Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f471ae6b by security tracker role at 2023-09-06T20:12:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,38 +1,138 @@
-CVE-2023-41947
+CVE-2023-4809 (In pf packet processing with a 'scrub fragment reassemble'
rule, a pac ...)
+ TODO: check
+CVE-2023-4634 (The Media Library Assistant plugin for WordPress is vulnerable
to Loca ...)
+ TODO: check
+CVE-2023-4623 (A use-after-free vulnerability in the Linux kernel's net/sched:
sch_hf ...)
+ TODO: check
+CVE-2023-4622 (A use-after-free vulnerability in the Linux kernel's af_unix
component ...)
+ TODO: check
+CVE-2023-4621
+ REJECTED
+CVE-2023-4589 (Insufficient verification of data authenticity vulnerability in
Deline ...)
+ TODO: check
+CVE-2023-4588 (File accessibility vulnerability in Delinea Secret Server, in
its v10. ...)
+ TODO: check
+CVE-2023-4498 (Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated
access ...)
+ TODO: check
+CVE-2023-4244 (A use-after-free vulnerability in the Linux kernel's netfilter:
nf_tab ...)
+ TODO: check
+CVE-2023-4208 (A use-after-free vulnerability in the Linux kernel's net/sched:
cls_u3 ...)
+ TODO: check
+CVE-2023-4207 (A use-after-free vulnerability in the Linux kernel's net/sched:
cls_fw ...)
+ TODO: check
+CVE-2023-4206 (A use-after-free vulnerability in the Linux kernel's net/sched:
cls_ro ...)
+ TODO: check
+CVE-2023-41601 (Multiple cross-site scripting (XSS) vulnerabilities in
install/index.p ...)
+ TODO: check
+CVE-2023-41330 (knplabs/knp-snappy is a PHP library allowing thumbnail,
snapshot or PD ...)
+ TODO: check
+CVE-2023-41328 (Frappe is a low code web framework written in Python and
Javascript. A ...)
+ TODO: check
+CVE-2023-41319 (Fides is an open-source privacy engineering platform for
managing the ...)
+ TODO: check
+CVE-2023-41150 (F-RevoCRM 7.3 series prior to version7.3.8 contains a
cross-site scrip ...)
+ TODO: check
+CVE-2023-41149 (F-RevoCRM version7.3.7 and version7.3.8 contains an OS command
injecti ...)
+ TODO: check
+CVE-2023-41050 (AccessControl provides a general security framework for use in
Zope. P ...)
+ TODO: check
+CVE-2023-40601 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Estatik ...)
+ TODO: check
+CVE-2023-40591 (go-ethereum (geth) is a golang execution layer implementation
of the E ...)
+ TODO: check
+CVE-2023-40560 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Greg ...)
+ TODO: check
+CVE-2023-40554 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Blog2Soc ...)
+ TODO: check
+CVE-2023-40553 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Plausibl ...)
+ TODO: check
+CVE-2023-40552 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Gurc ...)
+ TODO: check
+CVE-2023-40531 (Archer AX6000 firmware versions prior to 'Archer
AX6000(JP)_V1_1.3.0 B ...)
+ TODO: check
+CVE-2023-40357 (Multiple TP-LINK products allow a network-adjacent
authenticated attac ...)
+ TODO: check
+CVE-2023-40329 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in WPZe ...)
+ TODO: check
+CVE-2023-40328 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Carr ...)
+ TODO: check
+CVE-2023-40193 (Deco M4 firmware versions prior to 'Deco M4(JP)_V2_1.5.8 Build
2023061 ...)
+ TODO: check
+CVE-2023-40007 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Ujwo ...)
+ TODO: check
+CVE-2023-39935 (Archer C5400 firmware versions prior to 'Archer
C5400(JP)_V2_230506' a ...)
+ TODO: check
+CVE-2023-39511 (Cacti is an open source operational monitoring and fault
management fr ...)
+ TODO: check
+CVE-2023-39265 (Apache Superset would allow for SQLite database connections to
be inco ...)
+ TODO: check
+CVE-2023-39264 (By default, stack traces for errors were enabled, which
resulted in th ...)
+ TODO: check
+CVE-2023-39224 (Archer C5 firmware all versions and Archer C7 firmware
versions prior ...)
+ TODO: check
+CVE-2023-38588 (Archer C3150 firmware versions prior to 'Archer
C3150(JP)_V2_230511' a ...)
+ TODO: check
+CVE-2023-38568 (Archer A10 firmware versions prior to 'Archer
A10(JP)_V2_230504' allow ...)
+ TODO: check
+CVE-2023-38563 (Archer C1200 firmware versions prior to 'Archer
C1200(JP)_V2_230508' a ...)
+ TODO: check
+CVE-2023-38486 (A vulnerability in the secure boot implementation on
affectedAruba 920 ...)
+ TODO: check
+CVE-2023-38485 (Vulnerabilities exist in the BIOS implementation of Aruba 9200
and 900 ...)
+ TODO: check
+CVE-2023-38484 (Vulnerabilities exist in the BIOS implementation of Aruba 9200
and 900 ...)
+ TODO: check
+CVE-2023-37941 (If an attacker gains write access to the Apache Superset
metadata data ...)
+ TODO: check
+CVE-2023-37284 (Improper authentication vulnerability in Archer C20 firmware
versions ...)
+ TODO: check
+CVE-2023-36489 (Multiple TP-LINK products allow a network-adjacent
unauthenticated att ...)
+ TODO: check
+CVE-2023-36388 (Improper REST API permission in Apache Superset up to and
including 2. ...)
+ TODO: check
+CVE-2023-36387 (An improper default REST API permission for Gamma users in
Apache Supe ...)
+ TODO: check
+CVE-2023-32672 (An Incorrect authorisation check in SQLLab in Apache Superset
versions ...)
+ TODO: check
+CVE-2023-32619 (Archer C50 firmware versions prior to 'Archer
C50(JP)_V3_230505' and A ...)
+ TODO: check
+CVE-2023-31188 (Multiple TP-LINK products allow a network-adjacent
authenticated attac ...)
+ TODO: check
+CVE-2023-41947 (A missing permission check in Jenkins Frugal Testing Plugin
1.1 and ea ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-41946
+CVE-2023-41946 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Frugal Te ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-41945
+CVE-2023-41945 (Jenkins Assembla Auth Plugin 1.14 and earlier does not verify
that the ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-41944
+CVE-2023-41944 (Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does
not esca ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-41943
+CVE-2023-41943 (Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does
not perf ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-41942
+CVE-2023-41942 (A cross-site request forgery (CSRF) vulnerability in Jenkins
AWS CodeC ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-41941
+CVE-2023-41941 (A missing permission check in Jenkins AWS CodeCommit Trigger
Plugin 3. ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-41940
+CVE-2023-41940 (Jenkins TAP Plugin 2.3 and earlier does not escape TAP file
contents, ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-41939
+CVE-2023-41939 (Jenkins SSH2 Easy Plugin 1.4 and earlier does not verify that
permissi ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-41938
+CVE-2023-41938 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Ivy Plugi ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-41937
+CVE-2023-41937 (Jenkins Bitbucket Push and Pull Request Plugin 2.4.0 through
2.8.3 (bo ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-41936
+CVE-2023-41936 (Jenkins Google Login Plugin 1.7 and earlier uses a
non-constant time c ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-41935
+CVE-2023-41935 (Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except
378.380. ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-41934
+CVE-2023-41934 (Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496
and earli ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-41933
+CVE-2023-41933 (Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f
and earli ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-41932
+CVE-2023-41932 (Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f
and earli ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-41931
+CVE-2023-41931 (Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f
and earli ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-41930
+CVE-2023-41930 (Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f
and earli ...)
NOT-FOR-US: Jenkins plugin
CVE-2023-4779 (The User Submitted Posts plugin for WordPress is vulnerable to
Stored ...)
NOT-FOR-US: User Submitted Posts plugin for WordPress
@@ -418,12 +518,12 @@ CVE-2023-41164
NOTE:
https://github.com/django/django/commit/3f41d6d62929dfe53eda8109b3b836f26645bdce
(main)
NOTE:
https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9
(4.2.5)
NOTE:
https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e
(3.2.21)
-CVE-2023-4015 [netfilter: nf_tables: skip immediate deactivate in
_PREPARE_ERROR]
+CVE-2023-4015 (A use-after-free vulnerability in the Linux kernel's netfilter:
nf_tab ...)
- linux 6.4.11-1
[bullseye] - linux <not-affected> (Vulnerable code not in a Debian
released version)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/0a771f7b266b02d262900c75f1e175c7fe76fec2 (6.5-rc4)
-CVE-2023-3777 [netfilter: nf_tables: skip bound chain on rule flush]
+CVE-2023-3777 (A use-after-free vulnerability in the Linux kernel's netfilter:
nf_tab ...)
- linux 6.4.11-1
[bullseye] - linux 5.10.191-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -1276,7 +1376,7 @@ CVE-2023-39616 (AOMedia v3.0.0 to v3.5.0 was discovered
to contain an invalid re
NOTE: Testcase:
https://aomedia.googlesource.com/aom/+/d90659acbb1487949195006d46c4582c62f1b90f
(3.7.0_rc2)
NOTE: For Debian this was initially fixed in Debian unstable with
3.7.0~rc3-1 but reverted with the
NOTE: 3.7.0~really3.6.1-1 upload re-introducing the issue.
-CVE-2023-39615 (Xmlsoft Libxml2 v2.11.0 was discovered to contain a global
buffer over ...)
+CVE-2023-39615 (Xmlsoft Libxml2 v2.11.0 was discovered to contain an
out-of-bounds rea ...)
- libxml2 <unfixed> (bug #1051230)
[bookworm] - libxml2 <no-dsa> (Minor issue)
[bullseye] - libxml2 <no-dsa> (Minor issue)
@@ -27144,14 +27244,14 @@ CVE-2023-27530 (A DoS vulnerability exists in Rack
<v3.0.4.2, <v2.2.6.3, <v2.1.4
NOTE:
https://github.com/rack/rack/commit/9aac3757fe19cdb0476504c9245170115bec9668
(v2.2.6.3)
NOTE:
https://github.com/rack/rack/commit/b632718265fa5ffa547b060331341a1e216b4ffa
(v2.1.4.3)
NOTE:
https://github.com/rack/rack/commit/5f6e2fcbbdbff2dfaa21baa693e9d23d12ac1459
(v2.0.9.3)
-CVE-2023-27526
- RESERVED
+CVE-2023-27526 (A non Admin authenticated user could incorrectly create
resources usin ...)
+ TODO: check
CVE-2023-27525 (An authenticated user with Gamma role authorization could have
access ...)
NOT-FOR-US: Apache Superset
CVE-2023-27524 (Session Validation attacks in Apache Superset versions up to
and inclu ...)
NOT-FOR-US: Apache Superset
-CVE-2023-27523
- RESERVED
+CVE-2023-27523 (Improper data authorization check on Jinja templated queries
in Apache ...)
+ TODO: check
CVE-2023-27522 (HTTP Response Smuggling vulnerability in Apache HTTP Server
via mod_pr ...)
{DSA-5376-1 DLA-3401-1}
- apache2 2.4.56-1 (bug #1032476)
@@ -27514,7 +27614,7 @@ CVE-2023-1116 (Cross-site Scripting (XSS) - Stored in
GitHub repository pimcore/
NOT-FOR-US: pimcore
CVE-2023-1115 (Cross-site Scripting (XSS) - Stored in GitHub repository
pimcore/pimco ...)
NOT-FOR-US: pimcore
-CVE-2023-1114 (Improper Input Validation, Missing Authorization vulnerability
in Esko ...)
+CVE-2023-1114 (Missing Authorization vulnerability in Eskom e-Belediye allows
Informa ...)
NOT-FOR-US: Eskom Bilgisayar e-Belediye
CVE-2023-1113 (A vulnerability was found in SourceCodester Simple Payroll
System 1.0. ...)
NOT-FOR-US: SourceCodester Simple Payroll System
@@ -30883,8 +30983,8 @@ CVE-2023-26102 (All versions of the package rangy are
vulnerable to Prototype Po
NOT-FOR-US: Node rangy
CVE-2023-0926
RESERVED
-CVE-2023-0925
- RESERVED
+CVE-2023-0925 (Version 10.11 of webMethods OneData runs an embedded instance
of Azul ...)
+ TODO: check
CVE-2023-0924 (The ZYREX POPUP WordPress plugin through 1.0 does not validate
the typ ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0923
@@ -56495,7 +56595,7 @@ CVE-2023-20902
RESERVED
CVE-2023-20901
RESERVED
-CVE-2023-20900 (VMware Tools contains a SAML token signature bypass
vulnerability.A ma ...)
+CVE-2023-20900 (A malicious actor that has been granted Guest Operation
Privileges ht ...)
- open-vm-tools 2:12.3.0-1 (bug #1050970)
NOTE: https://www.openwall.com/lists/oss-security/2023/08/31/1
NOTE:
https://github.com/vmware/open-vm-tools/blob/CVE-2023-20900.patch/CVE-2023-20900.patch
@@ -59332,8 +59432,8 @@ CVE-2023-20271
RESERVED
CVE-2023-20270
RESERVED
-CVE-2023-20269
- RESERVED
+CVE-2023-20269 (A vulnerability in the remote access VPN feature of Cisco
Adaptive Sec ...)
+ TODO: check
CVE-2023-20268
RESERVED
CVE-2023-20267
@@ -59344,8 +59444,8 @@ CVE-2023-20265
RESERVED
CVE-2023-20264
RESERVED
-CVE-2023-20263
- RESERVED
+CVE-2023-20263 (A vulnerability in the web-based management interface of Cisco
HyperFl ...)
+ TODO: check
CVE-2023-20262
RESERVED
CVE-2023-20261
@@ -59370,8 +59470,8 @@ CVE-2023-20252
RESERVED
CVE-2023-20251
RESERVED
-CVE-2023-20250
- RESERVED
+CVE-2023-20250 (A vulnerability in the web-based management interface of Cisco
Small B ...)
+ TODO: check
CVE-2023-20249
RESERVED
CVE-2023-20248
@@ -59384,8 +59484,8 @@ CVE-2023-20245
RESERVED
CVE-2023-20244
RESERVED
-CVE-2023-20243
- RESERVED
+CVE-2023-20243 (A vulnerability in the RADIUS message processing feature of
Cisco Iden ...)
+ TODO: check
CVE-2023-20242 (A vulnerability in the web-based management interface of Cisco
Unified ...)
NOT-FOR-US: Cisco
CVE-2023-20241
@@ -59394,8 +59494,8 @@ CVE-2023-20240
RESERVED
CVE-2023-20239
RESERVED
-CVE-2023-20238
- RESERVED
+CVE-2023-20238 (A vulnerability in the single sign-on (SSO) implementation of
Cisco Br ...)
+ TODO: check
CVE-2023-20237 (A vulnerability in Cisco Intersight Virtual Appliance could
allow an u ...)
NOT-FOR-US: Cisco
CVE-2023-20236
@@ -145474,8 +145574,8 @@ CVE-2021-39861 (Acrobat Reader DC versions
2021.005.20060 (and earlier), 2020.00
NOT-FOR-US: Adobe
CVE-2021-39860 (Acrobat Pro DC versions 2021.005.20060 (and earlier),
2020.004.30006 ( ...)
NOT-FOR-US: Adobe
-CVE-2021-39859
- RESERVED
+CVE-2021-39859 (Acrobat Reader DC versions 2021.005.20060 (and earlier),
2020.004.3000 ...)
+ TODO: check
CVE-2021-39858 (Acrobat Reader DC versions 2021.005.20060 (and earlier),
2020.004.3000 ...)
NOT-FOR-US: Adobe
CVE-2021-39857 (Adobe Acrobat Reader DC add-on for Internet Explorer versions
2021.005 ...)
@@ -153674,8 +153774,8 @@ CVE-2021-36647 (Use of a Broken or Risky
Cryptographic Algorithm in the function
[bullseye] - mbedtls <no-dsa> (Minor issue)
[buster] - mbedtls <no-dsa> (Minor issue)
NOTE:
https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/mbedtls-security-advisory-2021-07-1/
-CVE-2021-36646
- RESERVED
+CVE-2021-36646 (A Cross Site Scrtpting (XSS) vulnerability in KodExplorer 4.45
allows ...)
+ TODO: check
CVE-2021-36645
RESERVED
CVE-2021-36644
@@ -155168,8 +155268,8 @@ CVE-2021-36062 (Adobe Connect version 11.2.2 (and
earlier) is affected by a Refl
NOT-FOR-US: Adobe
CVE-2021-36061 (Adobe Connect version 11.2.2 (and earlier) is affected by a
secure des ...)
NOT-FOR-US: Adobe
-CVE-2021-36060
- RESERVED
+CVE-2021-36060 (Adobe Media Encoder version 15.2 (and earlier) is affected by
an out-o ...)
+ TODO: check
CVE-2021-36059 (Adobe Bridge version 11.1 (and earlier) is affected by a
memory corrup ...)
NOT-FOR-US: Adobe
CVE-2021-36058 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by an
Integer ...)
@@ -155281,8 +155381,8 @@ CVE-2021-36038 (Magento Commerce versions 2.4.2 (and
earlier), 2.4.2-p1 (and ear
NOT-FOR-US: Magento
CVE-2021-36037 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and
earlier) ...)
NOT-FOR-US: Magento
-CVE-2021-36036
- RESERVED
+CVE-2021-36036 (Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier)
and 2.3.7 ...)
+ TODO: check
CVE-2021-36035 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and
earlier) ...)
NOT-FOR-US: Magento
CVE-2021-36034 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and
earlier) ...)
@@ -155307,12 +155407,12 @@ CVE-2021-36025 (Magento Commerce versions 2.4.2
(and earlier), 2.4.2-p1 (and ear
NOT-FOR-US: Magento
CVE-2021-36024 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and
earlier) ...)
NOT-FOR-US: Magento
-CVE-2021-36023
- RESERVED
+CVE-2021-36023 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and
earlier) ...)
+ TODO: check
CVE-2021-36022 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and
earlier) ...)
NOT-FOR-US: Magento
-CVE-2021-36021
- RESERVED
+CVE-2021-36021 (Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier)
and 2.3.7 ...)
+ TODO: check
CVE-2021-36020 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and
earlier) ...)
NOT-FOR-US: Magento
CVE-2021-36019 (Adobe After Effects version 18.2.1 (and earlier) is affected
by an Out ...)
@@ -155393,8 +155493,8 @@ CVE-2021-35982 (Acrobat Reader DC versions
2021.005.20060 (and earlier), 2020.00
NOT-FOR-US: Adobe
CVE-2021-35981 (Acrobat Reader DC versions 2021.005.20054 (and earlier),
2020.004.3000 ...)
NOT-FOR-US: Adobe
-CVE-2021-35980
- RESERVED
+CVE-2021-35980 (Acrobat Reader DC versions 2021.005.20054 (and earlier),
2020.004.3000 ...)
+ TODO: check
CVE-2021-35979 (An issue was discovered in Digi RealPort through 4.8.488.0.
The 'encry ...)
NOT-FOR-US: Digi RealPort
CVE-2021-35978 (An issue was discovered in Digi TransPort DR64, SR44 VC74, and
WR. The ...)
@@ -174488,8 +174588,8 @@ CVE-2021-3445 (A flaw was found in libdnf's signature
verification functionality
- libdnf 0.55.2-6 (bug #986802)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1932079
NOTE:
https://github.com/rpm-software-management/libdnf/commit/930f2582f91077b3f338b84cf9567559d52713de
-CVE-2021-28644
- RESERVED
+CVE-2021-28644 (Acrobat Reader DC versions 2021.005.20054 (and earlier),
2020.004.3000 ...)
+ TODO: check
CVE-2021-28643 (Acrobat Reader DC versions 2021.005.20054 (and earlier),
2020.004.3000 ...)
NOT-FOR-US: Adobe
CVE-2021-28642 (Acrobat Reader DC versions 2021.005.20054 (and earlier),
2020.004.3000 ...)
@@ -194586,8 +194686,8 @@ CVE-2021-21090 (Adobe InCopy version 16.0 (and
earlier) is affected by an path t
NOT-FOR-US: Adobe
CVE-2021-21089 (Acrobat Reader DC versions versions 2020.013.20074 (and
earlier), 2020 ...)
NOT-FOR-US: Acrobat
-CVE-2021-21088
- RESERVED
+CVE-2021-21088 (Acrobat Reader DC versions versions 2020.013.20074 (and
earlier), 2020 ...)
+ TODO: check
CVE-2021-21087 (Adobe Coldfusion versions 2016 (update 16 and earlier), 2018
(update 1 ...)
NOT-FOR-US: Adobe
CVE-2021-21086 (Acrobat Reader DC versions versions 2020.013.20074 (and
earlier), 2020 ...)
@@ -252478,14 +252578,14 @@ CVE-2020-10134 (Pairing in Bluetooth\xae Core v5.2
and earlier may permit an una
NOTE: Bluetooth protocol issue
CVE-2020-10133
RESERVED
-CVE-2020-10132
- RESERVED
-CVE-2020-10131
- RESERVED
-CVE-2020-10130
- RESERVED
-CVE-2020-10129
- RESERVED
+CVE-2020-10132 (SearchBlox before Version 9.1 is vulnerable to cross-origin
resource s ...)
+ TODO: check
+CVE-2020-10131 (SearchBlox before Version 9.2.1 is vulnerable to CSV macro
injection i ...)
+ TODO: check
+CVE-2020-10130 (SearchBlox before Version 9.1 is vulnerable to business logic
bypass w ...)
+ TODO: check
+CVE-2020-10129 (SearchBlox before Version 9.2.1 is vulnerable to Privileged
Escalation ...)
+ TODO: check
CVE-2020-10128 (SearchBlox product with version before 9.2.1 is vulnerable to
stored c ...)
TODO: check
CVE-2020-10127
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f471ae6bee250a0033be3fdc67d7154835b0df37
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f471ae6bee250a0033be3fdc67d7154835b0df37
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
