[Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3200d565 by Salvatore Bonaccorso at 2024-03-06T09:16:48+01:00 Process some new NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,35 +1,35 @@ CVE-2024-2179 (Concrete CMS version 9 before 9.2.7 is vulnerable to Stored XSS via th ...) TODO: check CVE-2024-27765 (Directory Traversal vulnerability in Jeewms v.3.7 and before allows a ...) - TODO: check + NOT-FOR-US: Jeewms CVE-2024-27764 (An issue in Jeewms v.3.7 and before allows a remote attacker to escala ...) - TODO: check + NOT-FOR-US: Jeewms CVE-2024-27278 (OpenPNE Plugin "opTimelinePlugin" 1.2.11 and earlier contains a cross- ...) - TODO: check + NOT-FOR-US: OpenPNE Plugin CVE-2024-25858 (In Foxit PDF Reader before 2024.1 and PDF Editor before 2024.1, code e ...) - TODO: check + NOT-FOR-US: Foxit PDF Reader CVE-2024-25817 (Buffer Overflow vulnerability in eza before version 0.18.2, allows loc ...) TODO: check CVE-2024-25616 (Aruba has identified certain configurations of ArubaOS that can lead t ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-25615 (An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-25614 (There is an arbitrary file deletion vulnerability in the CLI used by A ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-25613 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-25612 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-25611 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-24786 (The protojson.Unmarshal function can enter an infinite loop when unmar ...) TODO: check CVE-2024-24278 (An issue in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 al ...) - TODO: check + NOT-FOR-US: Teamwire Windows desktop client CVE-2024-24276 (Cross Site Scripting (XSS) vulnerability in Teamwire Windows desktop c ...) - TODO: check + NOT-FOR-US: Teamwire Windows desktop client CVE-2024-24275 (Cross Site Scripting vulnerability in Teamwire Windows desktop client ...) - TODO: check + NOT-FOR-US: Teamwire Windows desktop client CVE-2024-22889 (Due to incorrect access control in Plone version v6.0.9, remote attack ...) TODO: check CVE-2024-1989 (The Social Sharing Plugin \u2013 Sassy Social Share plugin for WordPre ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3200d56575a356cdf6bd96b56b410acfe317846a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3200d56575a356cdf6bd96b56b410acfe317846a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d1671072 by Salvatore Bonaccorso at 2024-02-15T09:29:39+01:00 Process some new NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,13 +1,13 @@ CVE-2024-26264 (EBM Technologies RISWEB's specific query function parameter does not p ...) - TODO: check + NOT-FOR-US: EBM Technologies RISWEB CVE-2024-26263 (EBM Technologies RISWEB's specific URL path is not properly controlled ...) - TODO: check + NOT-FOR-US: EBM Technologies RISWEB CVE-2024-26262 (EBM Technologies Uniweb/SoliPACS WebServer's query functionality lacks ...) - TODO: check + NOT-FOR-US: EBM Technologies Uniweb/SoliPACS WebServer CVE-2024-26261 (The functionality for file download in HGiga OAKlouds' certain modules ...) - TODO: check + NOT-FOR-US: HGiga OAKlouds CVE-2024-26260 (The functionality for synchronization in HGiga OAKlouds' certain moudu ...) - TODO: check + NOT-FOR-US: HGiga OAKlouds CVE-2024-25941 (The jail(2) system call has not limited a visiblity of allocated TTYs ...) TODO: check CVE-2024-25940 (`bhyveload -h ` may be used to grant loader access to the < ...) @@ -21,17 +21,17 @@ CVE-2024-25618 (Mastodon is a free, open-source social network server based on A CVE-2024-25617 (Squid is an open source caching proxy for the Web supporting HTTP, HTT ...) TODO: check CVE-2024-25559 (URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8 ...) - TODO: check + NOT-FOR-US: a-blog cms CVE-2024-24386 (An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary ...) - TODO: check + NOT-FOR-US: VitalPBX CVE-2024-24301 (Command Injection vulnerability discovered in 4ipnet EAP-767 device v3 ...) - TODO: check + NOT-FOR-US: 4ipnet EAP-767 device CVE-2024-24300 (4ipnet EAP-767 v3.42.00 is vulnerable to Incorrect Access Control. The ...) - TODO: check + NOT-FOR-US: 4ipnet EAP-767 CVE-2024-24256 (SQL Injection vulnerability in Yonyou space-time enterprise informatio ...) - TODO: check + NOT-FOR-US: Yonyou space-time enterprise information integration platform CVE-2024-21727 (XSS vulnerability in DP Calendar component for Joomla.) - TODO: check + NOT-FOR-US: DP Calendar component for Joomla CVE-2024-1523 (EC-WEB FS-EZViewer(Web)'s query functionality lacks proper restriction ...) TODO: check CVE-2024-1482 (An incorrect authorization vulnerability was identified in GitHub Ente ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1671072131a9a53888186f376f5abae58af4707 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1671072131a9a53888186f376f5abae58af4707 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6a477be5 by Salvatore Bonaccorso at 2024-02-03T21:19:52+01:00 Process some new NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,13 +1,13 @@ CVE-2024-1215 (A vulnerability was found in SourceCodester CRUD without Page Reload 1 ...) - TODO: check + NOT-FOR-US: SourceCodester CRUD without Page Reload CVE-2024-1064 (A host header injection vulnerability in the HTTP handler component of ...) TODO: check CVE-2023-49950 (The Jinja templating in Logpoint SIEM 6.10.0 through 7.x before 7.3.0 ...) TODO: check CVE-2023-44031 (Incorrect access control in Reprise License Management Software Repris ...) - TODO: check + NOT-FOR-US: Reprise License Management Software Reprise License Manager CVE-2023-43183 (Incorrect access control in Reprise License Management Software Repris ...) - TODO: check + NOT-FOR-US: Reprise License Management Software Reprise License Manager CVE-2024-23553 (A cross-site scripting (XSS) vulnerability in the Web Reports componen ...) NOT-FOR-US: HCL CVE-2024-23550 (HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user inf ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a477be59f7c5e784bc50b8d6b8cad70af8ce9b1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a477be59f7c5e784bc50b8d6b8cad70af8ce9b1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ed202a1c by Salvatore Bonaccorso at 2024-01-10T09:34:57+01:00 Process some new NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,51 +1,51 @@ CVE-2024-21643 (IdentityModel Extensions for .NET provide assemblies for web developer ...) TODO: check CVE-2024-0364 (A vulnerability, which was classified as critical, was found in PHPGur ...) - TODO: check + NOT-FOR-US: PHPGurukul Hospital Management System CVE-2024-0363 (A vulnerability, which was classified as critical, has been found in P ...) - TODO: check + NOT-FOR-US: PHPGurukul Hospital Management System CVE-2024-0362 (A vulnerability classified as critical was found in PHPGurukul Hospita ...) - TODO: check + NOT-FOR-US: PHPGurukul Hospital Management System CVE-2024-0361 (A vulnerability classified as critical has been found in PHPGurukul Ho ...) - TODO: check + NOT-FOR-US: PHPGurukul Hospital Management System CVE-2024-0360 (A vulnerability was found in PHPGurukul Hospital Management System 1.0 ...) - TODO: check + NOT-FOR-US: PHPGurukul Hospital Management System CVE-2024-0359 (A vulnerability was found in code-projects Simple Online Hotel Reserva ...) - TODO: check + NOT-FOR-US: code-projects Simple Online Hotel Reservation System CVE-2024-0358 (A vulnerability was found in DeShang DSO2O up to 4.1.0. It has been cl ...) - TODO: check + NOT-FOR-US: DeShang DSO2O CVE-2024-0357 (A vulnerability was found in coderd-repos Eva 1.0.0 and classified as ...) TODO: check CVE-2024-0356 (A vulnerability has been found in Mandelo ssm_shiro_blog 1.0 and class ...) - TODO: check + NOT-FOR-US: Mandelo ssm_shiro_blog CVE-2024-0355 (A vulnerability, which was classified as critical, was found in PHPGur ...) - TODO: check + NOT-FOR-US: PHPGurukul Dairy Farm Shop Management System CVE-2024-0354 (A vulnerability, which was classified as critical, has been found in u ...) TODO: check CVE-2024-0352 (A vulnerability classified as critical was found in Likeshop up to 2.5 ...) - TODO: check + NOT-FOR-US: Likeshop CVE-2024-0351 (A vulnerability classified as problematic has been found in SourceCode ...) - TODO: check + NOT-FOR-US: SourceCodester Engineers Online Portal CVE-2024-0350 (A vulnerability was found in SourceCodester Engineers Online Portal 1. ...) - TODO: check + NOT-FOR-US: SourceCodester Engineers Online Portal CVE-2024-0349 (A vulnerability was found in SourceCodester Engineers Online Portal 1. ...) - TODO: check + NOT-FOR-US: SourceCodester Engineers Online Portal CVE-2024-0348 (A vulnerability was found in SourceCodester Engineers Online Portal 1. ...) - TODO: check + NOT-FOR-US: SourceCodester Engineers Online Portal CVE-2024-0347 (A vulnerability was found in SourceCodester Engineers Online Portal 1. ...) - TODO: check + NOT-FOR-US: SourceCodester Engineers Online Portal CVE-2024-0346 (A vulnerability has been found in CodeAstro Vehicle Booking System 1.0 ...) - TODO: check + NOT-FOR-US: CodeAstro Vehicle Booking System CVE-2024-0345 (A vulnerability, which was classified as problematic, was found in Cod ...) - TODO: check + NOT-FOR-US: CodeAstro Vehicle Booking System CVE-2024-0344 (A vulnerability, which was classified as critical, has been found in s ...) TODO: check CVE-2023-5770 (Proofpoint Enterprise Protection contains a vulnerability in the email ...) - TODO: check + NOT-FOR-US: Proofpoint Enterprise Protection CVE-2023-50136 (Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows att ...) - TODO: check + NOT-FOR-US: JFinalcms CVE-2023-48864 (SEMCMS v4.8 was discovered to contain a SQL injection vulnerability vi ...) - TODO: check + NOT-FOR-US: SEMCMS CVE-2023-47997 (An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in F ...) TODO: check CVE-2023-47996 (An integer overflow vulnerability in Exif.cpp::jpeg_read_exif_dir in F ...) @@ -59,11 +59,11 @@ CVE-2023-47993 (A Buffer out-of-bound read vulnerability in Exif.cpp::ReadInt32 CVE-2023-47992 (An integer overflow vulnerability in FreeImageIO.cpp::_MemoryReadProc ...) TODO: check CVE-2023-41781 (There is a Cross-sitescripting (XSS) vulnerability in ZTE MF258. Due t ...) - TODO: check + NOT-FOR-US: ZTE CVE-2023-3043 (AMI\u2019s SPx contains a vulnerability in the BMC where an Attacker m ...) TODO: check CVE-2023-38827 (Cross Site Scripting vulnerability in Follet School Solutions Destiny ...) - TODO: check + NOT-FOR-US: Follet School Solutions Destiny CVE-2023-37297 (AMI\u2019s SPx contains a
[Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d02ae3ba by Salvatore Bonaccorso at 2023-12-19T21:19:55+01:00
Process some new NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,21 +1,21 @@
CVE-2023-6945 (A vulnerability has been found in SourceCodester Online Student
Manage ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Online Student Management System
CVE-2023-6932 (A use-after-free vulnerability in the Linux kernel's ipv4: igmp
compon ...)
TODO: check
CVE-2023-6931 (A heap out-of-bounds write vulnerability in the Linux kernel's
Perform ...)
TODO: check
CVE-2023-6913 (A session hijacking vulnerability has been detected in the Imou
Life a ...)
- TODO: check
+ NOT-FOR-US: Imou Life application
CVE-2023-6730 (Deserialization of Untrusted Data in GitHub repository
huggingface/tra ...)
TODO: check
CVE-2023-6711 (Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC
60870-5-104 th ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2023-6280 (An XXE (XML External Entity) vulnerability has been detected in
52Nort ...)
- TODO: check
+ NOT-FOR-US: 52North WPS
CVE-2023-50376 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50272 (A potential security vulnerability has been identified in HPE
Integrat ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-49706 (Defective request context handling in Self Service in LinOTP
3.x befor ...)
TODO: check
CVE-2023-49489 (Reflective Cross Site Scripting (XSS) vulnerability in
KodeExplorer ve ...)
@@ -35,7 +35,7 @@ CVE-2023-46264 (An unrestricted upload of file with dangerous
type vulnerability
CVE-2023-46263 (An unrestricted upload of file with dangerous type
vulnerability exist ...)
TODO: check
CVE-2023-46262 (An unauthenticated attacked could send a specifically crafted
web requ ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2023-46261 (An attacker sending specially crafted data packets to the
Mobile Devic ...)
TODO: check
CVE-2023-46260 (An attacker sending specially crafted data packets to the
Mobile Devic ...)
@@ -63,11 +63,11 @@ CVE-2023-46217 (An attacker sending specially crafted data
packets to the Mobile
CVE-2023-46216 (An attacker sending specially crafted data packets to the
Mobile Devic ...)
TODO: check
CVE-2023-45105 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-44991 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-44983 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-43870 (When installing the Net2 software a root certificate is
installed into ...)
TODO: check
CVE-2023-43826 (Apache Guacamole 1.5.3 and older do not consistently ensure
that value ...)
@@ -77,17 +77,17 @@ CVE-2023-41727 (An attacker sending specially crafted data
packets to the Mobile
CVE-2023-41648 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in S ...)
TODO: check
CVE-2023-40602 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in D ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-38481 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-38478 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-37390 (Deserialization of Untrusted Data vulnerability in Themesflat
Themesfl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-34382 (Deserialization of Untrusted Data vulnerability in weDevs
Dokan \u2013 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-34027 (Deserialization of Untrusted Data vulnerability in Rajnish
Arora Recen ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2019-25158 (A vulnerability has been found in pedroetb tts-api up to 2.1.4
and cla ...)
TODO: check
CVE-2023-50762 (When processing a PGP/MIME payload that contains digitally
signed text ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d02ae3ba3cb524f9b5562d1265350112ab9ed638
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d02ae3ba3cb524f9b5562d1265350112ab9ed638
You're receiving this email because of your account on salsa.debian.org.
___
[Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e9b9abcf by Salvatore Bonaccorso at 2023-11-27T21:37:51+01:00 Process some new NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,55 +1,56 @@ CVE-2023-6329 ([PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATF ...) - TODO: check + NOT-FOR-US: Control iD iDSecure CVE-2023-6287 (Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before ...) TODO: check CVE-2023-6254 (A Vulnerability in OTRS AgentInterface and ExternalInterface allows th ...) - TODO: check + NOT-FOR-US: OTRS + NOTE: Issue is listed as specific to 8.x, so won't affect Znuny which forked from 6.x CVE-2023-6202 (Mattermost fails to perform proper authorization in the /plugins/focal ...) TODO: check CVE-2023-5974 (The WPB Show Core WordPress plugin through 2.2 is vulnerable to server ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5958 (The POST SMTP Mailer WordPress plugin before 2.7.1 does not escape ema ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5942 (The Medialist WordPress plugin before 1.4.1 does not validate and esca ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5906 (The Job Manager & Career WordPress plugin before 1.4.4 contains a vuln ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5845 (The Simple Social Media Share Buttons WordPress plugin before 5.1.1 le ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5738 (The WordPress Backup & Migration WordPress plugin before 1.4.4 does no ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5737 (The WordPress Backup & Migration WordPress plugin before 1.4.4 does no ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5653 (The WassUp Real Time Analytics WordPress plugin through 1.9.4.5 does n ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5641 (The Martins Free & Easy SEO BackLink Link Building Network WordPress p ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5620 (The Web Push Notifications WordPress plugin before 4.35.0 does not pre ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5611 (The Seraphinite Accelerator WordPress plugin before 2.20.32 does not h ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5607 (An improper limitation of a path name to a restricted directory (path ...) - TODO: check + NOT-FOR-US: Trellix CVE-2023-5604 (The Asgaros Forum WordPress plugin before 2.7.1 allows forum administr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5560 (The WP-UserOnline WordPress plugin before 2.88.3 does not sanitise and ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5559 (The 10Web Booster WordPress plugin before 2.24.18 does not validate th ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5525 (The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is m ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5325 (The Woocommerce Vietnam Checkout WordPress plugin before 2.0.6 does no ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5239 (The Security & Malware scan by CleanTalk WordPress plugin before 2.121 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5209 (The WordPress Online Booking and Scheduling Plugin WordPress plugin be ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-4931 (Uncontrolled search path element vulnerability in Plesk Installer affe ...) - TODO: check + NOT-FOR-US: Plesk Installer CVE-2023-4922 (The WPB Show Core WordPress plugin through 2.2 is vulnerable to a loca ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-4642 (The kk Star Ratings WordPress plugin before 5.4.6 does not implement a ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-4590 (Buffer overflow vulnerability in Frhed hex editor, affecting version 1 ...) TODO: check CVE-2023-4514 (The Mmm Simple File List WordPress plugin through 2.3 does not validat ...) @@ -61,15 +62,15 @@ CVE-2023-4252 (The EventPrime WordPress plugin through 3.2.9 specifies the price CVE-2023-49316 (In Math/BinaryField.php in phpseclib before 3.0.34, excessively large ...) TODO: check CVE-2023-49047 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the devName parame ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-49046 (Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-49043 (Buffer Overflow
[Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ddbe489b by Salvatore Bonaccorso at 2023-10-05T14:31:28+02:00 Process some new NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,11 +1,11 @@ CVE-2023-45198 (ftpd before "NetBSD-ftpd 20230930" can leak information about the host ...) TODO: check CVE-2023-44389 (Zope is an open-source web application server. The title property, ava ...) - TODO: check + NOT-FOR-US: Zope CVE-2023-43877 (Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities t ...) - TODO: check + NOT-FOR-US: Rite CMS CVE-2023-43809 (Soft Serve is a self-hostable Git server for the command line. Prior t ...) - TODO: check + NOT-FOR-US: Soft Serve CVE-2023-43805 (Nexkey is a fork of Misskey, an open source, decentralized social medi ...) TODO: check CVE-2023-43799 (Altair is a GraphQL Client. Prior to version 5.2.5, the Altair GraphQL ...) @@ -13,7 +13,7 @@ CVE-2023-43799 (Altair is a GraphQL Client. Prior to version 5.2.5, the Altair G CVE-2023-43793 (Misskey is an open source, decentralized social media platform. Prior ...) TODO: check CVE-2023-43321 (File Upload vulnerability in Digital China Networks DCFW-1800-SDC v.3. ...) - TODO: check + NOT-FOR-US: Digital China Networks DCFW-1800-SDC CVE-2023-40299 (Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and a ...) TODO: check CVE-2023-36619 (Atos Unify OpenScape Session Border Controller through V10 R3.01.03 al ...) @@ -85,7 +85,7 @@ CVE-2023-4090 (Cross-site Scripting (XSS) reflected vulnerability on WideStand u CVE-2023-4037 (Blind SQL injection vulnerability in the Conacwin 3.7.1.2 web interfac ...) TODO: check CVE-2023-44210 (Sensitive information disclosure and manipulation due to missing autho ...) - TODO: check + NOT-FOR-US: Acronis CVE-2023-44209 (Local privilege escalation due to improper soft link handling. The fol ...) NOT-FOR-US: Acronis CVE-2023-44208 (Sensitive information disclosure and manipulation due to missing autho ...) @@ -103,7 +103,7 @@ CVE-2023-42824 (The issue was addressed with improved checks. This issue is fixe CVE-2023-42809 (Redisson is a Java Redis client that uses the Netty framework. Prior t ...) TODO: check CVE-2023-42808 (Common Voice is the web app for Mozilla Common Voice, a platform for c ...) - TODO: check + NOT-FOR-US: Mozilla Common Voice CVE-2023-42449 (Hydra is the two-layer scalability solution for Cardano. Prior to vers ...) TODO: check CVE-2023-42448 (Hydra is the layer-two scalability solution for Cardano. Prior to vers ...) @@ -113,9 +113,9 @@ CVE-2023-41094 (TouchLink packets processed after timeout or out of range due to CVE-2023-40684 (IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOn ...) NOT-FOR-US: IBM CVE-2023-40561 (Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Enhance ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-40559 (Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Dynamic ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-40376 (IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7. ...) NOT-FOR-US: IBM CVE-2023-3701 (Aqua Drive, in its 2.4 version, is vulnerable to a relative path trave ...) @@ -1297,7 +1297,7 @@ CVE-2023-42822 (xrdp is an open source remote desktop protocol server. Access to CVE-2023-42657 (In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traver ...) NOT-FOR-US: Progress WS_FTP Server CVE-2023-42487 (Soundminer \u2013 CWE-22: Improper Limitation of a Pathname to a Restr ...) - TODO: check + NOT-FOR-US: Soundminer CVE-2023-42486 (Fortect - CWE-428: Unquoted Search Path or Element, may be used by loc ...) NOT-FOR-US: Fortect CVE-2023-41653 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Beplus S ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddbe489bb828fbe39f247c20f2286691ce546751 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddbe489bb828fbe39f247c20f2286691ce546751 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1743d635 by Salvatore Bonaccorso at 2023-09-23T10:43:17+02:00 Process some new NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,19 +1,19 @@ CVE-2023-5134 (The Easy Registration Forms for WordPress is vulnerable to Information ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5125 (The Contact Form by FormGet plugin for WordPress is vulnerable to Stor ...) - TODO: check + NOT-FOR-US: Contact Form by FormGet plugin for WordPress CVE-2023-43470 (SQL injection vulnerability in janobe Online Voting System v.1.0 allow ...) - TODO: check + NOT-FOR-US: janobe Online Voting System CVE-2023-43469 (SQL injection vulnerability in janobe Online Job Portal v.2020 allows ...) - TODO: check + NOT-FOR-US: janobe Online Job Portal CVE-2023-43468 (SQL injection vulnerability in janobe Online Job Portal v.2020 allows ...) - TODO: check + NOT-FOR-US: janobe Online Job Portal CVE-2023-43338 (Cesanta mjs v2.20.0 was discovered to contain a function pointer hijac ...) - TODO: check + NOT-FOR-US: Cesanta mjs CVE-2023-43130 (D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulner ...) - TODO: check + NOT-FOR-US: D-Link CVE-2023-43129 (D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulner ...) - TODO: check + NOT-FOR-US: D-Link CVE-2023-43640 (TaxonWorks is a web-based workbench designed for taxonomists and biodi ...) NOT-FOR-US: TaxonWorks CVE-2023-43270 (dst-admin v1.5.0 was discovered to contain a remote command execution ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1743d635616d93c143987ffb72b6f730745e6cdb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1743d635616d93c143987ffb72b6f730745e6cdb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6da2598a by Salvatore Bonaccorso at 2023-08-24T22:22:09+02:00 Process some new NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5,31 +5,31 @@ CVE-2023-4419 (The LMS5xx uses hard-coded credentials, which potentially allow l CVE-2023-4418 (A remote unprivileged attacker can sent multiple packages to the LMS5x ...) TODO: check CVE-2023-40904 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-40902 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-40901 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-40900 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-40899 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-40898 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-40897 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-40896 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-40895 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-40894 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-40893 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-40892 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-40891 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-40877 (DedeCMS up to and including 5.7.110 was discovered to contain a cross- ...) TODO: check CVE-2023-40876 (DedeCMS up to and including 5.7.110 was discovered to contain a cross- ...) @@ -49,7 +49,7 @@ CVE-2023-40707 (There are no requirements for setting a complex password in the CVE-2023-40706 (There is no limit on the number of login attempts in the web server fo ...) TODO: check CVE-2023-40371 (IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could allow a non- ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-39834 (PbootCMS below v3.2.0 was discovered to contain a command injection vu ...) TODO: check CVE-2023-39801 (A lack of exception handling in the Renault Easy Link Multimedia Syste ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6da2598ab182683f1b34f6053df121b6ef2c2f68 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6da2598ab182683f1b34f6053df121b6ef2c2f68 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c18ef39d by Salvatore Bonaccorso at 2023-08-16T10:57:06+02:00 Process some new NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,17 +1,17 @@ CVE-2023-4374 (The WP Remote Users Sync plugin for WordPress is vulnerable to unautho ...) - TODO: check + NOT-FOR-US: WP Remote Users Sync plugin for WordPress CVE-2023-3958 (The WP Remote Users Sync plugin for WordPress is vulnerable to Server ...) - TODO: check + NOT-FOR-US: WP Remote Users Sync plugin for WordPress CVE-2023-39852 (Doctormms v1.0 was discovered to contain a SQL injection vulnerability ...) - TODO: check + NOT-FOR-US: Doctormms CVE-2023-39851 (webchess v1.0 was discovered to contain a SQL injection vulnerability ...) - TODO: check + NOT-FOR-US: webchess CVE-2023-39850 (Schoolmate v1.3 was discovered to contain multiple SQL injection vulne ...) - TODO: check + NOT-FOR-US: Schoolmate CVE-2023-39849 (Pikachu v1.0 was discovered to contain a SQL injection vulnerability v ...) - TODO: check + NOT-FOR-US: Pikachu CVE-2023-39848 (DVWA v1.0 was discovered to contain a SQL injection vulnerability via ...) - TODO: check + NOT-FOR-US: DVWA CVE-2023-4371 (A vulnerability was found in phpRecDB 1.3.1. It has been rated as prob ...) NOT-FOR-US: phpRecDB CVE-2023-4369 (Insufficient data validation in Systems Extensions in Google Chrome on ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c18ef39d43bdd43c5a622a0f985e2229ed0ee7a8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c18ef39d43bdd43c5a622a0f985e2229ed0ee7a8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a02729ba by Salvatore Bonaccorso at 2023-05-08T22:29:37+02:00 Process some new NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1909,7 +1909,7 @@ CVE-2023-2116 CVE-2023-2115 RESERVED CVE-2023-2114 (The NEX-Forms WordPress plugin before 8.4 does not properly escape the ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2113 RESERVED CVE-2023-2112 (Desktop component service allows lateral movement between sessions in ...) @@ -2992,7 +2992,7 @@ CVE-2023-1981 [avahi-daemon can be crashed via DBus] CVE-2023-1980 (Two factor authentication bypass on login in Devolutions Remote Des ...) NOT-FOR-US: Devolutions CVE-2023-1979 (The Web Stories for WordPress plugin supports the WordPress built-in f ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-1978 RESERVED CVE-2023-1977 @@ -5462,7 +5462,7 @@ CVE-2023-1906 (A heap-based buffer overflow issue was discovered in ImageMagick' NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-35q2-86c7-9247 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e30c693b37c3b41723f1469d1226a2c814ca443d (ImageMagick 6.9.12-84) CVE-2023-1905 (The WP Popups WordPress plugin before 2.1.5.1 does not properly escape ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2015-10098 (A vulnerability was found in Broken Link Checker Plugin up to 1.10.5. ...) NOT-FOR-US: WordPress plugin CVE-2013-10023 (A vulnerability was found in Editorial Calendar Plugin up to 2.6. It h ...) @@ -6297,7 +6297,7 @@ CVE-2023-29170 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability i CVE-2023-1807 RESERVED CVE-2023-1806 (The WP Inventory Manager WordPress plugin before 2.1.0.12 does not san ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-1805 (The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1. ...) NOT-FOR-US: WordPress plugin CVE-2023-1804 (The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1. ...) @@ -7220,7 +7220,7 @@ CVE-2023-1662 CVE-2023-1661 RESERVED CVE-2023-1660 (The AI ChatBot WordPress plugin before 4.4.9 does not have authorisati ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-1659 REJECTED CVE-2023-1658 @@ -7247,11 +7247,11 @@ CVE-2023-1652 (A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/e6cf91b7b47ff82b624bdfe2fdcde32bb52e71dd (6.2-rc5) CVE-2023-1651 (The AI ChatBot WordPress plugin before 4.4.9 does not have authorisati ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-1650 (The AI ChatBot WordPress plugin before 4.4.7 unserializes user input f ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-1649 (The AI ChatBot WordPress plugin before 4.5.1 does not sanitise and esc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-1648 REJECTED CVE-2022-48429 (In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 refle ...) @@ -9137,7 +9137,7 @@ CVE-2023-28344 CVE-2023-28343 (OS command injection affects Altenergy Power Control Software C1.2.5 v ...) NOT-FOR-US: Altenergy Power Control Software CVE-2023-1408 (The Video List Manager WordPress plugin through 1.7 does not properly ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-1407 (A vulnerability classified as critical was found in SourceCodester Stu ...) NOT-FOR-US: SourceCodester CVE-2023-1406 (The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files ...) @@ -10002,7 +10002,7 @@ CVE-2023-28120 CVE-2023-1348 RESERVED CVE-2023-1347 (The Customizer Export/Import WordPress plugin before 0.9.6 unserialize ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-28119 (The crewjam/saml go library contains a partial implementation of the S ...) - golang-github-crewjam-saml (bug #1033753) NOTE: https://github.com/crewjam/saml/commit/8e9236867d176ad6338c870a84e2039aef8a5021 (v0.4.13) @@ -14406,7 +14406,7 @@ CVE-2023-1013 (Improper Neutralization of Script-Related HTML Tags in a Web Page CVE-2023-1012 RESERVED CVE-2023-1011 (The AI ChatBot WordPress plugin before 4.4.5 does not escape most of i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-1010 (A vulnerability classified as critical was found in vox2png 1.0. Affec ...) NOT-FOR-US: vox2png CVE-2023-1009 (A vulnerability classified as problematic has been found in DrayTek Vi ...) @@ -14988,7 +14988,7 @@ CVE-2023-0950 CVE-2023-0949 (Cross-site Scripting
[Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5718e4d0 by Salvatore Bonaccorso at 2023-01-26T20:41:53+01:00 Process some new NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11349,9 +11349,9 @@ CVE-2022-47001 CVE-2022-47000 RESERVED CVE-2022-46999 (Tuzicms v2.0.6 was discovered to contain a SQL injection vulnerability ...) - TODO: check + NOT-FOR-US: TuziCMS CVE-2022-46998 (An issue in the website background of taocms v3.0.2 allows attackers t ...) - TODO: check + NOT-FOR-US: Taocms CVE-2022-46997 (Passhunt commit 54eb987d30ead2b8ebbf1f0b880aa14249323867 was discovere ...) NOT-FOR-US: Passhunt CVE-2022-46996 (vSphere_selfuse commit 2a9fe074a64f6a0dd8ac02f21e2f10d66cac5749 was di ...) @@ -11429,11 +11429,11 @@ CVE-2022-46961 CVE-2022-46960 RESERVED CVE-2022-46959 (An issue in the component /admin/backups/work-dir of Sonic v1.0.4 allo ...) - TODO: check + NOT-FOR-US: Sonic CVE-2022-46958 RESERVED CVE-2022-46957 (Sourcecodester.com Online Graduate Tracer System V 1.0.0 is vulnerable ...) - TODO: check + NOT-FOR-US: Sourcecodester.com Online Graduate Tracer System V CVE-2022-46956 (Dynamic Transaction Queuing System v1.0 was discovered to contain a SQ ...) NOT-FOR-US: Dynamic Transaction Queuing System CVE-2022-46955 (Dynamic Transaction Queuing System v1.0 was discovered to contain a SQ ...) @@ -12570,7 +12570,7 @@ CVE-2022-46641 (D-Link DIR-846 A1_FW100A43 was discovered to contain a command i CVE-2022-46640 RESERVED CVE-2022-46639 (A vulnerability in the descarga_etiqueta.php component of Correos Pres ...) - TODO: check + NOT-FOR-US: Prestashop CVE-2022-46638 RESERVED CVE-2022-46637 @@ -12600,7 +12600,7 @@ CVE-2022-46626 CVE-2022-46625 RESERVED CVE-2022-46624 (A cross-site scripting (XSS) vulnerability in Online Graduate Tracer S ...) - TODO: check + NOT-FOR-US: Online Graduate Tracer System CVE-2022-46623 (Judging Management System v1.0.0 was discovered to contain a SQL injec ...) NOT-FOR-US: Judging Management System CVE-2022-46622 (A cross-site scripting (XSS) vulnerability in Judging Management Syste ...) @@ -14261,7 +14261,7 @@ CVE-2022-46130 CVE-2022-46129 RESERVED CVE-2022-46128 (phpgurukul Doctor Appointment Management System V 1.0.0 is vulnerable ...) - TODO: check + NOT-FOR-US: phpgurukul Doctor Appointment Management System V CVE-2022-46127 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...) NOT-FOR-US: Helmet Store Showroom Site CVE-2022-46126 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...) @@ -14683,7 +14683,7 @@ CVE-2022-45922 (An issue was discovered in OpenText Content Suite Platform 22.1 CVE-2022-45921 (FusionAuth before 1.41.3 allows a file outside of the application root ...) NOT-FOR-US: FusionAuth CVE-2022-45920 (In Softing uaToolkit Embedded before 1.41, a malformed CreateMonitored ...) - TODO: check + NOT-FOR-US: Softing uaToolkit Embedded CVE-2022-45919 (An issue was discovered in the Linux kernel through 6.0.10. In drivers ...) - linux NOTE: https://lore.kernel.org/linux-media/20221121063308.GA33821%40ubuntu/T/#u @@ -14955,7 +14955,7 @@ CVE-2022-45822 (Unauth. SQL Injection (SQLi) vulnerability in Advanced Booking C CVE-2022-45821 RESERVED CVE-2022-45820 (SQL Injection (SQLi) vulnerability in LearnPress WordPress LMS ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-45819 RESERVED CVE-2022-45818 @@ -14979,7 +14979,7 @@ CVE-2022-45810 CVE-2022-45809 RESERVED CVE-2022-45808 (SQL Injection vulnerability in LearnPress WordPress LMS Plugin ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-45807 RESERVED CVE-2022-45806 @@ -15213,7 +15213,7 @@ CVE-2022-45732 CVE-2022-45731 RESERVED CVE-2022-45730 (A cross-site scripting (XSS) vulnerability in Doctor Appointment Manag ...) - TODO: check + NOT-FOR-US: Doctor Appointment Management System CVE-2022-45729 (A cross-site scripting (XSS) vulnerability in Doctor Appointment Manag ...) NOT-FOR-US: Doctor Appointment Management System CVE-2022-45728 (Doctor Appointment Management System v1.0.0 was discovered to contain ...) @@ -15561,9 +15561,9 @@ CVE-2022-45560 CVE-2022-45559 RESERVED CVE-2022-45558 (Cross site scripting (XSS) vulnerability in Hundredrabbits Left 7.1.5 ...) - TODO: check + NOT-FOR-US: Hundredrabbits Left CVE-2022-45557 (Cross site scripting (XSS) vulnerability in Hundredrabbits Left 7.1.5 ...) - TODO: check + NOT-FOR-US: Hundredrabbits Left CVE-2022-45556 RESERVED CVE-2022-4 @@ -15593,17
[Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c9c204ad by Salvatore Bonaccorso at 2022-08-06T22:30:33+02:00 Process some new NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,19 +3,19 @@ CVE-2022-2696 CVE-2022-2695 RESERVED CVE-2022-2694 (A vulnerability was found in SourceCodester Company Website CMS and cl ...) - TODO: check + NOT-FOR-US: SourceCodester Company Website CMS CVE-2022-2693 (A vulnerability has been found in SourceCodester Electronic Medical Re ...) - TODO: check + NOT-FOR-US: SourceCodester Electronic Medical Records System CVE-2022-2692 (A vulnerability, which was classified as problematic, was found in Sou ...) - TODO: check + NOT-FOR-US: SourceCodester Wedding Hall Booking System CVE-2022-2691 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: SourceCodester Wedding Hall Booking System CVE-2022-2690 (A vulnerability classified as problematic was found in SourceCodester ...) - TODO: check + NOT-FOR-US: SourceCodester Wedding Hall Booking System CVE-2022-2689 (A vulnerability classified as problematic has been found in SourceCode ...) - TODO: check + NOT-FOR-US: SourceCodester Wedding Hall Booking System CVE-2022-2688 (A vulnerability was found in SourceCodester Expense Management System. ...) - TODO: check + NOT-FOR-US: SourceCodester Expense Management System CVE-2022-37451 (Exim before 4.96 has an invalid free in pam_converse in auths/call_pam ...) - exim4 4.95-4 NOTE: https://github.com/ivd38/exim_invalid_free @@ -43,9 +43,9 @@ CVE-2022-37441 CVE-2022-37440 RESERVED CVE-2022-2687 (A vulnerability, which was classified as critical, was found in Source ...) - TODO: check + NOT-FOR-US: SourceCodester Gym Management System CVE-2022-2686 (A vulnerability, which was classified as problematic, was found in ore ...) - TODO: check + NOT-FOR-US: oretnom23 Fast Food Ordering System CVE-2022-2685 (A vulnerability was found in SourceCodester Interview Management Syste ...) NOT-FOR-US: SourceCodester Interview Management System CVE-2022-2684 (A vulnerability has been found in SourceCodester Apartment Visitor Man ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9c204ad7504af2ee7f7ae4965e45793df07484b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9c204ad7504af2ee7f7ae4965e45793df07484b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f54a01f1 by Salvatore Bonaccorso at 2022-04-09T22:22:56+02:00 Process some new NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1260,11 +1260,11 @@ CVE-2022-28367 CVE-2022-28366 RESERVED CVE-2022-28365 (Reprise License Manager 14.2 is affected by an Information Disclosure ...) - TODO: check + NOT-FOR-US: Reprise License Manager CVE-2022-28364 (Reprise License Manager 14.2 is affected by a reflected cross-site scr ...) - TODO: check + NOT-FOR-US: Reprise License Manager CVE-2022-28363 (Reprise License Manager 14.2 is affected by a reflected cross-site scr ...) - TODO: check + NOT-FOR-US: Reprise License Manager CVE-2022-28362 RESERVED CVE-2022-28361 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f54a01f104460d130243e42ef80d9480007ecd31 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f54a01f104460d130243e42ef80d9480007ecd31 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 78257f83 by Salvatore Bonaccorso at 2021-11-10T21:35:18+01:00 Process some new NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5629,7 +5629,7 @@ CVE-2021-42064 CVE-2021-42063 RESERVED CVE-2021-42062 (SAP ERP HCM Portugal does not perform necessary authorization checks f ...) - TODO: check + NOT-FOR-US: SAP CVE-2021-42061 RESERVED CVE-2021-3868 @@ -9323,13 +9323,13 @@ CVE-2021-3765 (validator.js is vulnerable to Inefficient Regular Expression Comp NOTE: https://github.com/validatorjs/validator.js/commit/496fc8b2a7f5997acaaec33cc44d0b8dba5fb5e1 (13.7.0) NOTE: partial fix, only applies to chars==null CVE-2021-40504 (A certain template role in SAP NetWeaver Application Server for ABAP a ...) - TODO: check + NOT-FOR-US: SAP CVE-2021-40503 (An information disclosure vulnerability exists in SAP GUI for Windows ...) - TODO: check + NOT-FOR-US: SAP CVE-2021-40502 (SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not pe ...) - TODO: check + NOT-FOR-US: SAP CVE-2021-40501 (SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not p ...) - TODO: check + NOT-FOR-US: SAP CVE-2021-40500 (SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - ...) NOT-FOR-US: SAP CVE-2021-40499 (Client-side printing services SAP Cloud Print Manager and SAPSprint fo ...) @@ -13152,7 +13152,7 @@ CVE-2021-38889 CVE-2021-3 RESERVED CVE-2021-38887 (IBM InfoSphere Information Server 11.7 could allow an authenticated us ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-38886 RESERVED CVE-2021-38885 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78257f83d67701903e16337d0f99f0e9ade53524 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78257f83d67701903e16337d0f99f0e9ade53524 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bdb20be5 by Salvatore Bonaccorso at 2021-09-27T10:14:51+02:00 Process some new NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -795,7 +795,7 @@ CVE-2021-41387 (seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escala CVE-2021-41386 RESERVED CVE-2021-41385 (The third party intelligence connector in Securonix SNYPR 6.3.1 Build ...) - TODO: check + NOT-FOR-US: third party intelligence connector in Securonix SNYPR CVE-2021-41384 RESERVED CVE-2021-41383 (setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute ...) @@ -909,7 +909,7 @@ CVE-2021-41331 CVE-2021-41330 RESERVED CVE-2021-41329 (Datalust Seq before 2021.2.6259 allows users (with view filters applie ...) - TODO: check + NOT-FOR-US: Datalust Seq CVE-2021-41328 RESERVED CVE-2021-41327 @@ -1671,7 +1671,7 @@ CVE-2021-40983 CVE-2021-40982 RESERVED CVE-2021-40981 (ASUS ROG Armoury Crate Lite before 4.2.10 allows local users to gain p ...) - TODO: check + NOT-FOR-US: ASUS ROG Armoury Crate Lite CVE-2021-40980 RESERVED CVE-2021-40979 @@ -17104,13 +17104,13 @@ CVE-2021-34353 CVE-2021-34352 RESERVED CVE-2021-34351 (A command injection vulnerability has been reported to affect QNAP dev ...) - TODO: check + NOT-FOR-US: QNAP CVE-2021-34350 RESERVED CVE-2021-34349 (A command injection vulnerability has been reported to affect QNAP dev ...) - TODO: check + NOT-FOR-US: QNAP CVE-2021-34348 (A command injection vulnerability has been reported to affect QNAP dev ...) - TODO: check + NOT-FOR-US: QNAP CVE-2021-34347 RESERVED CVE-2021-34346 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bdb20be5a57a10f6a33717b0142076f80f5e21fe -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bdb20be5a57a10f6a33717b0142076f80f5e21fe You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5626c871 by Salvatore Bonaccorso at 2021-09-25T10:16:34+02:00 Process some new NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -237,9 +237,9 @@ CVE-2021-41506 CVE-2021-41505 RESERVED CVE-2021-41504 (** UNSUPPORTED WHEN ASSIGNED ** An Elevated Privileges issue exists in ...) - TODO: check + NOT-FOR-US: D-Link CVE-2021-41503 (** UNSUPPORTED WHEN ASSIGNED ** DCS-5000L v1.05 and DCS-932L v2.17 and ...) - TODO: check + NOT-FOR-US: D-Link CVE-2021-41502 RESERVED CVE-2021-41501 @@ -2106,9 +2106,9 @@ CVE-2021-40657 CVE-2021-40656 RESERVED CVE-2021-40655 (An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Ve ...) - TODO: check + NOT-FOR-US: D-Link CVE-2021-40654 (An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An ...) - TODO: check + NOT-FOR-US: D-Link CVE-2021-40653 RESERVED CVE-2021-40652 @@ -47822,7 +47822,7 @@ CVE-2021-21744 CVE-2021-21743 RESERVED CVE-2021-21742 (There is an information leak vulnerability in the message service app ...) - TODO: check + NOT-FOR-US: ZTE CVE-2021-21741 (A conference management system of ZTE is impacted by a command executi ...) NOT-FOR-US: ZTE CVE-2021-21740 (There is an information leak vulnerability in the digital media player ...) @@ -81134,7 +81134,7 @@ CVE-2020-20516 CVE-2020-20515 RESERVED CVE-2020-20514 (A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/ ...) - TODO: check + NOT-FOR-US: Maccms CVE-2020-20513 RESERVED CVE-2020-20512 @@ -81146,7 +81146,7 @@ CVE-2020-20510 CVE-2020-20509 RESERVED CVE-2020-20508 (Shopkit v2.7 contains a reflective cross-site scripting (XSS) vulnerab ...) - TODO: check + NOT-FOR-US: Shopkit CVE-2020-20507 RESERVED CVE-2020-20506 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5626c871b1fb4bcfadcd99581f3cf6b5bc20fc7b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5626c871b1fb4bcfadcd99581f3cf6b5bc20fc7b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d4406311 by Salvatore Bonaccorso at 2021-08-14T14:51:51+02:00 Process some new NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -141,7 +141,7 @@ CVE-2021-38625 CVE-2021-38624 RESERVED CVE-2021-38623 (The deferred_image_processing (aka Deferred image processing) extensio ...) - TODO: check + NOT-FOR-US: deferred_image_processing (aka Deferred image processing) extension for TYPO3 CVE-2021-38622 RESERVED CVE-2021-38621 (The remove API in v1/controller/cloudStorage/alibabaCloud/remove/index ...) @@ -2252,7 +2252,7 @@ CVE-2021-37707 CVE-2021-37706 RESERVED CVE-2021-37705 (OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. S ...) - TODO: check + NOT-FOR-US: OneFuzz CVE-2021-37704 (PhpFastCache is a high-performance backend cache system (packagist pac ...) TODO: check CVE-2021-37703 (Discourse is an open-source platform for community discussion. In Disc ...) @@ -40206,9 +40206,9 @@ CVE-2021-21832 CVE-2021-21831 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...) NOT-FOR-US: Foxit CVE-2021-21830 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...) - TODO: check + NOT-FOR-US: Xmill (AT Labs) CVE-2021-21829 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...) - TODO: check + NOT-FOR-US: Xmill (AT Labs) CVE-2021-21828 RESERVED CVE-2021-21827 @@ -40236,13 +40236,13 @@ CVE-2021-21817 (An information disclosure vulnerability exists in the Zebra IP R CVE-2021-21816 (An information disclosure vulnerability exists in the Syslog functiona ...) NOT-FOR-US: D-LINK CVE-2021-21815 (A stack-based buffer overflow vulnerability exists in the command-line ...) - TODO: check + NOT-FOR-US: Xmill (AT Labs) CVE-2021-21814 (Within the function HandleFileArg the argument filepattern is under co ...) TODO: check CVE-2021-21813 (Within the function HandleFileArg the argument filepattern is under co ...) - TODO: check + NOT-FOR-US: Xmill (AT Labs) CVE-2021-21812 (A stack-based buffer overflow vulnerability exists in the command-line ...) - TODO: check + NOT-FOR-US: Xmill (AT Labs) CVE-2021-21811 RESERVED CVE-2021-21810 @@ -72370,11 +72370,11 @@ CVE-2020-21068 CVE-2020-21067 RESERVED CVE-2020-21066 (An issue was discovered in Bento4 v1.5.1.0. There is a heap-buffer-ove ...) - TODO: check + NOT-FOR-US: Bento4 CVE-2020-21065 RESERVED CVE-2020-21064 (A buffer-overflow vulnerability in the AP4_RtpAtom::AP4_RtpAtom functi ...) - TODO: check + NOT-FOR-US: Bento4 CVE-2020-21063 RESERVED CVE-2020-21062 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d44063119e78c666b664521a4aeda66c8722e56f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d44063119e78c666b664521a4aeda66c8722e56f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 90f8ce4a by Salvatore Bonaccorso at 2021-03-29T22:14:56+02:00 Process some new NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1064,9 +1064,9 @@ CVE-2021-28939 CVE-2021-28938 RESERVED CVE-2021-28937 (The /password.html page of the Web management interface of the Acexy W ...) - TODO: check + NOT-FOR-US: Acexy Wireless-N WiFi Repeater CVE-2021-28936 (The Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) Web management ...) - TODO: check + NOT-FOR-US: Acexy Wireless-N WiFi Repeater CVE-2021-28935 RESERVED CVE-2021-28934 @@ -1600,13 +1600,13 @@ CVE-2021-28675 CVE-2021-28674 RESERVED CVE-2021-28673 (Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 65 ...) - TODO: check + NOT-FOR-US: Xerox CVE-2021-28672 RESERVED CVE-2021-28671 RESERVED CVE-2021-28670 (Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 befor ...) - TODO: check + NOT-FOR-US: Xerox CVE-2021-28669 RESERVED CVE-2021-28668 @@ -4673,7 +4673,7 @@ CVE-2021-27354 CVE-2021-27353 RESERVED CVE-2021-27352 (An open redirect vulnerability in Ilch CMS version 2.1.42 allows attac ...) - TODO: check + NOT-FOR-US: Ilch CMS CVE-2021-27351 (The Terminate Session feature in the Telegram application through 7.2. ...) - telegram-desktop 2.6.1-1 [buster] - telegram-desktop (Vulnerable code not present) @@ -10134,9 +10134,9 @@ CVE-2021-25146 CVE-2021-25145 RESERVED CVE-2021-25144 (A remote buffer overflow vulnerability was discovered in some Aruba In ...) - TODO: check + NOT-FOR-US: Aruba CVE-2021-25143 (A remote denial of service (dos) vulnerability was discovered in some ...) - TODO: check + NOT-FOR-US: Aruba CVE-2021-25142 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) NOT-FOR-US: HPE CVE-2021-25141 (A security vulnerability has been identified in in certain HPE and Aru ...) @@ -17447,7 +17447,7 @@ CVE-2021-21729 CVE-2021-21728 RESERVED CVE-2021-21727 (A ZTE product has a DoS vulnerability. A remote attacker can amplify t ...) - TODO: check + NOT-FOR-US: ZTE CVE-2021-21726 (Some ZTE products have an input verification vulnerability in the diag ...) NOT-FOR-US: ZTE CVE-2021-21725 (A ZTE product has an information leak vulnerability. An attacker with ...) @@ -39733,9 +39733,9 @@ CVE-2020-25219 (url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows NOTE: https://github.com/libproxy/libproxy/issues/134 NOTE: https://github.com/libproxy/libproxy/commit/a83dae404feac517695c23ff43ce1e116e2bfbe0 CVE-2020-25218 (Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) ...) - TODO: check + NOT-FOR-US: Grandstream GRP261x VoIP phone CVE-2020-25217 (Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) ...) - TODO: check + NOT-FOR-US: Grandstream GRP261x VoIP phone CVE-2020-25216 (yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Tran ...) NOT-FOR-US: yWorks yEd Desktop CVE-2020-25215 (yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or Grap ...) @@ -41048,7 +41048,7 @@ CVE-2020-24637 (Two vulnerabilities in ArubaOS GRUB2 implementation allows for a CVE-2020-24636 RESERVED CVE-2020-24635 (A remote execution of arbitrary commands vulnerability was discovered ...) - TODO: check + NOT-FOR-US: Aruba CVE-2020-24634 (An attacker is able to remotely inject arbitrary commands by sending e ...) NOT-FOR-US: Aruba CVE-2020-24633 (There are multiple buffer overflow vulnerabilities that could lead to ...) @@ -81941,7 +81941,7 @@ CVE-2020-7852 (DaviewIndy has a Heap-based overflow vulnerability, triggered whe CVE-2020-7851 RESERVED CVE-2020-7850 (NBBDownloader.ocx ActiveX Control in Groupware contains a vulnerabilit ...) - TODO: check + NOT-FOR-US: NBBDownloader.ocx ActiveX Control in Groupware CVE-2020-7849 (A vulnerability of uPrism.io CURIX(Video conferecing solution) could a ...) NOT-FOR-US: uPrism.io CURIX CVE-2020-7848 (The EFM ipTIME C200 IP Camera is affected by a Command Injection vulne ...) @@ -144157,7 +144157,7 @@ CVE-2019-5319 CVE-2019-5318 RESERVED CVE-2019-5317 (A local authentication bypass vulnerability was discovered in some Aru ...) - TODO: check + NOT-FOR-US: Aruba CVE-2019-5316 RESERVED CVE-2019-5315 (A command injection vulnerability is present in the web management int ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90f8ce4af37faeb6b4f672c798ee4a4525e6f5af -- View it on
[Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e6bb94e7 by Salvatore Bonaccorso at 2021-02-18T21:17:25+01:00 Process some new NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -16765,13 +16765,13 @@ CVE-2021-20448 CVE-2021-20447 RESERVED CVE-2021-20446 (IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-20445 (IBM Maximo for Civil Infrastructure 7.6.2 could allow a user to obtain ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-20444 (IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-20443 (IBM Maximo for Civil Infrastructure 7.6.2 includes executable function ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-20442 RESERVED CVE-2021-20441 @@ -16949,7 +16949,7 @@ CVE-2021-20356 CVE-2021-20355 RESERVED CVE-2021-20354 (IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remot ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-20353 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) NOT-FOR-US: IBM CVE-2021-20352 @@ -84328,7 +84328,7 @@ CVE-2020-4935 CVE-2020-4934 (IBM Content Navigator 3.0.CD could allow a remote attacker to traverse ...) NOT-FOR-US: IBM CVE-2020-4933 (IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerabl ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4932 RESERVED CVE-2020-4931 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6bb94e7cc19858d4206ec6ac826fff95c76a3ca -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6bb94e7cc19858d4206ec6ac826fff95c76a3ca You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 848a0bac by Salvatore Bonaccorso at 2021-01-08T21:11:55+01:00 Process some new NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -74724,15 +74724,15 @@ CVE-2020-4669 CVE-2020-4668 RESERVED CVE-2020-4667 (IBM Engineering Requirements Quality Assistant On-Premises could allow ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4666 (IBM Engineering Requirements Quality Assistant On-Premises is vulnerab ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4665 (IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through ...) NOT-FOR-US: IBM CVE-2020-4664 (IBM Engineering Requirements Quality Assistant On-Premises is vulnerab ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4663 (IBM Engineering Requirements Quality Assistant On-Premises is vulnerab ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4662 (IBM Event Streams 10.0.0 could allow an authenticated user to perform ...) NOT-FOR-US: IBM CVE-2020-4661 (IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0. ...) @@ -74846,7 +74846,7 @@ CVE-2020-4608 CVE-2020-4607 (IBM Security Secret Server (IBM Security Verify Privilege Vault Remote ...) NOT-FOR-US: IBM CVE-2020-4606 (IBM Security Verify Privilege Manager 10.8 is vulnerable to an XML Ext ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4605 RESERVED CVE-2020-4604 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/848a0bac37746edd54898ae8760a6c5138bac4ba -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/848a0bac37746edd54898ae8760a6c5138bac4ba You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 54d238dd by Salvatore Bonaccorso at 2021-01-03T09:24:15+01:00 Process some new NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,11 +1,11 @@ CVE-2021-3006 (The breed function in the smart contract implementation for Farm in Se ...) - TODO: check + NOT-FOR-US: Farm in Seal Finance (Seal) Ethereum token CVE-2021-3005 (MK-AUTH through 19.01 K4.9 allows remote attackers to obtain sensitive ...) - TODO: check + NOT-FOR-US: MK-AUTH CVE-2021-3004 (The _deposit function in the smart contract implementation for Stable ...) - TODO: check + NOT-FOR-US: Stable Yield Credit (yCREDIT) Ethereum token CVE-2020-35962 (The sellTokenForLRC function in the vault protocol in the smart contra ...) - TODO: check + NOT-FOR-US: Loopring (LRC) Ethereum token CVE-2020-35961 RESERVED CVE-2020-35960 @@ -25,7 +25,7 @@ CVE-2020-35954 CVE-2020-35953 RESERVED CVE-2020-35952 (login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x before 2020-12-3 ...) - TODO: check + NOT-FOR-US: PHP-Fusion CVE-2021-3003 RESERVED CVE-2021-3002 (Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?se ...) @@ -8623,7 +8623,7 @@ CVE-2020-28843 CVE-2020-28842 RESERVED CVE-2020-28841 (MyDrivers64.sys in DriverGenius 9.61.3708.3054 allows attackers to cau ...) - TODO: check + NOT-FOR-US: DriverGenius CVE-2020-28840 RESERVED CVE-2020-28839 @@ -94796,11 +94796,11 @@ CVE-2019-15082 (The 360-product-rotation plugin before 1.4.8 for WordPress has r CVE-2019-15081 (OpenCart 3.x, when the attacker has login access to the admin panel, a ...) NOT-FOR-US: OpenCart CVE-2019-15080 (An issue was discovered in a smart contract implementation for MORPH T ...) - TODO: check + NOT-FOR-US: MORPH Token Ethereum token CVE-2019-15079 (A typo exists in the constructor of a smart contract implementation fo ...) - TODO: check + NOT-FOR-US: EAI Ethereum token CVE-2019-15078 (An issue was discovered in a smart contract implementation for AIRDROP ...) - TODO: check + NOT-FOR-US: AIRDROPX BORN Ethereum token CVE-2019-15077 RESERVED CVE-2019-15076 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54d238dd842a0b1d0a18142fde72ef504e285baf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54d238dd842a0b1d0a18142fde72ef504e285baf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c0c03677 by Salvatore Bonaccorso at 2020-12-27T21:19:48+01:00 Process some new NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2020-35736 (GateOne 1.1 allows arbitrary file download without authentication via ...) - TODO: check + NOT-FOR-US: GateOne CVE-2020-35735 RESERVED CVE-2020-35734 @@ -7179,7 +7179,7 @@ CVE-2020-29158 CVE-2020-29157 RESERVED CVE-2020-29156 (The WooCommerce plugin before 4.7.0 for WordPress allows remote attack ...) - TODO: check + NOT-FOR-US: WooCommerce plugin for WordPress CVE-2020-29155 RESERVED CVE-2020-29154 @@ -61576,7 +61576,7 @@ CVE-2020-7847 CVE-2020-7846 RESERVED CVE-2020-7845 (Spamsniper 5.0 ~ 5.2.7 contain a stack-based buffer overflow vulnerabi ...) - TODO: check + NOT-FOR-US: Spamsniper CVE-2020-7844 RESERVED CVE-2020-7843 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0c03677071fabe248162c7a1aa0ce9c6c3f6c77 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0c03677071fabe248162c7a1aa0ce9c6c3f6c77 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6defb63d by Salvatore Bonaccorso at 2020-12-12T21:19:06+01:00 Process some new NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2020-35208 (** DISPUTED ** An issue was discovered in the LogMein LastPass Passwor ...) - TODO: check + NOT-FOR-US: LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app for iOS CVE-2020-35207 (** DISPUTED ** An issue was discovered in the LogMein LastPass Passwor ...) - TODO: check + NOT-FOR-US: LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app for iOS CVE-2020-35206 RESERVED CVE-2020-35205 @@ -11,13 +11,13 @@ CVE-2020-35204 CVE-2020-35203 RESERVED CVE-2020-35202 (Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql ...) - TODO: check + NOT-FOR-US: Ignite Realtime Openfire CVE-2020-35201 (Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XS ...) - TODO: check + NOT-FOR-US: Ignite Realtime Openfire CVE-2020-35200 (Ignite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-form.js ...) - TODO: check + NOT-FOR-US: Ignite Realtime Openfire CVE-2020-35199 (Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID St ...) - TODO: check + NOT-FOR-US: Ignite Realtime Openfire CVE-2020-35198 RESERVED CVE-2020-35197 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6defb63dcc9830e89bfe26de19caa372142529b5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6defb63dcc9830e89bfe26de19caa372142529b5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b295b0a1 by Salvatore Bonaccorso at 2020-11-10T09:33:29+01:00 Process some new NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2020-28373 (upnpd on certain NETGEAR devices allows remote (LAN) attackers to exec ...) - TODO: check + NOT-FOR-US: Netgear CVE-2020-28372 RESERVED CVE-2020-28371 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in ReadyTalk A ...) @@ -3140,9 +3140,9 @@ CVE-2020-27696 CVE-2020-27695 RESERVED CVE-2020-27694 (Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2020-27693 (Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2017-18925 (opentmpfiles through 0.3.1 allows local users to take ownership of arb ...) - opentmpfiles (bug #973242) NOTE: https://github.com/OpenRC/opentmpfiles/issues/4 @@ -4961,13 +4961,13 @@ CVE-2020-27021 CVE-2020-27020 RESERVED CVE-2020-27019 (Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2020-27018 (Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2020-27017 (Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2020-27016 (Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2020-27015 (Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Messag ...) NOT-FOR-US: Trend Micro CVE-2020-27014 (Trend Micro Antivirus for Mac 2020 (Consumer) contains a race conditio ...) @@ -58513,7 +58513,7 @@ CVE-2020-4761 CVE-2020-4760 RESERVED CVE-2020-4759 (IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4758 RESERVED CVE-2020-4757 @@ -58729,9 +58729,9 @@ CVE-2020-4653 (IBM Planning Analytics 2.0 could allow a remote attacker to condu CVE-2020-4652 RESERVED CVE-2020-4651 (IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6 ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4650 (IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6 ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4649 (IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Worksp ...) NOT-FOR-US: IBM CVE-2020-4648 (A vulnerability exsists in IBM Planning Analytics 2.0 whereby avatars ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b295b0a18c8879f224735893bc8efae73be0ff9d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b295b0a18c8879f224735893bc8efae73be0ff9d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dbe594f7 by Salvatore Bonaccorso at 2020-10-29T09:13:58+01:00 Process some new NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9,7 +9,7 @@ CVE-2020-27988 CVE-2020-27987 RESERVED CVE-2020-27986 (** DISPUTED ** SonarQube 8.4.2.36762 allows remote attackers to discov ...) - TODO: check + NOT-FOR-US: SonarQube CVE-2020-27985 RESERVED CVE-2020-27984 @@ -6211,7 +6211,7 @@ CVE-2020-25376 CVE-2020-25375 (Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM V1.8.7 is affect ...) NOT-FOR-US: Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM CVE-2020-25374 (CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers t ...) - TODO: check + NOT-FOR-US: CyberArk Privileged Session Manager (PSM) CVE-2020-25373 RESERVED CVE-2020-25372 @@ -38063,9 +38063,9 @@ CVE-2020-11618 (THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set CVE-2020-11617 (The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA ...) NOT-FOR-US: THOMSON CVE-2020-11616 (NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contai ...) - TODO: check + NOT-FOR-US: NVIDIA DGX servers CVE-2020-11615 (NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contai ...) - TODO: check + NOT-FOR-US: NVIDIA DGX servers CVE-2020-11614 (Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as w ...) NOT-FOR-US: Mids' Reborn Hero Designer CVE-2020-11613 (Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulne ...) @@ -38660,19 +38660,19 @@ CVE-2020-11491 (Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authe CVE-2020-11490 (Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authent ...) NOT-FOR-US: Zen Load Balancer CVE-2020-11489 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38 ...) - TODO: check + NOT-FOR-US: NVIDIA DGX servers CVE-2020-11488 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38 ...) - TODO: check + NOT-FOR-US: NVIDIA DGX servers CVE-2020-11487 (NVIDIA DGX servers, DGX-1 with BMC firmware versions prior to 3.38.30. ...) - TODO: check + NOT-FOR-US: NVIDIA DGX servers CVE-2020-11486 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38 ...) - TODO: check + NOT-FOR-US: NVIDIA DGX servers CVE-2020-11485 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38 ...) - TODO: check + NOT-FOR-US: NVIDIA DGX servers CVE-2020-11484 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38 ...) - TODO: check + NOT-FOR-US: NVIDIA DGX servers CVE-2020-11483 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38 ...) - TODO: check + NOT-FOR-US: NVIDIA DGX servers CVE-2019-20635 (codeBeamer before 9.5.0-RC3 does not properly restrict the ability to ...) NOT-FOR-US: codeBeamer CVE-2020-11501 (GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The e ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dbe594f70be03f025beb6975e011185805a51034 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dbe594f70be03f025beb6975e011185805a51034 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c7e57a0e by Salvatore Bonaccorso at 2020-09-01T10:14:13+02:00 Process some new NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2020-25067 (NETGEAR R8300 devices before 1.0.2.134 are affected by command injecti ...) - TODO: check + NOT-FOR-US: Netgear CVE-2020-25066 RESERVED CVE-2020-25065 (An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, ...) @@ -21,27 +21,27 @@ CVE-2020-25058 (An issue was discovered on LG mobile devices with Android OS 8.0 CVE-2020-25057 (An issue was discovered on LG mobile devices with Android OS 10 softwa ...) TODO: check CVE-2020-25056 (An issue was discovered on Samsung mobile devices with Q(10.0) (Galaxy ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2020-25055 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2020-25054 (An issue was discovered on Samsung mobile devices with software throug ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2020-25053 (An issue was discovered on Samsung mobile devices with Q(10.0) (exynos ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2020-25052 (An issue was discovered on Samsung mobile devices with Q(10.0) (exynos ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2020-25051 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2020-25050 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2020-25049 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2020-25048 (An issue was discovered on Samsung mobile devices with Q(10.0) (with O ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2020-25047 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2020-25046 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2020-25045 RESERVED CVE-2020-25044 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7e57a0edd0b264c0f649c9e5f2b0f021cc6b8a1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7e57a0edd0b264c0f649c9e5f2b0f021cc6b8a1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 36881a9a by Salvatore Bonaccorso at 2020-04-23T10:29:36+02:00 Process some new NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,15 +3,15 @@ CVE-2020-12079 (Beaker before 0.8.9 allows a sandbox escape, enabling system acc CVE-2020-12078 RESERVED CVE-2020-12077 (The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPr ...) - TODO: check + NOT-FOR-US: mappress-google-maps-for-wordpress plugin for WordPress CVE-2020-12076 (The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPr ...) - TODO: check + NOT-FOR-US: data-tables-generator-by-supsystic plugin for WordPress CVE-2020-12075 (The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPr ...) - TODO: check + NOT-FOR-US: data-tables-generator-by-supsystic plugin for WordPress CVE-2020-12074 (The users-customers-import-export-for-wp-woocommerce plugin before 1.3 ...) - TODO: check + NOT-FOR-US: users-customers-import-export-for-wp-woocommerce plugin for WordPress CVE-2020-12073 (The responsive-add-ons plugin before 2.2.7 for WordPress has incorrect ...) - TODO: check + NOT-FOR-US: responsive-add-ons plugin for WordPress CVE-2020-12072 RESERVED CVE-2020-12071 (Anchor 0.12.7 allows admins to cause XSS via crafted post content. ...) @@ -470,9 +470,9 @@ CVE-2018-21153 CVE-2018-21152 RESERVED CVE-2018-21151 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) - TODO: check + NOT-FOR-US: Netgear CVE-2018-21150 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) - TODO: check + NOT-FOR-US: Netgear CVE-2018-21149 RESERVED CVE-2018-21148 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) @@ -3773,9 +3773,9 @@ CVE-2020-10909 (This vulnerability allows remote attackers to execute arbitrary CVE-2020-10908 (This vulnerability allows remote attackers to execute arbitrary code o ...) TODO: check CVE-2020-10907 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Foxit Reader CVE-2020-10906 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Foxit Reader CVE-2020-10905 (This vulnerability allows remote attackers to disclose sensitive infor ...) TODO: check CVE-2020-10904 (This vulnerability allows remote attackers to execute arbitrary code o ...) @@ -3787,9 +3787,9 @@ CVE-2020-10902 (This vulnerability allows remote attackers to execute arbitrary CVE-2020-10901 (This vulnerability allows remote attackers to disclose sensitive infor ...) TODO: check CVE-2020-10900 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Foxit Reader CVE-2020-10899 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Foxit Reader CVE-2020-10898 (This vulnerability allows remote attackers to execute arbitrary code o ...) TODO: check CVE-2020-10897 (This vulnerability allows remote attackers to execute arbitrary code o ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36881a9aa92ebb6364d43d8289f9e7e5f31d0760 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36881a9aa92ebb6364d43d8289f9e7e5f31d0760 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f32960aa by Salvatore Bonaccorso at 2020-02-24T21:16:23+01:00 Process some new NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11696,7 +11696,7 @@ CVE-2020-4224 (IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive i CVE-2020-4223 RESERVED CVE-2020-4222 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4221 RESERVED CVE-2020-4220 @@ -11714,13 +11714,13 @@ CVE-2020-4215 CVE-2020-4214 RESERVED CVE-2020-4213 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4212 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4211 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4210 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4209 RESERVED CVE-2020-4208 @@ -27906,9 +27906,9 @@ CVE-2019-17231 CVE-2019-17230 RESERVED CVE-2019-17229 (includes/options.php in the motors-car-dealership-classified-listings ...) - TODO: check + NOT-FOR-US: motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin for WordPress CVE-2019-17228 (includes/options.php in the motors-car-dealership-classified-listings ...) - TODO: check + NOT-FOR-US: motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin for WordPress CVE-2019-17227 RESERVED CVE-2019-17226 (CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin Modu ...) @@ -65011,7 +65011,7 @@ CVE-2019-4747 CVE-2019-4746 RESERVED CVE-2019-4745 (IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to d ...) - TODO: check + NOT-FOR-US: IBM CVE-2019-4744 (IBM Financial Transaction Manager 3.0 is vulnerable to cross-site scri ...) NOT-FOR-US: IBM CVE-2019-4743 (IBM Financial Transaction Manager 3.0 does not set the secure attribut ...) @@ -65095,7 +65095,7 @@ CVE-2019-4705 CVE-2019-4704 RESERVED CVE-2019-4703 (IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting Microsoft ...) - TODO: check + NOT-FOR-US: IBM CVE-2019-4702 RESERVED CVE-2019-4701 @@ -65311,7 +65311,7 @@ CVE-2019-4597 CVE-2019-4596 RESERVED CVE-2019-4595 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 c ...) - TODO: check + NOT-FOR-US: IBM CVE-2019-4594 RESERVED CVE-2019-4593 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f32960aa6cd44227480beb179a6d3f4db58e0ad3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f32960aa6cd44227480beb179a6d3f4db58e0ad3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 00daa48f by Salvatore Bonaccorso at 2020-02-22T09:53:21+01:00 Process some new NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9,9 +9,9 @@ CVE-2020-9332 CVE-2020-9331 RESERVED CVE-2020-9330 (Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not requ ...) - TODO: check + NOT-FOR-US: Xerox CVE-2020-9329 (Gogs through 0.11.91 allows attackers to violate the admin-specified r ...) - TODO: check + NOT-FOR-US: Go Git Service CVE-2020-9328 RESERVED CVE-2020-9327 (In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger ...) @@ -621,7 +621,7 @@ CVE-2020-9041 CVE-2020-9040 RESERVED CVE-2020-9039 (Couchbase Server 4.x and 5.x before 6.0.0 has Insecure Permissions for ...) - TODO: check + NOT-FOR-US: Couchbase CVE-2020-9038 (Joplin through 1.0.184 allows Arbitrary File Read via XSS. ...) NOT-FOR-US: Joplin CVE-2020-9037 @@ -1045,11 +1045,11 @@ CVE-2020-8864 CVE-2020-8863 RESERVED CVE-2020-8862 (This vulnerability allows network-adjacent attackers to bypass authent ...) - TODO: check + NOT-FOR-US: D-Link CVE-2020-8861 (This vulnerability allows network-adjacent attackers to bypass authent ...) - TODO: check + NOT-FOR-US: D-Link CVE-2020-8860 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Samsung Galaxy S10 Firmware CVE-2020-8859 RESERVED CVE-2020-8858 (This vulnerability allows remote attackers to execute arbitrary code o ...) @@ -3232,7 +3232,7 @@ CVE-2020-7909 (In JetBrains TeamCity before 2019.1.5, some server-stored passwor CVE-2020-7908 (In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible ...) NOT-FOR-US: JetBrains CVE-2020-7907 (In the JetBrains Scala plugin before 2019.2.1, some artefact dependenc ...) - TODO: check + NOT-FOR-US: JetBrains Scala plugin CVE-2020-7906 (In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there wer ...) NOT-FOR-US: JetBrains CVE-2020-7905 (Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were expose ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/00daa48fba23770149d020d5fd012478e03c7ed1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/00daa48fba23770149d020d5fd012478e03c7ed1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a4ea8ea6 by Salvatore Bonaccorso at 2018-07-03T22:26:08+02:00 Process some new NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,11 +1,11 @@ CVE-2018-13116 (/user/del.php in zzcms 8.3 allows SQL injection via the tablename ...) - TODO: check + NOT-FOR-US: zzcms CVE-2018-13115 RESERVED CVE-2018-13114 RESERVED CVE-2018-13113 (The transfer and transferFrom functions of a smart contract ...) - TODO: check + NOT-FOR-US: smart contract implementation for Easy Trading Token and Ethereum token CVE-2018-13112 (get_l2len in common/get.c in Tcpreplay 4.3.0 beta 1 allows remote ...) - tcpreplay NOTE: https://github.com/appneta/tcpreplay/issues/477 @@ -20,7 +20,7 @@ CVE-2018-13108 CVE-2018-13107 RESERVED CVE-2018-13106 (ClipperCMS 1.3.3 has stored XSS via the Tools - Configuration screen ...) - TODO: check + NOT-FOR-US: ClipperCMS CVE-2018-13105 RESERVED CVE-2018-13104 @@ -28,9 +28,9 @@ CVE-2018-13104 CVE-2018-13103 RESERVED CVE-2018-13102 (AnyDesk before 12.06.2018 - 4.1.3 on Windows 7 SP1 has a DLL ...) - TODO: check + NOT-FOR-US: AnyDesk CVE-2018-13101 (KioskSimpleService.exe in RedSwimmer KioskSimple 1.4.7.0 suffers from a ...) - TODO: check + NOT-FOR-US: RedSwimmer KioskSimple CVE-2018-13100 (An issue was discovered in fs/f2fs/super.c in the Linux kernel through ...) - linux NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200183 @@ -1878,7 +1878,7 @@ CVE-2018-12428 CVE-2018-12427 RESERVED CVE-2018-12426 (The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is ...) - TODO: check + NOT-FOR-US: WP Live Chat Support Pro plugin for WordPress CVE-2018-12425 RESERVED CVE-2018-12424 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a4ea8ea6f4091384d795207de022ea87db0bc9c6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a4ea8ea6f4091384d795207de022ea87db0bc9c6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
