Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e7e78554 by security tracker role at 2023-10-04T20:12:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,99 @@
+CVE-2023-5402 (ACWE-269: Improper Privilege Management vulnerability
existsthat could ...)
+ TODO: check
+CVE-2023-5399 (ACWE-22: Improper Limitation of a Pathname to a Restricted
Directory ( ...)
+ TODO: check
+CVE-2023-5391 (ACWE-502:Deserialization of untrusted datavulnerability
existsthat cou ...)
+ TODO: check
+CVE-2023-5377 (Out-of-bounds Read in GitHub repository gpac/gpac prior to
v2.2.2-DEV.)
+ TODO: check
+CVE-2023-5375 (Open Redirect in GitHub repository mosparo/mosparo prior to
1.0.2.)
+ TODO: check
+CVE-2023-5374 (A vulnerability classified as critical was found in
SourceCodester Onl ...)
+ TODO: check
+CVE-2023-5373 (A vulnerability classified as critical has been found in
SourceCodeste ...)
+ TODO: check
+CVE-2023-5371 (RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and
3.6.0 to 3. ...)
+ TODO: check
+CVE-2023-5113 (Certain HP Enterprise LaserJet and HP LaserJet Managed Printers
are po ...)
+ TODO: check
+CVE-2023-4997 (Improper authorisation of regular users in ProIntegra Uptime DC
softwa ...)
+ TODO: check
+CVE-2023-4497 (Easy Chat Server, in its 3.1 version and before, does not
sufficiently ...)
+ TODO: check
+CVE-2023-4496 (Easy Chat Server, in its 3.1 version and before, does not
sufficiently ...)
+ TODO: check
+CVE-2023-4495 (Easy Chat Server, in its 3.1 version and before, does not
sufficiently ...)
+ TODO: check
+CVE-2023-4494 (Stack-based buffer overflow vulnerability in Easy Chat Server
3.1 vers ...)
+ TODO: check
+CVE-2023-4493 (Stored Cross-Site Scripting in Easy Address Book Web Server 1.6
versio ...)
+ TODO: check
+CVE-2023-4492 (Vulnerability in Easy Address Book Web Server 1.6 version,
affecting t ...)
+ TODO: check
+CVE-2023-4491 (Buffer overflow vulnerability in Easy Address Book Web Server
1.6 vers ...)
+ TODO: check
+CVE-2023-4090 (Cross-site Scripting (XSS) reflected vulnerability on WideStand
until ...)
+ TODO: check
+CVE-2023-4037 (Blind SQL injection vulnerability in the Conacwin 3.7.1.2 web
interfac ...)
+ TODO: check
+CVE-2023-44210 (Sensitive information disclosure and manipulation due to
missing autho ...)
+ TODO: check
+CVE-2023-44209 (Local privilege escalation due to improper soft link handling.
The fol ...)
+ TODO: check
+CVE-2023-44208 (Sensitive information disclosure and manipulation due to
missing autho ...)
+ TODO: check
+CVE-2023-44075 (Cross Site Scripting vulnerability in Small CRM in PHP v.3.0
allows a ...)
+ TODO: check
+CVE-2023-43838 (An arbitrary file upload vulnerability in Personal Management
System v ...)
+ TODO: check
+CVE-2023-43804 (urllib3 is a user-friendly HTTP client library for Python.
urllib3 doe ...)
+ TODO: check
+CVE-2023-43261 (An information disclosure in Milesight UR5X, UR32L, UR32,
UR35, UR41 b ...)
+ TODO: check
+CVE-2023-42824 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ TODO: check
+CVE-2023-42809 (Redisson is a Java Redis client that uses the Netty framework.
Prior t ...)
+ TODO: check
+CVE-2023-42808 (Common Voice is the web app for Mozilla Common Voice, a
platform for c ...)
+ TODO: check
+CVE-2023-42449 (Hydra is the two-layer scalability solution for Cardano. Prior
to vers ...)
+ TODO: check
+CVE-2023-42448 (Hydra is the layer-two scalability solution for Cardano. Prior
to vers ...)
+ TODO: check
+CVE-2023-41094 (TouchLink packets processed after timeout or out of range due
to Opera ...)
+ TODO: check
+CVE-2023-40684 (IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM
Daeja ViewOn ...)
+ TODO: check
+CVE-2023-40561 (Cross-Site Request Forgery (CSRF) vulnerability in theDotstore
Enhance ...)
+ TODO: check
+CVE-2023-40559 (Cross-Site Request Forgery (CSRF) vulnerability in theDotstore
Dynamic ...)
+ TODO: check
+CVE-2023-40376 (IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through
7.2.3.5, and 7. ...)
+ TODO: check
+CVE-2023-3701 (Aqua Drive, in its 2.4 version, is vulnerable to a relative
path trave ...)
+ TODO: check
+CVE-2023-3665 (A code injection vulnerability in Trellix ENS 10.7.0 April 2023
releas ...)
+ TODO: check
+CVE-2023-3576 (A memory leak flaw was found in Libtiff's tiffcrop utility.
This issue ...)
+ TODO: check
+CVE-2023-3512 (Relative path traversal vulnerability in Setelsa Security's
ConacWin C ...)
+ TODO: check
+CVE-2023-3038 (SQL injection vulnerability in HelpDezk Community affecting
version 1. ...)
+ TODO: check
+CVE-2023-3037 (Improper authorization vulnerability in HelpDezk Community
affecting v ...)
+ TODO: check
+CVE-2023-39191 (An improper input validation flaw was found in the eBPF
subsystem in t ...)
+ TODO: check
+CVE-2023-38701 (Hydra is the layer-two scalability solution for Cardano. Users
of the ...)
+ TODO: check
+CVE-2023-38538 (A race condition in an event subsystem led to a heap
use-after-free is ...)
+ TODO: check
+CVE-2023-38537 (A race condition in a network transport subsystem led to a
heap use-af ...)
+ TODO: check
+CVE-2023-37995 (Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole
WP-Copy ...)
+ TODO: check
+CVE-2023-2809 (Plaintext credential usage vulnerability in Sage 200 Spain
2023.38.001 ...)
+ TODO: check
CVE-2023-5370 (On CPU 0 the check for the SMCCC workaround is called before
SMCCC sup ...)
NOT-FOR-US: FreeBSD
CVE-2023-5369 (Before correction, thecopy_file_rangesystem call checked only
for the ...)
@@ -94,7 +190,7 @@ CVE-2023-4882 (DOS vulnerability that could allow an
attacker to register a new
NOT-FOR-US: Open5GS
CVE-2023-4817 (This vulnerability allows an authenticated attacker to upload
maliciou ...)
NOT-FOR-US: ICP DAS
-CVE-2023-4732 (A flaw was found in the Linux Kernel's memory management
subsytem. A t ...)
+CVE-2023-4732 (A flaw was found in pfn_swap_entry_to_page in memory management
subsys ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -249,6 +345,7 @@ CVE-2023-43785 [libX11: out-of-bounds memory access in
_XkbReadKeySyms()]
NOTE: https://www.openwall.com/lists/oss-security/2023/10/03/1
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/6858d468d9ca55fb4c5fd70b223dbc78a3358a7f
CVE-2023-5346
+ {DSA-5515-1}
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-5345 (A use-after-free vulnerability in the Linux kernel's
fs/smb/client com ...)
@@ -1039,7 +1136,7 @@ CVE-2023-4003 (One Identity Password Manager version
5.9.7.1 -An unauthenticated
NOT-FOR-US: One Identity Password Manager
CVE-2023-2585
NOT-FOR-US: Keycloak
-CVE-2023-2422
+CVE-2023-2422 (A flaw was found in Keycloak. A Keycloak server configured to
support ...)
NOT-FOR-US: Keycloak
CVE-2023-44207 (Stored cross-site scripting (XSS) vulnerability in protection
plan nam ...)
NOT-FOR-US: Acronis
@@ -2346,7 +2443,7 @@ CVE-2023-38255 (A potential attacker with or without
(cookie theft) access to th
NOT-FOR-US: MODULYS GP
CVE-2023-37611 (Cross Site Scripting (XSS) vulnerability in Neos CMS 8.3.3
allows a re ...)
NOT-FOR-US: Neos CMS
-CVE-2023-4237 [ec2_key module prints out the private key directly to the
standard output]
+CVE-2023-4237 (A flaw was found in the Ansible Automation Platform. When
creating a n ...)
- ansible <unfixed>
[buster] - ansible <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2229979
@@ -4885,7 +4982,7 @@ CVE-2023-4624 (Server-Side Request Forgery (SSRF) in
GitHub repository bookstack
NOT-FOR-US: bookstack
CVE-2023-4600 (The AffiliateWP for WordPress is vulnerable to unauthorized
modificati ...)
NOT-FOR-US: AffiliateWP for WordPress
-CVE-2023-4571 (In Splunk IT Service Intelligence (ITSI) versions below 4.13.3
or 4.15 ...)
+CVE-2023-4571 (In Splunk IT Service Intelligence (ITSI) versions below below
4.13.3, ...)
NOT-FOR-US: Splunk
CVE-2023-4209 (The POEditor WordPress plugin before 0.9.8 does not have CSRF
checks i ...)
NOT-FOR-US: WordPress plugin
@@ -5196,7 +5293,7 @@ CVE-2023-38283 (In OpenBGPD before 8.1, incorrect
handling of BGP update data (l
NOTE:
https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/006_bgpd.patch.sig
CVE-2023-34039 (Aria Operations for Networks contains an Authentication Bypass
vulnera ...)
NOT-FOR-US: VMware
-CVE-2023-4586
+CVE-2023-4586 (A vulnerability was found in the Hot Rod client. This security
issue o ...)
NOT-FOR-US: Infinispan
CVE-2023-4585 (Memory safety bugs present in Firefox 116, Firefox ESR 115.1,
and Thun ...)
- firefox 117.0-1
@@ -5416,6 +5513,7 @@ CVE-2023-4569 (A memory leak flaw was found in
nft_set_catchall_flush in net/net
- linux 6.4.13-1
NOTE:
https://git.kernel.org/linus/90e5b3462efa37b8bba82d7c4e63683856e188af (6.5-rc7)
CVE-2023-4567
+ REJECTED
- ansible <unfixed> (bug #1051725)
[bookworm] - ansible <no-dsa> (Minor issue)
[bullseye] - ansible <no-dsa> (Minor issue)
@@ -5801,7 +5899,7 @@ CVE-2023-40217 (An issue was discovered in Python before
3.8.18, 3.9.x before 3.
NOTE: Additional patches to stabilize the test suite may also be
applied to all versions:
NOTE: 1.
https://github.com/python/cpython/commit/64f99350351bc46e016b2286f36ba7cd669b79e3
NOTE: 2.
https://github.com/python/cpython/commit/592bacb6fc0833336c0453e818e9b95016e9fd47
-CVE-2023-4380
+CVE-2023-4380 (A logic flaw exists in Ansible. Whenever a private project is
created ...)
- ansible <unfixed> (bug #1051897)
[bookworm] - ansible <no-dsa> (Minor issue)
[bullseye] - ansible <no-dsa> (Minor issue)
@@ -8830,7 +8928,7 @@ CVE-2023-4104 (An invalid Polkit Authentication check and
missing authentication
NOTE: https://www.openwall.com/lists/oss-security/2023/08/03/1
NOTE: https://github.com/mozilla-mobile/mozilla-vpn-client/pull/7055
NOTE:
https://github.com/mozilla-mobile/mozilla-vpn-client/commit/6933a07164cd69636889403c959ac2c2b115e0f6
-CVE-2023-3971
+CVE-2023-3971 (An HTML injection flaw was found in Controller in the user
interface s ...)
NOT-FOR-US: Red Hat Ansible Automation Controller
CVE-2023-34320 [arm: Guests can trigger a deadlock on Cortex-A77]
- xen 4.17.2-1
@@ -9045,7 +9143,8 @@ CVE-2023-34551 (In certain EZVIZ products, two stack
buffer overflows in netClie
NOT-FOR-US: EZVIZ
CVE-2023-33493 (An Unrestricted Upload of File with Dangerous Type
vulnerability in th ...)
NOT-FOR-US: Prestashop addon
-CVE-2023-32302 (Silverstripe Framework is the MVC framework that powers
Silverstripe C ...)
+CVE-2023-32302
+ REJECTED
NOT-FOR-US: Silverstripe Framework
CVE-2023-31710 (TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and
AX21(US)_V3.6_1.1. ...)
NOT-FOR-US: TP-Link
@@ -13436,7 +13535,7 @@ CVE-2023-2625 (A vulnerability exists that can be
exploited by an authenticated
NOT-FOR-US: ABB CoreTec
CVE-2023-3436 (Xpdf 4.04 will deadlock on a PDF object stream whose "Length"
field is ...)
- xpdf <not-affected> (Debian uses poppler, which is not affected)
-CVE-2023-3428 [heap-buffer-overflow in coders/tiff.c]
+CVE-2023-3428 (A heap-based buffer overflow vulnerability was found in
coders/tiff.c ...)
- imagemagick <unfixed>
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/a531d28e31309676ce8168c3b6dbbb5374b78790
(7.1.1-13)
NOTE: Prerequisite:
https://github.com/ImageMagick/ImageMagick6/commit/2b4eabb9d09b278f16727c635e928bd951c58773
(6.9.12-55)
@@ -13675,7 +13774,7 @@ CVE-2023-32522 (A path traversal exists in a specific
dll of Trend Micro Mobile
NOT-FOR-US: Trend Micro
CVE-2023-32521 (A path traversal exists in a specific service dll of Trend
Micro Mobil ...)
NOT-FOR-US: Trend Micro
-CVE-2023-3361
+CVE-2023-3361 (A flaw was found in Red Hat OpenShift Data Science. When
exporting a p ...)
NOT-FOR-US: OpenShift Data
CVE-2023-3422 (Use after free in Guest View in Google Chrome prior to
114.0.5735.198 ...)
{DSA-5440-1}
@@ -15538,7 +15637,7 @@ CVE-2023-2904 (The External Visitor Manager portal of
HID\u2019s SAFE versions 5
NOT-FOR-US: HID SAFE
CVE-2023-2866 (If an attacker can trick an authenticated user into loading a
maliciou ...)
NOT-FOR-US: Advantech
-CVE-2023-3153 [service monitor MAC flow is not rate limited]
+CVE-2023-3153 (A flaw was found in Open Virtual Network where the service
monitor MAC ...)
- ovn 23.09.0-1 (bug #1043598)
[bookworm] - ovn <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2213279
@@ -25130,8 +25229,7 @@ CVE-2023-1834 (Rockwell Automation was made aware that
Kinetix 5500 drives, manu
NOT-FOR-US: Rockwell Automation
CVE-2023-1833 (Authentication Bypass by Primary Weakness vulnerability in DTS
Electro ...)
NOT-FOR-US: DTS Electronics Redline Router firmware
-CVE-2023-1832
- RESERVED
+CVE-2023-1832 (An improper access control flaw was found in Candlepin. An
attacker ca ...)
NOT-FOR-US: Red Hat Satellite / Candlepin
CVE-2023-1831 (Mattermost fails to redact from audit logsthe user password
during use ...)
- mattermost-server <itp> (bug #823556)
@@ -26885,8 +26983,7 @@ CVE-2023-1586 (Avast and AVG Antivirus for Windows were
susceptible to a Time-of
NOT-FOR-US: Norton
CVE-2023-1585 (Avast and AVG Antivirus for Windows were susceptible to a
Time-of-chec ...)
NOT-FOR-US: Norton
-CVE-2023-1584
- RESERVED
+CVE-2023-1584 (A flaw was found in Quarkus. Quarkus OIDC can leak both ID and
access ...)
NOT-FOR-US: Quarkus
CVE-2023-28751 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Wpme ...)
NOT-FOR-US: WordPress plugin
@@ -31364,8 +31461,8 @@ CVE-2023-27435 (Cross-Site Request Forgery (CSRF)
vulnerability in Sami Ahmed Si
TODO: check
CVE-2023-27434
RESERVED
-CVE-2023-27433
- RESERVED
+CVE-2023-27433 (Cross-Site Request Forgery (CSRF) vulnerability in YAS Global
Team Mak ...)
+ TODO: check
CVE-2023-27432 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
WpSimple ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27431
@@ -32243,8 +32340,8 @@ CVE-2023-27123
RESERVED
CVE-2023-27122
RESERVED
-CVE-2023-27121
- RESERVED
+CVE-2023-27121 (A cross-site scripting (XSS) vulnerability in the component
/framework ...)
+ TODO: check
CVE-2023-27120
RESERVED
CVE-2023-27119 (WebAssembly v1.0.29 was discovered to contain a segmentation
fault via ...)
@@ -35263,8 +35360,8 @@ CVE-2023-25982 (Auth. (contributor+) Stored Cross-Site
Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2023-25981 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25980
- RESERVED
+CVE-2023-25980 (Cross-Site Request Forgery (CSRF) vulnerability in CAGE Web
Design | R ...)
+ TODO: check
CVE-2023-25979 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Vide ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25978 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Nate ...)
@@ -35780,8 +35877,8 @@ CVE-2023-25790
RESERVED
CVE-2023-25789 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Tapf ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25788
- RESERVED
+CVE-2023-25788 (Cross-Site Request Forgery (CSRF) vulnerability in Saphali
Saphali Woo ...)
+ TODO: check
CVE-2023-25787 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Wbol ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25786 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Thom ...)
@@ -37195,8 +37292,8 @@ CVE-2023-25491 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerabilityin
NOT-FOR-US: WordPress plugin
CVE-2023-25490 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Eric ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25489
- RESERVED
+CVE-2023-25489 (Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk
Update T ...)
+ TODO: check
CVE-2023-25488 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Duc ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25487 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade
PixTypes ...)
@@ -38320,8 +38417,8 @@ CVE-2023-25027 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25026
RESERVED
-CVE-2023-25025
- RESERVED
+CVE-2023-25025 (Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole
WP-Copy ...)
+ TODO: check
CVE-2023-25024 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Iceg ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25023 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Sale ...)
@@ -46066,8 +46163,8 @@ CVE-2021-4301 (A vulnerability was found in slackero
phpwcms up to 1.9.26 and cl
NOT-FOR-US: slackero phpwcms
CVE-2021-4300 (A vulnerability has been found in ghostlander Halcyon and
classified a ...)
NOT-FOR-US: ghostlander Halcyon
-CVE-2023-22618
- RESERVED
+CVE-2023-22618 (If Security Hardening guide rules are not followed, then Nokia
WaveLit ...)
+ TODO: check
CVE-2023-22617 (A remote attacker might be able to cause infinite recursion in
PowerDN ...)
- pdns-recursor 4.8.1-1 (bug #1029367)
[bullseye] - pdns-recursor <not-affected> (Vulnerable code introduced
later)
@@ -46470,8 +46567,8 @@ CVE-2023-22517
RESERVED
CVE-2023-22516
RESERVED
-CVE-2023-22515
- RESERVED
+CVE-2023-22515 (Atlassian has been made aware of an issue reported by a
handful of cus ...)
+ TODO: check
CVE-2023-22514
RESERVED
CVE-2023-22513 (This High severity RCE (Remote Code Execution) vulnerability
was intro ...)
@@ -55693,8 +55790,7 @@ CVE-2022-4134 (A flaw was found in openstack-glance.
This issue could allow a re
NOTE: https://bugs.launchpad.net/ossn/+bug/1990157
CVE-2022-4133
REJECTED
-CVE-2022-4132 [Tomcat: Memory leak in JSS]
- RESERVED
+CVE-2022-4132 (A flaw was found in JSS. A memory leak in JSS requires
non-standard co ...)
- jss <unfixed> (bug #1052575)
[bookworm] - jss <no-dsa> (Minor issue)
[bullseye] - jss <no-dsa> (Minor issue)
@@ -63375,8 +63471,8 @@ CVE-2023-20261
RESERVED
CVE-2023-20260
RESERVED
-CVE-2023-20259
- RESERVED
+CVE-2023-20259 (A vulnerability in an API endpoint of multiple Cisco Unified
Communica ...)
+ TODO: check
CVE-2023-20258
RESERVED
CVE-2023-20257
@@ -63423,8 +63519,8 @@ CVE-2023-20237 (A vulnerability in Cisco Intersight
Virtual Appliance could allo
NOT-FOR-US: Cisco
CVE-2023-20236 (A vulnerability in the iPXE boot function of Cisco IOS XR
software cou ...)
NOT-FOR-US: Cisco
-CVE-2023-20235
- RESERVED
+CVE-2023-20235 (A vulnerability in the on-device application development
workflow feat ...)
+ TODO: check
CVE-2023-20234 (A vulnerability in the CLI of Cisco FXOS Software could allow
an authe ...)
NOT-FOR-US: Cisco FXOS Software
CVE-2023-20233 (A vulnerability in the Connectivity Fault Management (CFM)
feature of ...)
@@ -63699,8 +63795,8 @@ CVE-2023-20103 (A vulnerability in Cisco Secure Network
Analytics could allow an
NOT-FOR-US: Cisco
CVE-2023-20102 (A vulnerability in the web-based management interface of Cisco
Secure ...)
NOT-FOR-US: Cisco
-CVE-2023-20101
- RESERVED
+CVE-2023-20101 (A vulnerability in Cisco Emergency Responder could allow an
unauthenti ...)
+ TODO: check
CVE-2023-20100 (A vulnerability in the access point (AP) joining process of
the Contro ...)
NOT-FOR-US: Cisco
CVE-2023-20099
@@ -64095,8 +64191,8 @@ CVE-2022-43908 (IBM Security Guardium 11.3 could allow
an authenticated user to
NOT-FOR-US: IBM
CVE-2022-43907 (IBM Security Guardium 11.4 could allow a remote authenticated
attacker ...)
NOT-FOR-US: IBM
-CVE-2022-43906
- RESERVED
+CVE-2022-43906 (IBM Security Guardium 11.5 could disclose sensitive
information due to ...)
+ TODO: check
CVE-2022-43905
RESERVED
CVE-2022-43904 (IBM Security Guardium 11.3 and 11.4 could disclose sensitive
informati ...)
@@ -85118,10 +85214,10 @@ CVE-2022-2462 (The Transposh WordPress Translation
plugin for WordPress is vulne
NOT-FOR-US: Transposh WordPress Translation plugin for WordPress
CVE-2022-2461 (The Transposh WordPress Translation plugin for WordPress is
vulnerable ...)
NOT-FOR-US: Transposh WordPress Translation plugin for WordPress
-CVE-2022-36277
- RESERVED
-CVE-2022-36276
- RESERVED
+CVE-2022-36277 (The 'sReferencia', 'sDescripcion', 'txtCodigo' and
'txtDescripcion' pa ...)
+ TODO: check
+CVE-2022-36276 (TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the
'SqlWhere' p ...)
+ TODO: check
CVE-2022-2460 (The WPDating WordPress plugin before 7.4.0 does not properly
escape us ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2459 (An issue has been discovered in GitLab EE affecting all
versions befor ...)
@@ -147018,8 +147114,8 @@ CVE-2021-3786 (A potential vulnerability in the SMI
callback function used in CS
NOT-FOR-US: Lenovo
CVE-2021-3785 (yourls is vulnerable to Improper Neutralization of Input During
Web Pa ...)
NOT-FOR-US: yourls
-CVE-2021-3784
- RESERVED
+CVE-2021-3784 (Garuda Linux performs an insecure user creation and
authentication tha ...)
+ TODO: check
CVE-2021-3783 (yourls is vulnerable to Improper Neutralization of Input During
Web Pa ...)
NOT-FOR-US: yourls
CVE-2021-3782 (An internal reference count is held on the buffer pool,
incremented ev ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7e78554a173cccf47b1cb86d7529d022c7dd771
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7e78554a173cccf47b1cb86d7529d022c7dd771
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
