Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 08a79f4a by Moritz Muehlenhoff at 2023-11-01T20:25:02+01:00 bugnums - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -354,7 +354,7 @@ CVE-2019-25155 (DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks CVE-2015-20110 (JHipster generator-jhipster before 2.23.0 allows a timing attack again ...) NOT-FOR-US: JHipster generator-jhipster CVE-2023-34049 [allows an attacker to force Salt-SSH to run their script] - - salt <unfixed> + - salt <unfixed> (bug #1055179) NOTE: https://saltproject.io/security-announcements/2023-10-27-advisory/index.html CVE-2023-5844 (Unverified Password Change in GitHub repository pimcore/admin-ui-class ...) NOT-FOR-US: Pimcore admin-ui-classic-bundle @@ -4565,7 +4565,7 @@ CVE-2023-43810 (OpenTelemetry, also known as OTel for short, is a vendor-neutral CVE-2023-43058 (IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escal ...) NOT-FOR-US: IBM CVE-2023-42445 (Gradle is a build tool with a focus on build automation and support fo ...) - - gradle <unfixed> + - gradle <unfixed> (bug #1055176) [bookworm] - gradle <no-dsa> (Minor issue) [bullseye] - gradle <no-dsa> (Minor issue) [buster] - gradle <no-dsa> (Minor issue) @@ -4695,7 +4695,7 @@ CVE-2023-44828 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer o CVE-2023-44390 (HtmlSanitizer is a .NET library for cleaning HTML fragments and docume ...) NOT-FOR-US: HtmlSanitizer .NET library CVE-2023-44387 (Gradle is a build tool with a focus on build automation and support fo ...) - - gradle <unfixed> + - gradle <unfixed> (bug #1055177) [bookworm] - gradle <no-dsa> (Minor issue) [bullseye] - gradle <no-dsa> (Minor issue) [buster] - gradle <postponed> (Minor issue, requires local access to build machine) @@ -29366,7 +29366,7 @@ CVE-2023-29460 (An arbitrary code execution vulnerability contained in Rockwell CVE-2023-29459 (The laola.redbull application through 5.1.9-R for Android exposes the ...) NOT-FOR-US: laola.redbull CVE-2023-29458 (Duktape is an 3rd-party embeddable JavaScript engine, with a focus on ...) - - zabbix <unfixed> + - zabbix <unfixed> (bug #1055175) [bookworm] - zabbix <no-dsa> (Minor issue) [bullseye] - zabbix <no-dsa> (Minor issue) [buster] - zabbix <not-affected> (vulnerable code introduced later) @@ -29375,34 +29375,34 @@ CVE-2023-29458 (Duktape is an 3rd-party embeddable JavaScript engine, with a foc NOTE: duktape library introduced with https://github.com/zabbix/zabbix/commit/d43b04665c1ade5b4a9f49db750b8ca6c82e9de2 (5.0.0alpha1) CVE-2023-29457 (Reflected XSS attacks, occur when a malicious script is reflected off ...) {DLA-3538-1} - - zabbix <unfixed> + - zabbix <unfixed> (bug #1055175) [bookworm] - zabbix <no-dsa> (Minor issue) [bullseye] - zabbix <no-dsa> (Minor issue) NOTE: https://support.zabbix.com/browse/ZBX-22988 CVE-2023-29456 (URL validation scheme receives input from a user and then parses it to ...) {DLA-3538-1} - - zabbix <unfixed> + - zabbix <unfixed> (bug #1055175) [bookworm] - zabbix <no-dsa> (Minor issue) [bullseye] - zabbix <no-dsa> (Minor issue) NOTE: https://support.zabbix.com/browse/ZBX-22987 CVE-2023-29455 (Reflected XSS attacks, also known as non-persistent attacks, occur whe ...) {DLA-3538-1} - - zabbix <unfixed> + - zabbix <unfixed> (bug #1055175) [bookworm] - zabbix <no-dsa> (Minor issue) [bullseye] - zabbix <no-dsa> (Minor issue) NOTE: https://support.zabbix.com/browse/ZBX-22986 CVE-2023-29454 (Stored or persistent cross-site scripting (XSS) is a type of XSS where ...) {DLA-3538-1} - - zabbix <unfixed> + - zabbix <unfixed> (bug #1055175) [bookworm] - zabbix <no-dsa> (Minor issue) [bullseye] - zabbix <no-dsa> (Minor issue) NOTE: https://support.zabbix.com/browse/ZBX-22985 CVE-2023-29453 (Templates do not properly consider backticks (`) as Javascript string ...) - - zabbix <unfixed> + - zabbix <unfixed> (bug #1055175) [buster] - zabbix <not-affected> (buster does not have the Go agent) NOTE: https://support.zabbix.com/browse/ZBX-23388 CVE-2023-29452 (Currently, geomap configuration (Administration -> General -> Geograph ...) - - zabbix <unfixed> + - zabbix <unfixed> (bug #1055175) [bookworm] - zabbix <no-dsa> (Minor issue) [bullseye] - zabbix <not-affected> (vulnerable code introduced later) [buster] - zabbix <not-affected> (vulnerable code introduced later) @@ -29411,20 +29411,20 @@ CVE-2023-29452 (Currently, geomap configuration (Administration -> General -> Ge NOTE: vulnerable geopmap widget introduced in version with https://github.com/zabbix/zabbix/commit/7e6a91149533b17b12c0317968b485e0c98d4ac2 (6.0.0alpha6) CVE-2023-29451 (Specially crafted string can cause a buffer overrun in the JSON parser ...) {DLA-3538-1} - - zabbix <unfixed> + - zabbix <unfixed> (bug #1055175) [bookworm] - zabbix <no-dsa> (Minor issue) [bullseye] - zabbix <not-affected> (5.x not affected) NOTE: https://support.zabbix.com/browse/ZBX-22587 CVE-2023-29450 (JavaScript pre-processing can be used by the attacker to gain access t ...) {DLA-3538-1} - - zabbix <unfixed> + - zabbix <unfixed> (bug #1055175) [bookworm] - zabbix <no-dsa> (Minor issue) [bullseye] - zabbix <no-dsa> (Minor issue) NOTE: https://support.zabbix.com/browse/ZBX-22588 NOTE: Patch for 5.0.32rc1: https://github.com/zabbix/zabbix/commit/c3f1543e4 NOTE: Patch for 6.0.14rc2: https://github.com/zabbix/zabbix/commit/76f6a80cb CVE-2023-29449 (JavaScript preprocessing, webhooks and global scripts can cause uncont ...) - - zabbix <unfixed> + - zabbix <unfixed> (bug #1055175) [bookworm] - zabbix <no-dsa> (Minor issue) [bullseye] - zabbix <no-dsa> (Minor issue) [buster] - zabbix <not-affected> (vulnerable code introduced later) @@ -31027,7 +31027,7 @@ CVE-2023-29007 (Git is a revision control system. Prior to versions 2.30.9, 2.31 CVE-2023-29006 (The Order GLPI plugin allows users to manage order management within G ...) NOT-FOR-US: GLPI plugin CVE-2023-29005 (Flask-AppBuilder versions before 4.3.0 lack rate limiting which can al ...) - - flask-appbuilder <unfixed> + - flask-appbuilder <unfixed> (bug #1055181) NOTE: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-9hcr-9hcv-x6pv CVE-2023-29004 (hap-wi/roxy-wi is a web interface for managing Haproxy, Nginx, Apache ...) NOT-FOR-US: hap-wi/roxy-wi @@ -33590,7 +33590,7 @@ CVE-2023-1388 (A heap-based overflow vulnerability in TA prior to version 5.7.9 CVE-2023-1387 (Grafana is an open-source platform for monitoring and observability. ...) - grafana <removed> CVE-2023-1386 (A flaw was found in the 9p passthrough filesystem (9pfs) implementatio ...) - - qemu <unfixed> + - qemu <unfixed> (bug #1055174) [bookworm] - qemu <postponed> (Minor issue, revisit when fixed upstream) [bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream) [buster] - qemu <no-dsa> (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08a79f4a30d920b4ed168133b88a3e985db5c3f4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08a79f4a30d920b4ed168133b88a3e985db5c3f4 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits