Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
76cc0da5 by security tracker role at 2023-07-05T20:12:38+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,85 @@
-CVE-2023-35001 [nf_tables nft_byteorder_eval OOB read/write]
+CVE-2023-3515 (Open Redirect in GitHub repository go-gitea/gitea prior to
1.19.4.)
+ TODO: check
+CVE-2023-3455 (Key management vulnerability on system. Successful exploitation
of thi ...)
+ TODO: check
+CVE-2023-3336 (TN-5900 Series version 3.3 and prior versions is vulnearble to
user en ...)
+ TODO: check
+CVE-2023-3089 (A compliance problem was found in the Red Hat OpenShift
Container Plat ...)
+ TODO: check
+CVE-2023-36934 (In Progress MOVEit Transfer before 2020.1.11 (12.1.11),
2021.0.9 (13.0 ...)
+ TODO: check
+CVE-2023-36933 (In Progress MOVEit Transfer before 2021.0.9 (13.0.9), 2021.1.7
(13.1.7 ...)
+ TODO: check
+CVE-2023-36932 (In Progress MOVEit Transfer before 2020.1.11 (12.1.11),
2021.0.9 (13.0 ...)
+ TODO: check
+CVE-2023-36665 (protobuf.js (aka protobufjs) 6.10.0 through 7.x before 7.2.4
allows Pr ...)
+ TODO: check
+CVE-2023-36624 (Loxone Miniserver Go Gen.2 through 14.0.3.28 allows an
authenticated o ...)
+ TODO: check
+CVE-2023-36623 (The root password of the Loxone Miniserver Go Gen.2 before
14.2 is cal ...)
+ TODO: check
+CVE-2023-36622 (The websocket configuration endpoint of the Loxone Miniserver
Go Gen.2 ...)
+ TODO: check
+CVE-2023-35979 (There is an unauthenticated buffer overflow vulnerabilityin
the proces ...)
+ TODO: check
+CVE-2023-35978 (A vulnerability in ArubaOS could allow an
unauthenticatedremote attack ...)
+ TODO: check
+CVE-2023-35977 (Vulnerabilities exist which allow an authenticated attackerto
access s ...)
+ TODO: check
+CVE-2023-35976 (Vulnerabilities exist which allow an authenticated attackerto
access s ...)
+ TODO: check
+CVE-2023-35975 (An authenticated path traversal vulnerability exists in
theArubaOS com ...)
+ TODO: check
+CVE-2023-35974 (Authenticated command injection vulnerabilities exist inthe
ArubaOS co ...)
+ TODO: check
+CVE-2023-35973 (Authenticated command injection vulnerabilities exist inthe
ArubaOS co ...)
+ TODO: check
+CVE-2023-35972 (An authenticated remote command injection vulnerabilityexists
in the A ...)
+ TODO: check
+CVE-2023-35971 (A vulnerability in the ArubaOS web-based management interface
could al ...)
+ TODO: check
+CVE-2023-35924 (GLPI is a free asset and IT management software package.
Starting in v ...)
+ TODO: check
+CVE-2023-35863 (In MADEFORNET HTTP Debugger through 9.12, the Windows service
does not ...)
+ TODO: check
+CVE-2023-34654 (taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS).)
+ TODO: check
+CVE-2023-34473 (AMI SPx contains a vulnerability in the BMC where a valid user
may cau ...)
+ TODO: check
+CVE-2023-34472 (AMI SPx contains a vulnerability in the BMC where an Attacker
may caus ...)
+ TODO: check
+CVE-2023-34471 (AMI SPx contains a vulnerability in the BMC where a user may
cause a m ...)
+ TODO: check
+CVE-2023-34457 (MechanicalSoup is a Python library for automating interaction
with web ...)
+ TODO: check
+CVE-2023-34338 (AMI SPx contains a vulnerability in the BMC where an Attacker
may caus ...)
+ TODO: check
+CVE-2023-34337 (AMI SPx contains a vulnerability in the BMC where a user may
cause an ...)
+ TODO: check
+CVE-2023-34244 (GLPI is a free asset and IT management software package.
Starting in v ...)
+ TODO: check
+CVE-2023-34107 (GLPI is a free asset and IT management software package.
Versions of t ...)
+ TODO: check
+CVE-2023-34106 (GLPI is a free asset and IT management software package.
Versions of t ...)
+ TODO: check
+CVE-2023-33335 (Cross Site Scripting (XSS) in Sophos Sophos iView (The EOL was
Decembe ...)
+ TODO: check
+CVE-2023-2880 (Frauscher Sensortechnik GmbH FDS001 for FAdC/FAdCi v1.3.3 and
all prev ...)
+ TODO: check
+CVE-2023-2538 (A CWE-552 "Files or Directories Accessible to External
Parties\u201d i ...)
+ TODO: check
+CVE-2021-46893 (Vulnerability of unstrict data verification and parameter
check. Succe ...)
+ TODO: check
+CVE-2021-46891 (Vulnerability of incomplete read and write permission
verification in ...)
+ TODO: check
+CVE-2021-46890 (Vulnerability of incomplete read and write permission
verification in ...)
+ TODO: check
+CVE-2023-35001 (Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability;
nft_byte ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2023/07/05/3
-CVE-2023-31248 [nf_tables UAF when using nft_chain_lookup_byid]
+CVE-2023-31248 (Linux Kernel nftables Use-After-Free Local Privilege
Escalation Vulner ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2023/07/05/2
@@ -17,63 +93,63 @@ CVE-2023-3255 [VNC: infinite loop in inflate_buffer() leads
to denial of service
- qemu <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2218486
NOTE: Proposed patch:
https://lists.nongnu.org/archive/html/qemu-devel/2023-07/msg00596.html
-CVE-2023-37212
+CVE-2023-37212 (Memory safety bugs present in Firefox 114. Some of these bugs
showed e ...)
- firefox 115.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37212
-CVE-2023-37211
+CVE-2023-37211 (Memory safety bugs present in Firefox 114, Firefox ESR 102.12,
and Thu ...)
- firefox 115.0-1
- firefox-esr 102.13.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37211
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37211
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37211
-CVE-2023-37210
+CVE-2023-37210 (A website could prevent a user from exiting full-screen mode
via alert ...)
- firefox 115.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37210
-CVE-2023-37209
+CVE-2023-37209 (A use-after-free condition existed in `NotifyOnHistoryReload`
where a ...)
- firefox 115.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37209
-CVE-2023-37208
+CVE-2023-37208 (When opening Diagcab files, Firefox did not warn the user that
these f ...)
- firefox 115.0-1
- firefox-esr 102.13.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37208
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37208
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37208
-CVE-2023-37207
+CVE-2023-37207 (A website could have obscured the fullscreen notification by
using a U ...)
- firefox 115.0-1
- firefox-esr 102.13.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37207
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37207
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37207
-CVE-2023-37206
+CVE-2023-37206 (Uploading files which contain symlinks may have allowed an
attacker to ...)
- firefox 115.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37206
-CVE-2023-37205
+CVE-2023-37205 (The use of RTL Arabic characters in the address bar may have
allowed f ...)
- firefox 115.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37205
-CVE-2023-37204
+CVE-2023-37204 (A website could have obscured the fullscreen notification by
using an ...)
- firefox 115.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37204
-CVE-2023-37203
+CVE-2023-37203 (Insufficient validation in the Drag and Drop API in
conjunction with s ...)
- firefox 115.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37203
-CVE-2023-37202
+CVE-2023-37202 (Cross-compartment wrappers wrapping a scripted proxy could
have caused ...)
- firefox 115.0-1
- firefox-esr 102.13.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37202
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37202
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37202
-CVE-2023-37201
+CVE-2023-37201 (An attacker could have triggered a use-after-free condition
when creat ...)
- firefox 115.0-1
- firefox-esr 102.13.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37201
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37201
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37201
-CVE-2023-3482
+CVE-2023-3482 (When Firefox is configured to block storage of all cookies, it
was sti ...)
- firefox 115.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-3482
CVE-2023-3506 (A vulnerability was found in Active It Zone Active eCommerce
CMS 6.5.0 ...)
@@ -190,6 +266,7 @@ CVE-2023-35073
CVE-2023-34211
REJECTED
CVE-2023-36674 [Manualthumb bypasses badFile lookup]
+ {DSA-5447-1}
- mediawiki 1:1.39.4-1
NOTE: https://phabricator.wikimedia.org/T335612
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/934571/
@@ -567,6 +644,7 @@ CVE-2023-3439 (A flaw was found in the MCTP protocol in the
Linux kernel. The fu
NOTE:
https://git.kernel.org/linus/b561275d633bcd8e0e8055ab86f1a13df75a0269 (5.18-rc5)
NOTE: https://www.openwall.com/lists/oss-security/2023/07/02/1
CVE-2023-3390 (A use-after-free vulnerability was found in the Linux kernel's
netfilt ...)
+ {DSA-5448-1}
- linux 6.3.11-1
NOTE:
https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97 (6.4-rc7)
NOTE: https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97
@@ -576,6 +654,7 @@ CVE-2023-3389 (A use-after-free vulnerability in the Linux
Kernel io_uring subsy
NOTE:
https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8
NOTE: https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663
CVE-2023-3090 (A heap out-of-bounds write vulnerability in the Linux Kernel
ipvlan ne ...)
+ {DSA-5448-1}
- linux 6.3.7-1
NOTE:
https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)
CVE-2023-3034 (Reflected XSS affects the \u2018mode\u2019 parameter in the
/admin fun ...)
@@ -892,6 +971,7 @@ CVE-2023-2993 (A valid, authenticated user with limited
privileges may be able t
CVE-2023-2992 (An unauthenticated denial of service vulnerability exists in
the SMM v ...)
NOT-FOR-US: Lenovo
CVE-2023-36675 (An issue was discovered in MediaWiki before 1.35.11, 1.36.x
through 1. ...)
+ {DSA-5447-1}
- mediawiki 1:1.39.4-1
[buster] - mediawiki <not-affected> (partial blocking was introduced in
1.33)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/921452
@@ -1753,6 +1833,7 @@ CVE-2023-3294 (Cross-site Scripting (XSS) - DOM in GitHub
repository saleor/reac
CVE-2023-3293 (Cross-site Scripting (XSS) - Stored in GitHub repository
salesagility/ ...)
NOT-FOR-US: salesagility/suitecrm-core
CVE-2023-35788 (An issue was discovered in fl_set_geneve_opt in
net/sched/cls_flower.c ...)
+ {DSA-5448-1}
- linux 6.3.7-1
NOTE: https://www.openwall.com/lists/oss-security/2023/06/07/1
NOTE:
https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c (6.4-rc5)
@@ -1810,12 +1891,14 @@ CVE-2023-3291 (Heap-based Buffer Overflow in GitHub
repository gpac/gpac prior t
NOTE: https://huntr.dev/bounties/526954e6-8683-4697-bfa2-886c3204a1d5/
NOTE:
https://github.com/gpac/gpac/commit/6a748ccc3f76ff10e3ae43014967ea4b0c088aaf
CVE-2023-3269
+ {DSA-5448-1}
- linux 6.3.11-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://github.com/lrh2000/StackRot
NOTE: https://www.openwall.com/lists/oss-security/2023/07/05/1
CVE-2023-3268 (An out of bounds (OOB) memory access flaw was found in the
Linux kerne ...)
+ {DSA-5448-1}
- linux 6.3.7-1
NOTE:
https://git.kernel.org/linus/43ec16f1450f4936025a9bdf1a273affdb9732c1 (6.4-rc1)
CVE-2023-35708 (In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6
(13.1.6 ...)
@@ -2357,6 +2440,7 @@ CVE-2023-2563 (The WordPress Contact Forms by Cimatti
plugin for WordPress is vu
CVE-2023-2351 (The WP Directory Kit plugin for WordPress is vulnerable to
unauthorize ...)
NOT-FOR-US: WP Directory Kit plugin for WordPress
CVE-2023-3212 (A NULL pointer dereference issue was found in the gfs2 file
system in ...)
+ {DSA-5448-1}
- linux 6.3.7-1
NOTE:
https://git.kernel.org/linus/504a10d9e46bc37b23d0a1ae2f28973c8516e636 (6.4-rc2)
CVE-2023-3208 (A vulnerability, which was classified as critical, has been
found in R ...)
@@ -5350,12 +5434,14 @@ CVE-2023-2458 (Use after free in ChromeOS Camera in
Google Chrome on ChromeOS pr
CVE-2023-2457 (Out of bounds write in ChromeOS Audio Server in Google Chrome
on Chrom ...)
NOT-FOR-US: Google Chrome on ChromeOS
CVE-2023-32254
+ {DSA-5448-1}
- linux 6.3.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/30210947a343b6b3ca13adc9bfc88e1543e16dd5 (6.4-rc1)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-20592/
CVE-2023-32250
+ {DSA-5448-1}
- linux 6.3.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -6283,10 +6369,10 @@ CVE-2023-31226 (The SDK for the MediaPlaybackController
module has improper perm
NOT-FOR-US: Huawei
CVE-2023-31225 (The Gallery app has the risk of hijacking attacks. Successful
exploita ...)
NOT-FOR-US: Huawei
-CVE-2023-31194
- RESERVED
-CVE-2023-27390
- RESERVED
+CVE-2023-31194 (An access violation vulnerability exists in the
GraphPlanar::Write fun ...)
+ TODO: check
+CVE-2023-27390 (A heap-based buffer overflow vulnerability exists in the
Sequence::Dra ...)
+ TODO: check
CVE-2023-2314
RESERVED
CVE-2023-2313
@@ -6625,6 +6711,7 @@ CVE-2023-24476 (An attacker with local access to the
machine could record the tr
CVE-2023-2270 (The Netskope client service running with NT\SYSTEM privileges
accepts ...)
NOT-FOR-US: Netskope
CVE-2023-2269 (A denial of service problem was found, due to a possible
recursive loc ...)
+ {DSA-5448-1}
- linux 6.3.7-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2189388
CVE-2023-2268
@@ -6763,6 +6850,7 @@ CVE-2023-31085 (An issue was discovered in
drivers/mtd/ubi/cdev.c in the Linux k
NOTE:
https://lore.kernel.org/all/687864524.118195.1681799447034.javamail.zim...@nod.at/
NOTE: Negligible security impact
CVE-2023-31084 (An issue was discovered in
drivers/media/dvb-core/dvb_frontend.c in th ...)
+ {DSA-5448-1}
- linux 6.3.7-1
NOTE:
https://lore.kernel.org/all/CA+UBctCu7fXn4q41O_3=id1+odyq85tzy1x+tkt-6ovbl6k...@mail.gmail.com/
CVE-2023-31083 (An issue was discovered in drivers/bluetooth/hci_ldisc.c in
the Linux ...)
@@ -7600,6 +7688,7 @@ CVE-2023-2157 (A heap-based buffer overflow vulnerability
was found in the Image
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/9a9896fce95d09e5e47b86baccbe1ce1a2fca76b
(7.1.1-7)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/7e4c992f148afc5b28111e540921d5b6e4e38673
(6.9.12-85)
CVE-2023-2156 (A flaw was found in the networking subsystem of the Linux
kernel withi ...)
+ {DSA-5448-1}
- linux 6.3.11-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-547/
@@ -7734,6 +7823,7 @@ CVE-2023-2126
CVE-2023-2125
RESERVED
CVE-2023-2124 (An out-of-bounds memory access flaw was found in the Linux
kernel\u201 ...)
+ {DSA-5448-1}
- linux 6.3.7-1
NOTE: https://www.openwall.com/lists/oss-security/2023/04/19/2
NOTE:
https://lore.kernel.org/linux-xfs/20230412214034.gl3223...@dread.disaster.area/T/#m1ebbcd1ad061d2d33bef6f0534a2b014744d152d
@@ -8208,8 +8298,8 @@ CVE-2023-30608 (sqlparse is a non-validating SQL parser
module for Python. In af
NOTE:
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2
NOTE: Introduced by:
https://github.com/andialbrecht/sqlparse/commit/e75e35869473832a1eb67772b1adfee2db11b85a
(0.1.15)
NOTE: Fixed by:
https://github.com/andialbrecht/sqlparse/commit/c457abd5f097dd13fb21543381e7cfafe7d31cfb
(0.4.4)
-CVE-2023-30607
- RESERVED
+CVE-2023-30607 (icingaweb2-module-jira provides integration with Atlassian
Jira. Start ...)
+ TODO: check
CVE-2023-30606 (Discourse is an open source platform for community discussion.
In affe ...)
NOT-FOR-US: Discourse
CVE-2023-30605 (Archery is an open source SQL audit platform. The Archery
project cont ...)
@@ -12355,6 +12445,7 @@ CVE-2023-29143
CVE-2023-29142
RESERVED
CVE-2023-29141 (An issue was discovered in MediaWiki before 1.35.10, 1.36.x
through 1. ...)
+ {DSA-5447-1}
- mediawiki 1:1.39.4-1
[buster] - mediawiki <no-dsa> (Minor issue)
NOTE:
https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39
@@ -18948,12 +19039,12 @@ CVE-2023-27201
RESERVED
CVE-2023-27200
RESERVED
-CVE-2023-27199
- RESERVED
-CVE-2023-27198
- RESERVED
-CVE-2023-27197
- RESERVED
+CVE-2023-27199 (PAX Technology A930 PayDroid_7.1.1_Virgo_V04.5.02_20220722
allows atta ...)
+ TODO: check
+CVE-2023-27198 (PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722
can allow ...)
+ TODO: check
+CVE-2023-27197 (PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722
can allow ...)
+ TODO: check
CVE-2023-27196
RESERVED
CVE-2023-27195
@@ -24120,8 +24211,8 @@ CVE-2023-25401
RESERVED
CVE-2023-25400
RESERVED
-CVE-2023-25399
- RESERVED
+CVE-2023-25399 (A refcounting issue which leads to potential memory leak was
discovere ...)
+ TODO: check
CVE-2023-25398
RESERVED
CVE-2023-25397
@@ -33825,7 +33916,7 @@ CVE-2022-48075
RESERVED
CVE-2022-48074 (An issue in NoMachine before v8.2.3 allows attackers to
execute arbitr ...)
NOT-FOR-US: NoMachine
-CVE-2022-48073 (Phicomm K2 v22.6.534.263 was discovered to store the root and
admin pa ...)
+CVE-2022-48073 (Phicomm K2G v22.6.3.20 was discovered to store the root and
admin pass ...)
NOT-FOR-US: Phicomm
CVE-2022-48072 (Phicomm K2G v22.6.3.20 was discovered to contain a command
injection v ...)
NOT-FOR-US: Phicomm
@@ -37516,7 +37607,7 @@ CVE-2022-4490
RESERVED
CVE-2022-4489 (The HUSKY WordPress plugin before 1.3.2 unserializes user input
provid ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4488 (The Widgets on Pages WordPress plugin through 1.6.0 does not
validate ...)
+CVE-2022-4488 (The Widgets on Pages WordPress plugin before 1.8.0 does not
validate a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4487 (The Easy Accordion WordPress plugin before 2.2.0 does not
validate and ...)
NOT-FOR-US: WordPress plugin
@@ -202976,8 +203067,8 @@ CVE-2020-25971
RESERVED
CVE-2020-25970
RESERVED
-CVE-2020-25969
- RESERVED
+CVE-2020-25969 (gnuplot v5.5 was discovered to contain a buffer overflow via
the funct ...)
+ TODO: check
CVE-2020-25968
RESERVED
CVE-2020-25967 (The member center function in fastadmin V1.0.0.20200506_beta
is vulner ...)
@@ -208978,8 +209069,8 @@ CVE-2020-23454
RESERVED
CVE-2020-23453
RESERVED
-CVE-2020-23452
- RESERVED
+CVE-2020-23452 (A cross-site scripting (XSS) vulnerability in Selenium Grid
v3.141.59 ...)
+ TODO: check
CVE-2020-23451 (Spiceworks Version <= 7.5.00107 is affected by CSRF which can
lead to ...)
NOT-FOR-US: Spiceworks
CVE-2020-23450 (Spiceworks Version <= 7.5.00107 is affected by XSS. Any name
typed on ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76cc0da5f7c125168db454269632da45f34c4096
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76cc0da5f7c125168db454269632da45f34c4096
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
