Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: fe08de6a by security tracker role at 2023-12-28T20:12:09+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,95 @@ +CVE-2023-7163 (A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that co ...) + TODO: check +CVE-2023-7134 (A vulnerability was found in SourceCodester Medicine Tracking System 1 ...) + TODO: check +CVE-2023-7133 (A vulnerability was found in y_project RuoYi 4.7.8. It has been declar ...) + TODO: check +CVE-2023-7132 (A vulnerability was found in code-projects Intern Membership Managemen ...) + TODO: check +CVE-2023-7131 (A vulnerability was found in code-projects Intern Membership Managemen ...) + TODO: check +CVE-2023-7129 (A vulnerability, which was classified as critical, was found in code-p ...) + TODO: check +CVE-2023-7128 (A vulnerability, which was classified as critical, has been found in c ...) + TODO: check +CVE-2023-7127 (A vulnerability classified as critical was found in code-projects Auto ...) + TODO: check +CVE-2023-7126 (A vulnerability classified as critical has been found in code-projects ...) + TODO: check +CVE-2023-52082 (Lychee is a free photo-management tool. Prior to 5.0.2, Lychee is vul ...) + TODO: check +CVE-2023-52081 (ffcss is a CLI interface to apply and configure Firefox CSS themes. Pr ...) + TODO: check +CVE-2023-52079 (msgpackr is a fast MessagePack NodeJS/JavaScript implementation. Prior ...) + TODO: check +CVE-2023-51501 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2023-50874 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2023-50873 (Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou A ...) + TODO: check +CVE-2023-50860 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2023-50859 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2023-50858 (Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi Disabl ...) + TODO: check +CVE-2023-50857 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2023-50856 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2023-50855 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2023-50854 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2023-50853 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2023-50852 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2023-50851 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2023-50849 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2023-50848 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2023-50847 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2023-50846 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2023-50845 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2023-50844 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2023-50843 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2023-50842 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2023-50841 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2023-50840 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2023-50839 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2023-50838 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2023-50836 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2023-50470 (A cross-site scripting (XSS) vulnerability in the component admin_ Vid ...) + TODO: check +CVE-2023-50267 (MeterSphere is a one-stop open source continuous testing platform. Pri ...) + TODO: check +CVE-2023-4672 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2023-4671 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2023-46987 (SeaCMS v12.9 was discovered to contain a remote code execution (RCE) v ...) + TODO: check +CVE-2023-36381 (Deserialization of Untrusted Data vulnerability in Gesundheit Bewegt G ...) + TODO: check +CVE-2023-32795 (Deserialization of Untrusted Data vulnerability in WooCommerce Product ...) + TODO: check +CVE-2023-32513 (Deserialization of Untrusted Data vulnerability in GiveWP GiveWP \u201 ...) + TODO: check CVE-2023-7124 (A vulnerability, which was classified as problematic, was found in cod ...) NOT-FOR-US: code-projects E-Commerce Site CVE-2023-7123 (A vulnerability, which was classified as critical, has been found in S ...) @@ -1643,7 +1735,7 @@ CVE-2023-32725 (The website configured in the URL widget will receive a session CVE-2023-32230 (An improper handling of a malformed API request to an API server in Bo ...) NOT-FOR-US: Bosch CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, found in O ...) - {DSA-5588-1 DSA-5586-1 DLA-3694-1} + {DSA-5591-1 DSA-5588-1 DSA-5586-1 DLA-3694-1} - dropbear <unfixed> (bug #1059001) - erlang 1:25.3.2.8+dfsg-1 (bug #1059002) [bookworm] - erlang <no-dsa> (Minor issue) @@ -5745,7 +5837,7 @@ CVE-2023-48121 (An authentication bypass vulnerability in the Direct Connection CVE-2023-48042 (Cross Site Scripting (XSS) in Search filters in Prestashop Amazzing fi ...) NOT-FOR-US: Amazzing Filter for Prestashop CVE-2023-45539 (HAProxy before 2.8.2 accepts # as part of the URI component, which mig ...) - {DLA-3688-1} + {DSA-5590-1 DLA-3688-1} - haproxy 2.6.15-1 NOTE: https://lists.w3.org/Archives/Public/ietf-http-wg/2023JulSep/0070.html NOTE: https://github.com/haproxy/haproxy/commit/2eab6d354322932cfec2ed54de261e4347eca9a6 (v2.9-dev3) @@ -6319,6 +6411,7 @@ CVE-2023-6008 (The UserPro plugin for WordPress is vulnerable to Cross-Site Requ CVE-2023-6007 (The UserPro plugin for WordPress is vulnerable to unauthorized access ...) NOT-FOR-US: WordPress plugin CVE-2023-6918 (A flaw was found in the libssh implements abstract layer for message d ...) + {DSA-5591-1} - libssh 0.10.6-1 (bug #1059059) NOTE: https://www.libssh.org/security/advisories/CVE-2023-6918.txt NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/610d7a09f99c601224ae2aa3d3de7e75b1d284dd (libssh-0.10.6) @@ -6327,6 +6420,7 @@ CVE-2023-6918 (A flaw was found in the libssh implements abstract layer for mess NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/8977e246b6d7ae467cab008a49e0a9e3d84bc2a0 (libssh-0.10.6) NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/622421018b58392ffecc29726b947e089b678221 (libssh-0.10.6) CVE-2023-6004 [ProxyCommand/ProxyJump features enable to inject malicious code through hostname] + {DSA-5591-1} - libssh 0.10.6-1 (bug #1059061) NOTE: https://www.libssh.org/security/advisories/CVE-2023-6004.txt NOTE: https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html @@ -16541,6 +16635,7 @@ CVE-2023-5157 (A vulnerability was found in MariaDB. An OpenVAS port scan on por NOTE: Introduced by: https://github.com/codership/galera/commit/c27596d06a221f6c14d36759c681149964008749 (26.4.8) NOTE: Fixed by: https://github.com/codership/galera/commit/930c016108d7086b472ad7a8b9d0f6989202b48a (26.4.12) CVE-2023-5115 (An absolute path traversal attack exists in the Ansible automation pla ...) + {DLA-3695-1} - ansible-core 2.14.11-1 (bug #1053693) [bookworm] - ansible-core <no-dsa> (Minor issue) [bullseye] - ansible-core <no-dsa> (Minor issue) @@ -22636,6 +22731,7 @@ CVE-2023-38103 [ZDI-CAN-21443: Integer overflow leading to heap overwrite in Rea NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/4266ba0fd2be7702044a5d90a8215abe41709874 (1.22.5) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1007/ CVE-2023-40225 (HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4. ...) + {DSA-5590-1} - haproxy 2.6.15-1 (bug #1043502) [buster] - haproxy <not-affected> (Vulnerable code not present) NOTE: https://github.com/haproxy/haproxy/issues/2237 @@ -46690,8 +46786,8 @@ CVE-2023-27449 RESERVED CVE-2023-27448 (Cross-Site Request Forgery (CSRF) vulnerability in MakeStories Team Ma ...) NOT-FOR-US: WordPress plugin -CVE-2023-27447 - RESERVED +CVE-2023-27447 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check CVE-2023-27446 (Cross-Site Request Forgery (CSRF) vulnerability in Fluenx DeepL API tr ...) NOT-FOR-US: WordPress plugin CVE-2023-27445 (Cross-Site Request Forgery (CSRF) vulnerability in Meril Inc. Blog Flo ...) @@ -79853,6 +79949,7 @@ CVE-2022-3699 (A privilege escalation vulnerability was reported in the Lenovo H CVE-2022-3698 (A denial of service vulnerability was reported in the Lenovo HardwareS ...) NOT-FOR-US: Lenovo CVE-2022-3697 (A flaw was found in Ansible in the amazon.aws collection when using th ...) + {DLA-3695-1} - ansible 7.0.0+dfsg-1 [bullseye] - ansible <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2137664 @@ -155037,13 +155134,13 @@ CVE-2021-43213 RESERVED CVE-2021-43212 RESERVED -CVE-2021-43211 (Windows 10 Update Assistant Elevation of Privilege Vulnerability This ...) +CVE-2021-43211 (Windows 10 Update Assistant Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43210 RESERVED -CVE-2021-43209 (3D Viewer Remote Code Execution Vulnerability This CVE ID is unique fr ...) +CVE-2021-43209 (3D Viewer Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft -CVE-2021-43208 (3D Viewer Remote Code Execution Vulnerability This CVE ID is unique fr ...) +CVE-2021-43208 (3D Viewer Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43207 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft @@ -158631,7 +158728,7 @@ CVE-2021-42325 (Froxlor through 0.10.29.1 allows SQL injection in Database/Manag - froxlor <itp> (bug #581792) CVE-2021-42324 (An issue was discovered on DCN (Digital China Networks) S4600-10P-SI d ...) NOT-FOR-US: DCN S4600 switches -CVE-2021-42323 (Azure RTOS Information Disclosure Vulnerability This CVE ID is unique ...) +CVE-2021-42323 (Azure RTOS Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42322 (Visual Studio Code Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft @@ -158645,7 +158742,7 @@ CVE-2021-42318 RESERVED CVE-2021-42317 RESERVED -CVE-2021-42316 (Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerabili ...) +CVE-2021-42316 (Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42315 (Microsoft Defender for IoT Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft @@ -158665,17 +158762,17 @@ CVE-2021-42308 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42307 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability) NOT-FOR-US: Microsoft -CVE-2021-42306 (Azure Active Directory Information Disclosure Vulnerability) +CVE-2021-42306 (<p>An information disclosure vulnerability manifests when a user or an ...) NOT-FOR-US: Microsoft -CVE-2021-42305 (Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique ...) +CVE-2021-42305 (Microsoft Exchange Server Spoofing Vulnerability) NOT-FOR-US: Microsoft -CVE-2021-42304 (Azure RTOS Elevation of Privilege Vulnerability This CVE ID is unique ...) +CVE-2021-42304 (Azure RTOS Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft -CVE-2021-42303 (Azure RTOS Elevation of Privilege Vulnerability This CVE ID is unique ...) +CVE-2021-42303 (Azure RTOS Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft -CVE-2021-42302 (Azure RTOS Elevation of Privilege Vulnerability This CVE ID is unique ...) +CVE-2021-42302 (Azure RTOS Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft -CVE-2021-42301 (Azure RTOS Information Disclosure Vulnerability This CVE ID is unique ...) +CVE-2021-42301 (Azure RTOS Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42300 (Azure Sphere Tampering Vulnerability) NOT-FOR-US: Microsoft @@ -158683,7 +158780,7 @@ CVE-2021-42299 (Microsoft Surface Pro 3 Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42298 (Microsoft Defender Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft -CVE-2021-42297 (Windows 10 Update Assistant Elevation of Privilege Vulnerability This ...) +CVE-2021-42297 (Windows 10 Update Assistant Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42296 (Microsoft Word Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft @@ -158695,7 +158792,7 @@ CVE-2021-42293 (Microsoft Jet Red Database Engine and Access Connectivity Engine NOT-FOR-US: Microsoft CVE-2021-42292 (Microsoft Excel Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft -CVE-2021-42291 (Active Directory Domain Services Elevation of Privilege Vulnerability ...) +CVE-2021-42291 (Active Directory Domain Services Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42290 RESERVED @@ -158703,7 +158800,7 @@ CVE-2021-42289 RESERVED CVE-2021-42288 (Windows Hello Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft -CVE-2021-42287 (Active Directory Domain Services Elevation of Privilege Vulnerability ...) +CVE-2021-42287 (Active Directory Domain Services Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42286 (Windows Core Shell SI Host Extension Framework for Composable Shell El ...) NOT-FOR-US: Microsoft @@ -158711,9 +158808,9 @@ CVE-2021-42285 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42284 (Windows Hyper-V Denial of Service Vulnerability) NOT-FOR-US: Microsoft -CVE-2021-42283 (NTFS Elevation of Privilege Vulnerability This CVE ID is unique from C ...) +CVE-2021-42283 (NTFS Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft -CVE-2021-42282 (Active Directory Domain Services Elevation of Privilege Vulnerability ...) +CVE-2021-42282 (Active Directory Domain Services Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42281 RESERVED @@ -158721,7 +158818,7 @@ CVE-2021-42280 (Windows Feedback Hub Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42279 (Chakra Scripting Engine Memory Corruption Vulnerability) NOT-FOR-US: Microsoft -CVE-2021-42278 (Active Directory Domain Services Elevation of Privilege Vulnerability ...) +CVE-2021-42278 (Active Directory Domain Services Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42277 (Diagnostics Hub Standard Collector Elevation of Privilege Vulnerabilit ...) NOT-FOR-US: Microsoft @@ -161047,25 +161144,25 @@ CVE-2021-41378 (Windows NTFS Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41377 (Windows Fast FAT File System Driver Elevation of Privilege Vulnerabili ...) NOT-FOR-US: Microsoft -CVE-2021-41376 (Azure Sphere Information Disclosure Vulnerability This CVE ID is uniqu ...) +CVE-2021-41376 (Azure Sphere Information Disclosure Vulnerability) NOT-FOR-US: Microsoft -CVE-2021-41375 (Azure Sphere Information Disclosure Vulnerability This CVE ID is uniqu ...) +CVE-2021-41375 (Azure Sphere Information Disclosure Vulnerability) NOT-FOR-US: Microsoft -CVE-2021-41374 (Azure Sphere Information Disclosure Vulnerability This CVE ID is uniqu ...) +CVE-2021-41374 (Azure Sphere Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41373 (FSLogix Information Disclosure Vulnerability) NOT-FOR-US: Microsoft -CVE-2021-41372 (Power BI Report Server Spoofing Vulnerability) +CVE-2021-41372 (<p>A Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: Microsoft CVE-2021-41371 (Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerabi ...) NOT-FOR-US: Microsoft -CVE-2021-41370 (NTFS Elevation of Privilege Vulnerability This CVE ID is unique from C ...) +CVE-2021-41370 (NTFS Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41369 RESERVED CVE-2021-41368 (Microsoft Access Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft -CVE-2021-41367 (NTFS Elevation of Privilege Vulnerability This CVE ID is unique from C ...) +CVE-2021-41367 (NTFS Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41366 (Credential Security Support Provider Protocol (CredSSP) Elevation of P ...) NOT-FOR-US: Microsoft @@ -161101,7 +161198,7 @@ CVE-2021-41351 (Microsoft Edge (Chrome based) Spoofing on IE Mode) NOT-FOR-US: Microsoft CVE-2021-41350 (Microsoft Exchange Server Spoofing Vulnerability) NOT-FOR-US: Microsoft -CVE-2021-41349 (Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique ...) +CVE-2021-41349 (Microsoft Exchange Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41348 (Microsoft Exchange Server Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft @@ -163498,13 +163595,13 @@ CVE-2021-40449 (Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-40448 (Microsoft Accessibility Insights for Android Information Disclosure Vu ...) NOT-FOR-US: Microsoft -CVE-2021-40447 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...) +CVE-2021-40447 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-40446 RESERVED CVE-2021-40445 RESERVED -CVE-2021-40444 (Microsoft MSHTML Remote Code Execution Vulnerability) +CVE-2021-40444 (<p>Microsoft is investigating reports of a remote code execution vulne ...) NOT-FOR-US: Microsoft CVE-2021-40443 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft @@ -167876,7 +167973,7 @@ CVE-2021-38673 RESERVED CVE-2021-38672 (Windows Hyper-V Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft -CVE-2021-38671 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...) +CVE-2021-38671 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38670 RESERVED @@ -167884,7 +167981,7 @@ CVE-2021-38669 (Microsoft Edge (Chromium-based) Tampering Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38668 RESERVED -CVE-2021-38667 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...) +CVE-2021-38667 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38666 (Remote Desktop Client Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft @@ -167898,11 +167995,11 @@ CVE-2021-38662 (Windows Fast FAT File System Driver Information Disclosure Vulne NOT-FOR-US: Microsoft CVE-2021-38661 (HEVC Video Extensions Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft -CVE-2021-38660 (Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ...) +CVE-2021-38660 (Microsoft Office Graphics Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft -CVE-2021-38659 (Microsoft Office Remote Code Execution Vulnerability) +CVE-2021-38659 (Microsoft Office Graphics Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft -CVE-2021-38658 (Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ...) +CVE-2021-38658 (Microsoft Office Graphics Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38657 (Microsoft Office Graphics Component Information Disclosure Vulnerabili ...) NOT-FOR-US: Microsoft @@ -167910,25 +168007,25 @@ CVE-2021-38656 (Microsoft Word Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38655 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft -CVE-2021-38654 (Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID ...) +CVE-2021-38654 (Microsoft Office Visio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft -CVE-2021-38653 (Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID ...) +CVE-2021-38653 (Microsoft Office Visio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft -CVE-2021-38652 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...) +CVE-2021-38652 (Microsoft SharePoint Server Spoofing Vulnerability) NOT-FOR-US: Microsoft -CVE-2021-38651 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...) +CVE-2021-38651 (Microsoft SharePoint Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38650 (Microsoft Office Spoofing Vulnerability) NOT-FOR-US: Microsoft -CVE-2021-38649 (Open Management Infrastructure Elevation of Privilege Vulnerability Th ...) +CVE-2021-38649 (Open Management Infrastructure Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft -CVE-2021-38648 (Open Management Infrastructure Elevation of Privilege Vulnerability Th ...) +CVE-2021-38648 (Open Management Infrastructure Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38647 (Open Management Infrastructure Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38646 (Microsoft Office Access Connectivity Engine Remote Code Execution Vuln ...) NOT-FOR-US: Microsoft -CVE-2021-38645 (Open Management Infrastructure Elevation of Privilege Vulnerability Th ...) +CVE-2021-38645 (Open Management Infrastructure Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38644 (Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft @@ -167940,7 +168037,7 @@ CVE-2021-38641 (Microsoft Edge for Android Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38640 RESERVED -CVE-2021-38639 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...) +CVE-2021-38639 (Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38638 (Windows Ancillary Function Driver for WinSock Elevation of Privilege V ...) NOT-FOR-US: Microsoft @@ -167958,7 +168055,7 @@ CVE-2021-38632 (BitLocker Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38631 (Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerabi ...) NOT-FOR-US: Microsoft -CVE-2021-38630 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...) +CVE-2021-38630 (Windows Event Tracing Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38629 (Windows Ancillary Function Driver for WinSock Information Disclosure V ...) NOT-FOR-US: Microsoft @@ -167966,9 +168063,9 @@ CVE-2021-38628 (Windows Ancillary Function Driver for WinSock Elevation of Privi NOT-FOR-US: Microsoft CVE-2021-38627 RESERVED -CVE-2021-38626 (Windows Kernel Elevation of Privilege Vulnerability This CVE ID is uni ...) +CVE-2021-38626 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft -CVE-2021-38625 (Windows Kernel Elevation of Privilege Vulnerability This CVE ID is uni ...) +CVE-2021-38625 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38624 (Windows Key Storage Provider Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft @@ -172382,13 +172479,13 @@ CVE-2021-36976 (libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_stri NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libarchive/OSV-2021-557.yaml NOTE: Introduced by: https://github.com/libarchive/libarchive/commit/47bb8187d3ef2d49ee8c7841cb2872b3cfa1f6f7 (v3.4.1) NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/17f4e83c0f0fc3bacf4b2bbacb01f987bb5aff5f (v3.6.0) -CVE-2021-36975 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...) +CVE-2021-36975 (Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36974 (Windows SMB Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36973 (Windows Redirected Drive Buffering System Elevation of Privilege Vulne ...) NOT-FOR-US: Microsoft -CVE-2021-36972 (Windows SMB Information Disclosure Vulnerability This CVE ID is unique ...) +CVE-2021-36972 (Windows SMB Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36971 RESERVED @@ -172404,7 +172501,7 @@ CVE-2021-36966 (Windows Subsystem for Linux Elevation of Privilege Vulnerability NOT-FOR-US: Microsoft CVE-2021-36965 (Windows WLAN AutoConfig Service Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft -CVE-2021-36964 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...) +CVE-2021-36964 (Windows Event Tracing Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36963 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft @@ -172412,11 +172509,11 @@ CVE-2021-36962 (Windows Installer Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36961 (Windows Installer Denial of Service Vulnerability) NOT-FOR-US: Microsoft -CVE-2021-36960 (Windows SMB Information Disclosure Vulnerability This CVE ID is unique ...) +CVE-2021-36960 (Windows SMB Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36959 (Windows Authenticode Spoofing Vulnerability) NOT-FOR-US: Microsoft -CVE-2021-36958 (Windows Print Spooler Remote Code Execution Vulnerability This CVE ID ...) +CVE-2021-36958 (<p>A remote code execution vulnerability exists when the Windows Print ...) NOT-FOR-US: Microsoft CVE-2021-36957 (Windows Desktop Bridge Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft @@ -172438,7 +172535,7 @@ CVE-2021-36949 (Microsoft Azure Active Directory Connect Authentication Bypass V NOT-FOR-US: Microsoft CVE-2021-36948 (Windows Update Medic Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft -CVE-2021-36947 (Windows Print Spooler Remote Code Execution Vulnerability This CVE ID ...) +CVE-2021-36947 (Windows Print Spooler Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36946 (Microsoft Dynamics Business Central Cross-site Scripting Vulnerability) NOT-FOR-US: Microsoft @@ -172446,7 +172543,7 @@ CVE-2021-36945 (Windows 10 Update Assistant Elevation of Privilege Vulnerability NOT-FOR-US: Microsoft CVE-2021-36944 RESERVED -CVE-2021-36943 (Azure CycleCloud Elevation of Privilege Vulnerability This CVE ID is u ...) +CVE-2021-36943 (Azure CycleCloud Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36942 (Windows LSA Spoofing Vulnerability) NOT-FOR-US: Microsoft @@ -172460,7 +172557,7 @@ CVE-2021-36938 (Windows Cryptographic Primitives Library Information Disclosure NOT-FOR-US: Microsoft CVE-2021-36937 (Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft -CVE-2021-36936 (Windows Print Spooler Remote Code Execution Vulnerability This CVE ID ...) +CVE-2021-36936 (Windows Print Spooler Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36935 RESERVED @@ -172472,7 +172569,7 @@ CVE-2021-36932 (Windows Services for NFS ONCRPC XDR Driver Information Disclosur NOT-FOR-US: Microsoft CVE-2021-36931 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability T ...) NOT-FOR-US: Microsoft -CVE-2021-36930 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability T ...) +CVE-2021-36930 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36929 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability) NOT-FOR-US: Microsoft @@ -176017,6 +176114,7 @@ CVE-2021-3621 (A flaw was found in SSSD, where the sssctl command was vulnerable NOTE: https://github.com/SSSD/sssd/commit/b4b32677a886bc26d60ce0171505aa3ab0c82c8a (sssd-1-16) NOTE: Introduced by https://github.com/SSSD/sssd/commit/e157b9f6cb370e1b94bcac2044d26ad66d640fba (v1.13.91) CVE-2021-3620 (A flaw was found in Ansible Engine's ansible-connection module, where ...) + {DLA-3695-1} - ansible-core 2.12.0-1 - ansible 5.4.0-1 [bullseye] - ansible <postponed> (Minor issue, revisit when/if fixed upstream) @@ -178315,7 +178413,7 @@ CVE-2021-34526 RESERVED CVE-2021-34525 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft -CVE-2021-34524 (Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerabili ...) +CVE-2021-34524 (Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34523 (Microsoft Exchange Server Elevation of Privilege Vulnerability This CV ...) NOT-FOR-US: Microsoft @@ -178389,9 +178487,9 @@ CVE-2021-34489 (DirectWrite Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34488 (Windows Console Driver Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft -CVE-2021-34487 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...) +CVE-2021-34487 (Windows Event Tracing Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft -CVE-2021-34486 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...) +CVE-2021-34486 (Windows Event Tracing Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34485 (.NET Core and Visual Studio Information Disclosure Vulnerability) NOT-FOR-US: Microsoft @@ -178859,6 +178957,7 @@ CVE-2021-3585 (A flaw was found in openstack-tripleo-heat-templates. Plain passw CVE-2021-3584 (A server side remote code execution vulnerability was found in Foreman ...) - foreman <itp> (bug #663101) CVE-2021-3583 (A flaw was found in Ansible, where a user's controller is vulnerable t ...) + {DLA-3695-1} - ansible 5.4.0-1 [bullseye] - ansible <no-dsa> (Minor issue) [stretch] - ansible <end-of-life> (EOL'd for stretch) @@ -180178,7 +180277,7 @@ CVE-2021-33764 (Windows Key Distribution Center Information Disclosure Vulnerabi NOT-FOR-US: Microsoft CVE-2021-33763 (Windows Remote Access Connection Manager Information Disclosure Vulner ...) NOT-FOR-US: Microsoft -CVE-2021-33762 (Azure CycleCloud Elevation of Privilege Vulnerability This CVE ID is u ...) +CVE-2021-33762 (Azure CycleCloud Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33761 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...) NOT-FOR-US: Microsoft @@ -193980,6 +194079,7 @@ CVE-2021-3448 (A flaw was found in dnsmasq in versions before 2.85. When configu NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939368 NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=74d4fcd756a85bc1823232ea74334f7ccfb9d5d2 CVE-2021-3447 (A flaw was found in several ansible modules, where parameters containi ...) + {DLA-3695-1} - ansible 2.10.7+merged+base+2.10.8+dfsg-1 (bug #1014721) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939349 NOTE: Fedora announcement https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JBZ75MAMVQVZROPYHMRDQKPPVASP63DG/ @@ -199369,7 +199469,7 @@ CVE-2021-26446 RESERVED CVE-2021-26445 RESERVED -CVE-2021-26444 (Azure RTOS Information Disclosure Vulnerability This CVE ID is unique ...) +CVE-2021-26444 (Azure RTOS Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-26443 (Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerabil ...) NOT-FOR-US: Microsoft @@ -199385,7 +199485,7 @@ CVE-2021-26438 RESERVED CVE-2021-26437 (Visual Studio Code Spoofing Vulnerability) NOT-FOR-US: Microsoft -CVE-2021-26436 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability T ...) +CVE-2021-26436 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-26435 (Windows Scripting Engine Memory Corruption Vulnerability) NOT-FOR-US: Microsoft @@ -199407,7 +199507,7 @@ CVE-2021-26427 (Microsoft Exchange Server Remote Code Execution Vulnerability) NOT-FOR-US: Siemens CVE-2021-26426 (Windows User Account Profile Picture Elevation of Privilege Vulnerabil ...) NOT-FOR-US: Microsoft -CVE-2021-26425 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...) +CVE-2021-26425 (Windows Event Tracing Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-26424 (Windows TCP/IP Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft @@ -216380,6 +216480,7 @@ CVE-2021-20193 (A flaw was found in the src/list.c of tar 1.33 and earlier. This CVE-2021-20192 REJECTED CVE-2021-20191 (A flaw was found in ansible. Credentials, such as secrets, are being d ...) + {DLA-3695-1} - ansible 5.4.0-1 (bug #985753) [bullseye] - ansible <no-dsa> (Minor issue) [stretch] - ansible <end-of-life> (EOL'd for stretch) @@ -216430,6 +216531,7 @@ CVE-2021-20179 (A flaw was found in pki-core. An attacker who has successfully c - dogtag-pki 10.10.2-2 NOTE: https://github.com/dogtagpki/pki/pull/3475 CVE-2021-20178 (A flaw was found in ansible module where credentials are disclosed in ...) + {DLA-3695-1} - ansible 5.4.0-1 (bug #985753) [bullseye] - ansible <no-dsa> (Minor issue) [stretch] - ansible <end-of-life> (EOL'd for stretch) @@ -326017,7 +326119,7 @@ CVE-2019-14856 (ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a NOTE: https://github.com/ansible/ansible/pull/63351 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1760829 CVE-2019-10206 (ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2 ...) - {DSA-4950-1} + {DSA-4950-1 DLA-3695-1} - ansible 2.8.6+dfsg-1 (bug #933005) [stretch] - ansible <end-of-life> (EOL'd for stretch) [jessie] - ansible <not-affected> (Vulnerable code introduced later, password templating code introduced with 2.0 refactoring, '{{' supported in passwords) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe08de6a1b6e6558cdbaeb4599231a5489eb5666 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe08de6a1b6e6558cdbaeb4599231a5489eb5666 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits