-38060 (Improper Input Validation vulnerability in the ContentType
parameter f ...)
+ {DLA-3551-1}
- znuny 6.5.3-1
[bookworm] - znuny <no-dsa> (Minor issue)
- otrs2 <removed>
@@ -14273,8 +14352,8 @@ CVE-2023-2281 (When archiving a team, Mattermost fails
to sanitize the related W
- mattermost-server <itp> (bug #823556)
CVE-2023-2280 (The WP Directory Kit plugin for WordPress is vulnerable to
unauthorize ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-2279
- RESERVED
+CVE-2023-2279 (The WP Directory Kit plugin for WordPress is vulnerable to
Cross-Site ...)
+ TODO: check
CVE-2023-2278 (The WP Directory Kit plugin for WordPress is vulnerable to
Local File ...)
NOT-FOR-US: WP Directory Kit plugin for WordPress
CVE-2023-2277 (The WP Directory Kit plugin for WordPress is vulnerable to
Cross-Site ...)
@@ -15031,8 +15110,8 @@ CVE-2023-2231 (A vulnerability, which was classified as
critical, was found in M
NOT-FOR-US: MAXTECH
CVE-2023-2230
REJECTED
-CVE-2023-2229
- RESERVED
+CVE-2023-2229 (The Quick Post Duplicator for WordPress is vulnerable to SQL
Injection ...)
+ TODO: check
CVE-2023-2228 (Cross-Site Request Forgery (CSRF) in GitHub repository
modoboa/modoboa ...)
NOT-FOR-US: Modoboa
CVE-2023-2227 (Improper Authorization in GitHub repository modoboa/modoboa
prior to 2 ...)
@@ -15151,8 +15230,8 @@ CVE-2023-2190 (An issue has been discovered in GitLab
CE/EE affecting all versio
- gitlab 15.11.11+ds1-1
CVE-2023-2189 (The Elementor Addons, Widgets and Enhancements \u2013 Stax
plugin for ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-2188
- RESERVED
+CVE-2023-2188 (The Colibri Page Builder for WordPress is vulnerable to SQL
Injection ...)
+ TODO: check
CVE-2023-30896
RESERVED
CVE-2023-30895
@@ -15260,14 +15339,14 @@ CVE-2022-4943
RESERVED
CVE-2023-2175
RESERVED
-CVE-2023-2174
- RESERVED
-CVE-2023-2173
- RESERVED
-CVE-2023-2172
- RESERVED
-CVE-2023-2171
- RESERVED
+CVE-2023-2174 (The BadgeOS plugin for WordPress is vulnerable to unauthorized
modific ...)
+ TODO: check
+CVE-2023-2173 (The BadgeOS plugin for WordPress is vulnerable to Insecure
Direct Obje ...)
+ TODO: check
+CVE-2023-2172 (The BadgeOS plugin for WordPress is vulnerable to Insecure
Direct Obje ...)
+ TODO: check
+CVE-2023-2171 (The BadgeOS plugin for WordPress is vulnerable to Stored
Cross-Site Sc ...)
+ TODO: check
CVE-2023-2170 (The TaxoPress plugin for WordPress is vulnerable to Stored
Cross-Site ...)
NOT-FOR-US: TaxoPress plugin for WordPress
CVE-2023-2169 (The TaxoPress plugin for WordPress is vulnerable to Stored
Cross-Site ...)
@@ -31996,8 +32075,8 @@ CVE-2023-0691 (The Metform Elementor Contact Form
Builder for WordPress is vulne
NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress
CVE-2023-0690 (HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue
where w ...)
NOT-FOR-US: HashiCorp Boundary
-CVE-2023-0689
- RESERVED
+CVE-2023-0689 (The Metform Elementor Contact Form Builder for WordPress is
vulnerable ...)
+ TODO: check
CVE-2023-0688 (The Metform Elementor Contact Form Builder for WordPress is
vulnerable ...)
NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress
CVE-2011-10003 (A vulnerability was found in XpressEngine up to 1.4.4. It has
been rat ...)
@@ -36911,8 +36990,8 @@ CVE-2023-23767
RESERVED
CVE-2023-23766
RESERVED
-CVE-2023-23765
- RESERVED
+CVE-2023-23765 (An incorrect comparison vulnerability was identified in GitHub
Enterpr ...)
+ TODO: check
CVE-2023-23764 (An incorrect comparison vulnerability was identified in GitHub
Enterpr ...)
NOT-FOR-US: Github Enterprise Server
CVE-2023-23763
@@ -47075,6 +47154,7 @@ CVE-2022-4429 (Avira Security for Windows contains an
unquoted service path whic
CVE-2022-4428 (support_uri parameter in the WARP client local settings file
(mdm.xml) ...)
NOT-FOR-US: Cloudflare Warp
CVE-2022-4427 (Improper Input Validation vulnerability in OTRS AG OTRS, OTRS
AG ((OTR ...)
+ {DLA-3551-1}
- znuny 6.4.5-1
- otrs2 <removed>
[bullseye] - otrs2 <no-dsa> (Non-free not supported)
@@ -140801,7 +140881,7 @@ CVE-2021-41186 (Fluentd collects events from various
data sources and writes the
CVE-2021-41185 (Mycodo is an environmental monitoring and regulation system.
An exploi ...)
NOT-FOR-US: Mycodo
CVE-2021-41184 (jQuery-UI is the official jQuery user interface library. Prior
to vers ...)
- {DLA-3230-1}
+ {DLA-3551-1 DLA-3230-1}
- jqueryui 1.13.0+dfsg-1
[bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
[stretch] - jqueryui <no-dsa> (Minor issue)
@@ -140812,7 +140892,7 @@ CVE-2021-41184 (jQuery-UI is the official jQuery user
interface library. Prior t
NOTE:
https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280
NOTE: https://www.znuny.org/en/advisories/zsa-2022-01
CVE-2021-41183 (jQuery-UI is the official jQuery user interface library. Prior
to vers ...)
- {DLA-3230-1 DLA-2889-1}
+ {DLA-3551-1 DLA-3230-1 DLA-2889-1}
- drupal7 <removed>
- jqueryui 1.13.0+dfsg-1
[bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
@@ -140826,7 +140906,7 @@ CVE-2021-41183 (jQuery-UI is the official jQuery user
interface library. Prior t
NOTE: https://www.drupal.org/sa-core-2022-001
NOTE: https://www.znuny.org/en/advisories/zsa-2022-01
CVE-2021-41182 (jQuery-UI is the official jQuery user interface library. Prior
to vers ...)
- {DLA-3230-1 DLA-2889-1}
+ {DLA-3551-1 DLA-3230-1 DLA-2889-1}
- drupal7 <removed>
- jqueryui 1.13.0+dfsg-1
[bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
@@ -153738,6 +153818,7 @@ CVE-2021-36102
CVE-2021-36101
RESERVED
CVE-2021-36100 (Specially crafted string in OTRS system configuration can
allow the ex ...)
+ {DLA-3551-1}
- znuny <not-affected> (Fixed before initial upload to archive as
src:znuny)
- otrs2 6.3.2-1
[bullseye] - otrs2 <no-dsa> (Non-free not supported)
@@ -153770,6 +153851,7 @@ CVE-2021-36092 (It's possible to create an email
which contains specially crafte
NOTE: OTRS, it's unclear to which extent Znuny might be affected since
OTRS AG doesn't release
NOTE: actionable information, also see
https://github.com/znuny/Znuny/issues/128 and #993846
CVE-2021-36091 (Agents are able to list appointments in the calendars without
required ...)
+ {DLA-3551-1}
- otrs2 6.0.32-6 (bug #991593)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-14/
@@ -191528,6 +191610,7 @@ CVE-2020-35852 (Chatbox is affected by cross-site
scripting (XSS). An attacker h
CVE-2020-35851 (HGiga MailSherlock does not validate specific parameters
properly. Att ...)
NOT-FOR-US: HGiga MailSherlock
CVE-2021-21443 (Agents are able to list customer user emails without required
permissi ...)
+ {DLA-3551-1}
- otrs2 6.0.32-6 (bug #991593)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
- znuny <not-affected> (Fixed before initial upload to Debian)
@@ -191536,18 +191619,21 @@ CVE-2021-21443 (Agents are able to list customer
user emails without required pe
CVE-2021-21442 (In the project create screen it's possible to inject malicious
JS code ...)
NOT-FOR-US: OTRS TimeAccounting module
CVE-2021-21441 (There is a XSS vulnerability in the ticket overview screens.
It's poss ...)
+ {DLA-3551-1}
- otrs2 6.0.32-5 (bug #989992)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
- znuny <not-affected> (Fixed before initial upload to Debian)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-11/
NOTE: Fixed by:
https://github.com/znuny/Znuny/commit/48b8d2bc85280d702bd0d21783f5d31e2fa5fa51
(rel-6_0_34)
CVE-2021-21440 (Generated Support Bundles contains private S/MIME and PGP keys
if cont ...)
+ {DLA-3551-1}
- otrs2 6.0.32-6 (bug #991593)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
- znuny <not-affected> (Fixed before initial upload to Debian)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-10/
NOTE:
https://github.com/znuny/Znuny/commit/c5c90087d4187da5c456a80289fa088a19511934
(rel-6_1_1)
CVE-2021-21439 (DoS attack can be performed when an email contains specially
designed ...)
+ {DLA-3551-1}
- otrs2 6.0.32-5 (bug #989992)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
- znuny <not-affected> (Fixed before initial upload to Debian)
@@ -192648,6 +192734,7 @@ CVE-2021-21254 (CKEditor 5 is an open source rich
text editor framework with a m
CVE-2021-21253 (OnlineVotingSystem is an open source project hosted on GitHub.
OnlineV ...)
NOT-FOR-US: OnlineVotingSystem
CVE-2021-21252 (The jQuery Validation Plugin provides drop-in validation for
your exis ...)
+ {DLA-3551-1}
- civicrm 5.50.1+dfsg1-1 (bug #980892)
[bullseye] - civicrm <no-dsa> (Minor issue)
- otrs2 6.0.32-4 (bug #980891)
@@ -248603,7 +248690,7 @@ CVE-2020-11025 (In affected versions of WordPress, a
cross-site scripting (XSS)
CVE-2020-11024 (In Moonlight iOS/tvOS before 4.0.1, the pairing process is
vulnerable ...)
NOT-FOR-US: Moonlight iOS/tvOS
CVE-2020-11023 (In jQuery versions greater than or equal to 1.0.3 and before
3.5.0, pa ...)
- {DSA-4693-1 DLA-2608-1}
+ {DSA-4693-1 DLA-3551-1 DLA-2608-1}
- jquery <removed>
[buster] - jquery 3.3.1~dfsg-3+deb10u1
[jessie] - jquery <not-affected> (Vulnerable code not present)
@@ -248617,7 +248704,7 @@ CVE-2020-11023 (In jQuery versions greater than or
equal to 1.0.3 and before 3.5
NOTE: https://www.drupal.org/sa-core-2020-002
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-14/
CVE-2020-11022 (In jQuery versions greater than or equal to 1.2 and before
3.5.0, pass ...)
- {DSA-4693-1 DLA-2608-1}
+ {DSA-4693-1 DLA-3551-1 DLA-2608-1}
- jquery <removed>
[buster] - jquery 3.3.1~dfsg-3+deb10u1
[jessie] - jquery <not-affected> (Vulnerable code not present)
@@ -273733,6 +273820,7 @@ CVE-2020-1777 (Agent names that participates in a
chat conversation are revealed
- otrs2 <not-affected> (Only affects 7.x and 8.x)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-15/
CVE-2020-1776 (When an agent user is renamed or set to invalid the session
belonging ...)
+ {DLA-3551-1}
- otrs2 6.0.29-1
[stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-13/
@@ -273742,13 +273830,14 @@ CVE-2020-1775 (BCC recipients in mails sent from
OTRS are visible in article det
- otrs2 <not-affected> (ONly affects 7.x and 8.x series)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-12/
CVE-2020-1774 (When user downloads PGP or S/MIME keys/certificates, exported
file has ...)
- {DLA-2198-1}
+ {DLA-3551-1 DLA-2198-1}
- otrs2 6.0.28-1 (bug #959448)
[stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-11/
NOTE: Fixed in 7.0.17, 6.0.28
NOTE: OTRS6:
https://github.com/OTRS/otrs/commit/ff725cbea77f03fa296bb13f93f5b07086920342
CVE-2020-1773 (An attacker with the ability to generate session IDs or
password reset ...)
+ {DLA-3551-1}
- otrs2 6.0.27-1
[stretch] - otrs2 <ignored> (Non-free not supported)
[jessie] - otrs2 <no-dsa> (Too intrusive to backport)
@@ -273757,7 +273846,7 @@ CVE-2020-1773 (An attacker with the ability to
generate session IDs or password
NOTE: OTRS6:
https://github.com/OTRS/otrs/commit/ab253734bc211541309b9f8ea2b8b70389c4a64e
NOTE: OTRS5:
https://github.com/OTRS/otrs/commit/4955521af50238046847bce51ad9865950324f77
CVE-2020-1772 (It's possible to craft Lost Password requests with wildcards in
the To ...)
- {DLA-2198-1}
+ {DLA-3551-1 DLA-2198-1}
- otrs2 6.0.27-1
[stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-09/
@@ -273765,6 +273854,7 @@ CVE-2020-1772 (It's possible to craft Lost Password
requests with wildcards in t
NOTE: OTRS6:
https://github.com/OTRS/otrs/commit/c0255365d5c455272b2b9e7bb1f6c96c3fce441b
NOTE: OTRS5:
https://github.com/OTRS/otrs/commit/2628464f659c39fafbc32147d569553eb07d41d7
CVE-2020-1771 (Attacker is able craft an article with a link to the customer
address ...)
+ {DLA-3551-1}
- otrs2 6.0.27-1
[stretch] - otrs2 <ignored> (Non-free not supported)
[jessie] - otrs2 <not-affected> (Vulnerable code introduced in later
version)
@@ -273772,7 +273862,7 @@ CVE-2020-1771 (Attacker is able craft an article with
a link to the customer add
NOTE: Fixed in 7.0.16, 6.0.27
NOTE:
https://github.com/OTRS/otrs/commit/2576830053f70a3a9251558e55f34843dec61aa2
CVE-2020-1770 (Support bundle generated files could contain sensitive
information tha ...)
- {DLA-2198-1}
+ {DLA-3551-1 DLA-2198-1}
- otrs2 6.0.27-1
[stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-07/
@@ -273780,6 +273870,7 @@ CVE-2020-1770 (Support bundle generated files could
contain sensitive informatio
NOTE: OTRS6:
https://github.com/OTRS/otrs/commit/cb6d12a74fbf721ba33f24ce93ae37ed9a945a95
NOTE: OTRS5:
https://github.com/OTRS/otrs/commit/d37defe6592992e886cc5cc8fec444d34875fd4d
CVE-2020-1769 (In the login screens (in agent and customer interface),
Username and P ...)
+ {DLA-3551-1}
- otrs2 6.0.27-1
[stretch] - otrs2 <ignored> (Non-free not supported)
[jessie] - otrs2 <no-dsa>
(https://lists.debian.org/debian-lts/2020/04/msg00040.html)
@@ -273791,20 +273882,20 @@ CVE-2020-1768 (The external frontend system uses
numerous background calls to th
- otrs2 <not-affected> (Only affects 7.0.x series)
NOTE: https://community.otrs.com/security-advisory-2020-04/
CVE-2020-1767 (Agent A is able to save a draft (i.e. for customer reply). Then
Agent ...)
- {DLA-2079-1}
+ {DLA-3551-1 DLA-2079-1}
- otrs2 6.0.25-1
[stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-03/
NOTE:
https://github.com/OTRS/otrs/commit/5f488fd6c809064ee49def3a432030258d211570
CVE-2020-1766 (Due to improper handling of uploaded images it is possible in
very unl ...)
- {DLA-2079-1}
+ {DLA-3551-1 DLA-2079-1}
- otrs2 6.0.25-1
[stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-02/
NOTE:
https://github.com/OTRS/otrs/commit/128078b0bb30f601ed97d4a13906644264ee6013
(OTRS6)
NOTE:
https://github.com/OTRS/otrs/commit/b7d80f9000fc9a435743d8d1d7d44d9a17483a9a
(OTRS5)
CVE-2020-1765 (An improper control of parameters allows the spoofing of the
from fiel ...)
- {DLA-2079-1}
+ {DLA-3551-1 DLA-2079-1}
- otrs2 6.0.25-1
[stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-01/
@@ -280832,6 +280923,7 @@ CVE-2019-18182 (pacman before 5.2 is vulnerable to
arbitrary command injection i
CVE-2019-18181 (In CloudVision Portal all releases in the 2018.1 and 2018.2
Code train ...)
NOT-FOR-US: CloudVision Portal
CVE-2019-18180 (Improper Check for filenames with overly long extensions in
PostMaster ...)
+ {DLA-3551-1}
- otrs2 6.0.24-1 (bug #945251)
[stretch] - otrs2 <ignored> (Non-free not supported)
[jessie] - otrs2 <not-affected> (vulnerable code not present)
@@ -280839,7 +280931,7 @@ CVE-2019-18180 (Improper Check for filenames with
overly long extensions in Post
NOTE: OTRS 6.0:
https://github.com/OTRS/otrs/commit/da057277c8620f0885c70090f565f1fa81f2c7e9
NOTE: OTRS 6.0:
https://github.com/OTRS/otrs/commit/799616eb43f7fb53cae4e04c81e2156baaf02e2b
CVE-2019-18179 (An issue was discovered in Open Ticket Request System (OTRS)
7.0.x thr ...)
- {DLA-2053-1}
+ {DLA-3551-1 DLA-2053-1}
- otrs2 6.0.24-1 (bug #945251)
[stretch] - otrs2 <ignored> (Non-free not supported)
NOTE:
https://community.otrs.com/security-advisory-2019-14-security-update-for-otrs-framework/
@@ -285561,6 +285653,7 @@ CVE-2019-16377 (The makandra consul gem through 1.0.2
for Ruby has Incorrect Acc
CVE-2019-16376
RESERVED
CVE-2019-16375 (An issue was discovered in Open Ticket Request System (OTRS)
7.0.x thr ...)
+ {DLA-3551-1}
- otrs2 6.0.23-1
[stretch] - otrs2 <ignored> (Non-free not supported)
[jessie] - otrs2 <no-dsa> (Minor issue)
@@ -296102,7 +296195,7 @@ CVE-2019-13460
CVE-2019-13459
RESERVED
CVE-2019-13458 (An issue was discovered in Open Ticket Request System (OTRS)
7.0.x thr ...)
- {DLA-1877-1}
+ {DLA-3551-1 DLA-1877-1}
- otrs2 6.0.20-1
[stretch] - otrs2 <ignored> (Non-free not supported)
NOTE:
https://community.otrs.com/security-advisory-2019-12-security-update-for-otrs-framework/
@@ -298159,7 +298252,7 @@ CVE-2019-12748 (TYPO3 8.3.0 through 8.7.26 and 9.0.0
through 9.5.7 allows XSS.)
CVE-2019-12747 (TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows
Deserialization ...)
NOT-FOR-US: TYPO3
CVE-2019-12746 (An issue was discovered in Open Ticket Request System (OTRS)
Community ...)
- {DLA-1877-1}
+ {DLA-3551-1 DLA-1877-1}
- otrs2 6.0.20-1
[stretch] - otrs2 <ignored> (Non-free not supported)
NOTE:
https://community.otrs.com/security-advisory-2019-10-security-update-for-otrs-framework/
@@ -298737,7 +298830,7 @@ CVE-2019-12500 (The Xiaomi M365 scooter 2019-02-12
before 1.5.1 allows spoofing
CVE-2019-12498 (The WP Live Chat Support plugin before 8.0.33 for WordPress
accepts ce ...)
NOT-FOR-US: WP Live Chat Support plugin for WordPress
CVE-2019-12497 (An issue was discovered in Open Ticket Request System (OTRS)
7.0.x thr ...)
- {DLA-1816-1}
+ {DLA-3551-1 DLA-1816-1}
- otrs2 6.0.19-1
[stretch] - otrs2 <ignored> (Non-free not supported)
NOTE:
https://community.otrs.com/security-advisory-2019-09-security-update-for-otrs-framework/
@@ -299482,7 +299575,7 @@ CVE-2019-12250 (IdentityServer IdentityServer4
through 2.4 has stored XSS via th
CVE-2019-12249
RESERVED
CVE-2019-12248 (An issue was discovered in Open Ticket Request System (OTRS)
7.0.x thr ...)
- {DLA-1816-1}
+ {DLA-3551-1 DLA-1816-1}
- otrs2 6.0.19-1
[stretch] - otrs2 <ignored> (Non-free not supported)
NOTE:
https://community.otrs.com/security-advisory-2019-08-security-update-for-otrs-framework/
@@ -302338,7 +302431,7 @@ CVE-2019-11269 (Spring Security OAuth versions 2.3
prior to 2.3.6, 2.2 prior to
CVE-2019-11268 (Cloud Foundry UAA version prior to 73.3.0, contain endpoints
that cont ...)
NOT-FOR-US: Cloud Foundry UAA
CVE-2019-11358 (jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and
other produc ...)
- {DSA-4460-1 DSA-4434-1 DLA-2118-1 DLA-1797-1 DLA-1777-1}
+ {DSA-4460-1 DSA-4434-1 DLA-3551-1 DLA-2118-1 DLA-1797-1 DLA-1777-1}
- drupal7 <removed> (bug #927330)
- jquery 3.3.1~dfsg-2 (bug #927385)
[stretch] - jquery 3.1.1-2+deb9u1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd4691ce23cafa2e082de1091e6d4bee4e241c45
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd4691ce23cafa2e082de1091e6d4bee4e241c45
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
