Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b4576e32 by Markus Koschany at 2023-09-24T23:48:03+02:00
CVE-2022-4132,jss: Buster is not affected
The vulnerable code was introduced later in 5.x.
- - - - -
670c7491 by Markus Koschany at 2023-09-24T23:52:12+02:00
Link to hoteldruid bug report
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -238,17 +238,17 @@ CVE-2023-43478 (fake_upload.cgi on the Telstra Smart
Modem Gen 2 (Arcadyan LH100
CVE-2023-43477 (The ping_from parameter of ping_tracerte.cgi in the web UI of
Telstra ...)
NOT-FOR-US: Telstra Smart Modem Gen 2 (Arcadyan LH1000) firmware
CVE-2023-43377 (A cross-site scripting (XSS) vulnerability in
/hoteldruid/visualizza_c ...)
- - hoteldruid <unfixed>
+ - hoteldruid <unfixed> (bug #1052572)
CVE-2023-43376 (A cross-site scripting (XSS) vulnerability in
/hoteldruid/clienti.php ...)
- - hoteldruid <unfixed>
+ - hoteldruid <unfixed> (bug #1052572)
CVE-2023-43375 (Hoteldruid v3.0.5 was discovered to contain multiple SQL
injection vul ...)
- - hoteldruid <unfixed>
+ - hoteldruid <unfixed> (bug #1052572)
CVE-2023-43374 (Hoteldruid v3.0.5 was discovered to contain a SQL injection
vulnerabil ...)
- - hoteldruid <unfixed>
+ - hoteldruid <unfixed> (bug #1052572)
CVE-2023-43373 (Hoteldruid v3.0.5 was discovered to contain a SQL injection
vulnerabil ...)
- - hoteldruid <unfixed>
+ - hoteldruid <unfixed> (bug #1052572)
CVE-2023-43371 (Hoteldruid v3.0.5 was discovered to contain a SQL injection
vulnerabil ...)
- - hoteldruid <unfixed>
+ - hoteldruid <unfixed> (bug #1052572)
CVE-2023-43207 (D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a
command ...)
NOT-FOR-US: D-Link
CVE-2023-43206 (D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a
command ...)
@@ -53764,6 +53764,7 @@ CVE-2022-4133
CVE-2022-4132 [Tomcat: Memory leak in JSS]
RESERVED
- jss <unfixed>
+ [buster] - jss <not-affected> (The vulnerable code was introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2147372
NOTE: Triggered by: https://github.com/dogtagpki/jss/pull/928
NOTE: Upstream PR: https://github.com/dogtagpki/jss/pull/970
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5ea70a64a6a25a3cd1abe61b6894f25c018f10d9...670c7491ac5b41d8e232a71bf289dd5d0b3e1775
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5ea70a64a6a25a3cd1abe61b6894f25c018f10d9...670c7491ac5b41d8e232a71bf289dd5d0b3e1775
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
