[Git][security-tracker-team/security-tracker][master] 3 commits: Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3fc56f07 by Salvatore Bonaccorso at 2024-03-06T21:53:50+01:00 Process some NFUs - - - - - 15b87118 by Salvatore Bonaccorso at 2024-03-06T21:53:52+01:00 Add CVE-2024-27289/golang-github-jackc-pgx - - - - - 4a40a821 by Salvatore Bonaccorso at 2024-03-06T21:53:54+01:00 Add CVE-2024-24761/galette - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2024-2211 (Cross-Site Scripting stored vulnerability in Gophish affecting version ...) - TODO: check + NOT-FOR-US: Gophish CVE-2024-28174 (In JetBrains TeamCity before 2023.11.4 presigned URL generation reques ...) NOT-FOR-US: JetBrains TeamCity CVE-2024-28173 (In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build param ...) @@ -23,41 +23,43 @@ CVE-2024-27303 (electron-builder is a solution to package and build a ready for CVE-2024-27302 (go-zero is a web and rpc framework. Go-zero allows user to specify a C ...) TODO: check CVE-2024-27289 (pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2 ...) - TODO: check + - golang-github-jackc-pgx + NOTE: https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p + NOTE: https://github.com/jackc/pgx/commit/826a89229b8b1cdf18e4190afa437d3df9901b9c (v4.18.2) CVE-2024-27288 (1Panel is an open source Linux server operation and maintenance manage ...) NOT-FOR-US: 1Panel CVE-2024-27287 (ESPHome is a system to control your ESP8266/ESP32 for Home Automation ...) NOT-FOR-US: ESPHome CVE-2024-25359 (An issue in zuoxingdong lagom v.0.1.2 allows a local attacker to execu ...) - TODO: check + NOT-FOR-US: zuoxingdong lagom CVE-2024-25103 (This vulnerability exists in AppSamvid software due to the usage of vu ...) - TODO: check + NOT-FOR-US: AppSamvid software CVE-2024-25102 (This vulnerability exists in AppSamvid software due to the usage of a ...) - TODO: check + NOT-FOR-US: AppSamvid software CVE-2024-24767 (CasaOS-UserService provides user management functionalities to CasaOS. ...) - TODO: check + NOT-FOR-US: CasaOS CVE-2024-24766 (CasaOS-UserService provides user management functionalities to CasaOS. ...) - TODO: check + NOT-FOR-US: CasaOS CVE-2024-24765 (CasaOS-UserService provides user management functionalities to CasaOS. ...) - TODO: check + NOT-FOR-US: CasaOS CVE-2024-24761 (Galette is a membership management web application for non profit orga ...) - TODO: check + - galette CVE-2024-20346 (A vulnerability in the web-based management interface of Cisco AppDyna ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-20345 (A vulnerability in the file upload functionality of Cisco AppDynamics ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-20338 (A vulnerability in the ISE Posture (System Scan) module of Cisco Secur ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-20337 (A vulnerability in the SAML authentication process of Cisco Secure Cli ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-20336 (A vulnerability in the web-based user interface of Cisco Small Busines ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-20335 (A vulnerability in the web-based management interface of Cisco Small B ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-20301 (A vulnerability in Cisco Duo Authentication for Windows Logon and RDP ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-20292 (A vulnerability in the logging component of Cisco Duo Authentication f ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-1224 (This vulnerability exists in USB Pratirodh due to the usage of a weake ...) TODO: check CVE-2024-1142 (Path Traversal in Sonatype IQ Server from version 143 allows remote au ...) @@ -4152,7 +4154,7 @@ CVE-2024-0 (An issue was discovered in Terminalfour 7.4 through 7.4.0004 QP3 CVE-2024-20325 (A vulnerability in the Live Data server of Cisco Unified Intelligence ...) NOT-FOR-US: Cisco CVE-2024-1714 (An issue exists in all supported versions of IdentityIQ Lifecycle Mana ...) - TODO: check + NOT-FOR-US: IdentityIQ Lifecycle Manager CVE-2024-1709 (ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authenti ...) NOT-FOR-US: ConnectWise ScreenConnect CVE-2024-1708 (ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traver ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/73dedb18d9cf68d1327125f6c252a37a4cb0d846...4a40a82117256760ce6a04c471294c059cefc53c -- View it on GitLab:
[Git][security-tracker-team/security-tracker][master] 3 commits: Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0b6866ff by Salvatore Bonaccorso at 2023-11-16T10:46:34+01:00 Process some NFUs - - - - - 84d36b1c by Salvatore Bonaccorso at 2023-11-16T10:46:35+01:00 Add CVE-2023-47471/libde265 - - - - - cd7e4dc0 by Salvatore Bonaccorso at 2023-11-16T10:47:34+01:00 Add CVE-2023-47470/ffmpeg - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -23,13 +23,18 @@ CVE-2023-48198 (Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a loc CVE-2023-48197 (Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local att ...) - grocy (bug #969056) CVE-2023-47674 (Missing authentication for critical function vulnerability in First Co ...) - TODO: check + NOT-FOR-US: First Corporation CVE-2023-47638 REJECTED CVE-2023-47471 (Buffer Overflow vulnerability in strukturag libde265 v1.10.12 allows a ...) - TODO: check + - libde265 + NOTE: https://github.com/strukturag/libde265/issues/426 + NOTE: https://github.com/strukturag/libde265/commit/e36b4a1b0bafa53df47514c419d5be3e8916ebc7 CVE-2023-47470 (Buffer Overflow vulnerability in Ffmpeg before github commit 456574705 ...) - TODO: check + - ffmpeg 7:6.1-1 + NOTE: https://github.com/FFmpeg/FFmpeg/commit/4565747056a11356210ed8edcecb920105e40b60 (n6.1) + NOTE: https://patchwork.ffmpeg.org/project/ffmpeg/patch/20230915131147.5945-2-michael%40niedermayer.cc/ + NOTE: https://github.com/goldds96/Report/tree/main/FFmpeg CVE-2023-47444 (An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticate ...) TODO: check CVE-2023-47347 (Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cau ...) @@ -43,19 +48,19 @@ CVE-2023-47264 (Certain WithSecure products have a buffer over-read whereby proc CVE-2023-47263 (Certain WithSecure products allow a Denial of Service (DoS) in the ant ...) NOT-FOR-US: WithSecure CVE-2023-47213 (First Corporation's DVRs use a hard-coded password, which may allow a ...) - TODO: check + NOT-FOR-US: First Corporation CVE-2023-47003 (An issue in RedisGraph v.2.12.10 allows an attacker to execute arbitra ...) NOT-FOR-US: RedisGraph CVE-2023-44296 (Dell ELab-Navigator, version 3.1.9 contains a hard-coded credential vu ...) NOT-FOR-US: Dell CVE-2023-43757 (Inadequate encryption strength vulnerability in multiple routers provi ...) - TODO: check + NOT-FOR-US: ELECOM CVE-2023-43752 (OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier ...) - TODO: check + NOT-FOR-US: ELECOM CVE-2023-43275 (Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS v5.7 in 110 ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2023-41442 (An issue in Kloudq Technologies Limited Tor Equip 1.0, Tor Loco Mini 1 ...) - TODO: check + NOT-FOR-US: Kloudq Technologies Limited Tor Equip CVE-2023-6079 REJECTED CVE-2023-5720 (A flaw was found in Quarkus, where it does not properly sanitize artif ...) @@ -168486,7 +168491,7 @@ CVE-2021-35438 (phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipc - phpipam (bug #731713) NOTE: https://github.com/phpipam/phpipam/issues/3351 CVE-2021-35437 (SQL injection vulnerability in LMXCMS v.1.4 allows attacker to execute ...) - TODO: check + NOT-FOR-US: LMXCMS CVE-2021-35436 RESERVED CVE-2021-35435 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0c863abff1bb8bf5e5239c4477b39e4cf1d0e725...cd7e4dc03f00db5c1bf50832d7292916eabd4cc8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0c863abff1bb8bf5e5239c4477b39e4cf1d0e725...cd7e4dc03f00db5c1bf50832d7292916eabd4cc8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 40757213 by Salvatore Bonaccorso at 2023-06-15T22:33:48+02:00 Process some NFUs - - - - - 1cd18555 by Salvatore Bonaccorso at 2023-06-15T22:33:50+02:00 Add CVE-2023-34626/piwigo - - - - - 921cf04a by Salvatore Bonaccorso at 2023-06-15T22:33:51+02:00 Add CVE-2023-34242/cilium - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,19 +1,19 @@ CVE-2023-3276 (A vulnerability, which was classified as problematic, has been found i ...) TODO: check CVE-2023-3275 (A vulnerability classified as critical was found in PHPGurukul Rail Pa ...) - TODO: check + NOT-FOR-US: PHPGurukul Rail Pass Management System CVE-2023-3274 (A vulnerability classified as critical has been found in code-projects ...) - TODO: check + NOT-FOR-US: code-projects Supplier Management System CVE-2023-34880 (cmseasy v7.7.7.7 20230520 was discovered to contain a path traversal v ...) - TODO: check + NOT-FOR-US: cmseasy CVE-2023-34852 (PublicCMS <=V4.0.202302 is vulnerable to Insecure Permissions.) - TODO: check + NOT-FOR-US: PublicCMS CVE-2023-34833 (An arbitrary file upload vulnerability in the component /api/upload.ph ...) - TODO: check + NOT-FOR-US: ThinkAdmin CVE-2023-34666 (Cross-site scripting (XSS) vulnerability in Phpgurukul Cyber Cafe Mana ...) - TODO: check + NOT-FOR-US: Phpgurukul Cyber Cafe Management System CVE-2023-34626 (Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function.) - TODO: check + - piwigo CVE-2023-34455 (snappy-java is a fast compressor/decompressor for Java. Due to use of ...) TODO: check CVE-2023-34454 (snappy-java is a fast compressor/decompressor for Java. Due to uncheck ...) @@ -21,13 +21,13 @@ CVE-2023-34454 (snappy-java is a fast compressor/decompressor for Java. Due to u CVE-2023-34453 (snappy-java is a fast compressor/decompressor for Java. Due to uncheck ...) TODO: check CVE-2023-34242 (Cilium is a networking, observability, and security solution with an e ...) - TODO: check + - cilium (bug #858303) CVE-2023-33243 (RedTeam Pentesting discovered that the web interface of STARFACE as we ...) TODO: check CVE-2023-32229 (Due to an error in the software interface to the secure element chip o ...) - TODO: check + NOT-FOR-US: Bosch CVE-2023-31672 (In the PrestaShop < 2.4.3 module "Length, weight or volume sell" (aili ...) - TODO: check + NOT-FOR-US: PrestaShop CVE-2023-2747 (The initialization vector (IV) used by the secure engine (SE) for encr ...) TODO: check CVE-2023-2686 (Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon La ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a3aae462df9892ff4ebd50712952c8d8e7c04e66...921cf04a518022186c86683f560ded039ca2cf1e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a3aae462df9892ff4ebd50712952c8d8e7c04e66...921cf04a518022186c86683f560ded039ca2cf1e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2cefb2a8 by Salvatore Bonaccorso at 2023-03-29T22:14:34+02:00 Process some NFUs - - - - - ec239d84 by Salvatore Bonaccorso at 2023-03-29T22:14:36+02:00 Add two new python-redis CVEs - - - - - da1f3991 by Salvatore Bonaccorso at 2023-03-29T22:14:37+02:00 Add CVE-2023-26923/musescore - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -245,9 +245,9 @@ CVE-2023-1687 (A vulnerability classified as problematic has been found in Sourc CVE-2023-1686 (A vulnerability was found in SourceCodester Young Entrepreneur E-Negos ...) NOT-FOR-US: SourceCodester Young Entrepreneur E-Negosyo System CVE-2023-1685 (A vulnerability was found in HadSky up to 7.11.8. It has been declared ...) - TODO: check + NOT-FOR-US: HadSky CVE-2023-1684 (A vulnerability was found in HadSky 7.7.16. It has been classified as ...) - TODO: check + NOT-FOR-US: HadSky CVE-2023-1683 (A vulnerability was found in Xunrui CMS 4.61 and classified as problem ...) NOT-FOR-US: Xunrui CMS CVE-2023-1682 (A vulnerability has been found in Xunrui CMS 4.61 and classified as pr ...) @@ -526,9 +526,16 @@ CVE-2023-1638 (A vulnerability was found in IObit Malware Fighter 9.4.0.776. It CVE-2018-25083 (The pullit package before 1.4.0 for Node.js allows OS Command Injectio ...) TODO: check CVE-2023-28859 (redis-py through 4.5.3 leaves a connection open after canceling an asy ...) - TODO: check + - python-redis (Incomplete fix for CVE-2023-28858 not applied) + NOTE: https://github.com/redis/redis-py/issues/2665 + NOTE: https://github.com/redis/redis-py/pull/2641 CVE-2023-28858 (redis-py before 4.5.3, as used in ChatGPT and other products, leaves a ...) - TODO: check + - python-redis + NOTE: https://github.com/redis/redis-py/issues/2624 + NOTE: https://github.com/redis/redis-py/pull/2641 + NOTE: https://openai.com/blog/march-20-chatgpt-outage + NOTE: When fixing this issue make sure to apply complete fixes (cf. CVE-2023-28859 + NOTE: CVE entry) to not open CVE-2023-28859. CVE-2023-1637 (A flaw that boot CPU could be vulnerable for the speculative execution ...) - linux 5.17.3-1 [bullseye] - linux 5.10.113-1 @@ -1243,7 +1250,7 @@ CVE-2023-28639 CVE-2023-28638 (Snappier is a high performance C# implementation of the Snappy compres ...) TODO: check CVE-2023-28637 (DataEase is an open source data visualization analysis tool. In Dataea ...) - TODO: check + NOT-FOR-US: DataEase CVE-2023-28636 RESERVED CVE-2023-28635 @@ -3088,9 +3095,9 @@ CVE-2023-28105 (go-used-util has commonly used utility functions for Go. Version CVE-2023-28104 (`silverstripe/graphql` serves Silverstripe data as GraphQL representat ...) NOT-FOR-US: silverstripe/graphql CVE-2023-28103 (matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. I ...) - TODO: check + NOT-FOR-US: Node matrix-react-sdk CVE-2023-28102 (discordrb is an implementation of the Discord API using Ruby. In disco ...) - TODO: check + NOT-FOR-US: discordrb CVE-2023-28101 (Flatpak is a system for building, distributing, and running sandboxed ...) - flatpak 1.14.4-1 (bug #1033098) [bullseye] - flatpak (Minor issue) @@ -5751,13 +5758,13 @@ CVE-2023-27234 (A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhic CVE-2023-27233 RESERVED CVE-2023-27232 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2023-27231 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2023-27230 RESERVED CVE-2023-27229 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2023-27228 RESERVED CVE-2023-27227 @@ -6390,7 +6397,8 @@ CVE-2023-26925 CVE-2023-26924 (LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockReg ...) TODO: check CVE-2023-26923 (Musescore 3.0 to 4.0.1 has a stack buffer overflow vulnerability that ...) - TODO: check + - musescore + NOTE: https://github.com/musescore/MuseScore/issues/16346 CVE-2023-26922 (SQL injection vulnerability found in Varisicte matrix-gui v.2 allows a ...) NOT-FOR-US: Varisicte CVE-2023-26921 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/063df9506c3a15866b7867514dc0ac01080a3625...da1f3991407813aa536721019b45e4893cbd56e5 -- View it on GitLab:
[Git][security-tracker-team/security-tracker][master] 3 commits: Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f78ca9b6 by Salvatore Bonaccorso at 2023-01-22T13:08:49+01:00 Process some NFUs - - - - - aca335c4 by Salvatore Bonaccorso at 2023-01-22T13:08:50+01:00 Add CVE-2023-0434/pyload - - - - - 724224ed by Salvatore Bonaccorso at 2023-01-22T13:08:52+01:00 Add CVE-2023-24038/libhtml-stripscripts-perl - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -31,7 +31,7 @@ CVE-2023- [wnpa-sec-2023-01: EAP dissector crash] CVE-2023-24059 (Grand Theft Auto V for PC allows attackers to achieve partial remote c ...) TODO: check CVE-2023-24058 (Booked Scheduler 2.5.5 allows authenticated users to create and schedu ...) - TODO: check + NOT-FOR-US: Booked Scheduler CVE-2023-24057 RESERVED CVE-2023-24056 (In pkgconf through 1.9.3, variable duplication can cause unbounded str ...) @@ -41,7 +41,7 @@ CVE-2023-24056 (In pkgconf through 1.9.3, variable duplication can cause unbound CVE-2023-24055 (** DISPUTED ** KeePass through 2.53 (in a default installation) allows ...) TODO: check CVE-2023-0434 (Improper Input Validation in GitHub repository pyload/pyload prior to ...) - TODO: check + - pyload (bug #1001980) CVE-2023-24054 RESERVED CVE-2023-0433 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...) @@ -67,7 +67,7 @@ CVE-2023-24046 CVE-2023-24045 RESERVED CVE-2023-24044 (A Host Header Injection issue on the Login page of Plesk Obsidian thro ...) - TODO: check + NOT-FOR-US: Plesk Obsidian CVE-2023-24043 RESERVED CVE-2023-24042 (A race condition in LightFTP through 2.2 allows an attacker to achieve ...) @@ -79,7 +79,8 @@ CVE-2023-24040 (** UNSUPPORTED WHEN ASSIGNED ** dtprintinfo in Common Desktop En CVE-2023-24039 (** UNSUPPORTED WHEN ASSIGNED ** A stack-based buffer overflow in Parse ...) TODO: check CVE-2023-24038 (The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_ ...) - TODO: check + - libhtml-stripscripts-perl + NOTE: https://github.com/clintongormley/perl-html-stripscripts/issues/3 CVE-2023-24037 RESERVED CVE-2023-24036 @@ -99,11 +100,11 @@ CVE-2023-24030 CVE-2023-24029 RESERVED CVE-2023-24028 (In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorre ...) - TODO: check + NOT-FOR-US: MISP CVE-2023-24027 (In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a netwo ...) - TODO: check + NOT-FOR-US: MISP CVE-2023-24026 (In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerabilit ...) - TODO: check + NOT-FOR-US: MISP CVE-2023-24025 (CRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected Algorithms 2 ...) TODO: check CVE-2023-24024 @@ -1275,7 +1276,7 @@ CVE-2023-23609 CVE-2023-23608 RESERVED CVE-2023-23607 (erohtar/Dasherr is a dashboard for self-hosted services. In affected v ...) - TODO: check + NOT-FOR-US: Dasherr CVE-2023-23606 RESERVED - firefox 109.0-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7d46c29badd4271edbc3d128656aedafd1f6cf2c...724224ed9239881b727df4fe91a444639f21dbdf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7d46c29badd4271edbc3d128656aedafd1f6cf2c...724224ed9239881b727df4fe91a444639f21dbdf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e201f029 by Salvatore Bonaccorso at 2022-11-03T21:29:50+01:00 Process some NFUs - - - - - 165dbef7 by Salvatore Bonaccorso at 2022-11-03T21:29:52+01:00 Add new glpi CVEs - - - - - 8984d6bb by Salvatore Bonaccorso at 2022-11-03T21:29:53+01:00 Add CVE-2022-39369/php-cas - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -35,7 +35,7 @@ CVE-2022-44648 CVE-2022-44647 RESERVED CVE-2022-44646 (In JetBrains TeamCity version before 2022.10, no audit items were adde ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2022-44645 RESERVED CVE-2022-44644 @@ -107,11 +107,11 @@ CVE-2022-44626 CVE-2022-44625 RESERVED CVE-2022-44624 (In JetBrains TeamCity version before 2022.10, Password parameters coul ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2022-44623 (In JetBrains TeamCity version before 2022.10, Project Viewer could see ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2022-44622 (In JetBrains TeamCity version between 2021.2 and 2022.10 access permis ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2022-44621 RESERVED CVE-2022-44618 @@ -4967,7 +4967,7 @@ CVE-2022-3597 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtif NOTE: https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/413 CVE-2021-46846 (Cross Site Scripting vulnerability in Hewlett Packard Enterprise Integ ...) - TODO: check + NOT-FOR-US: HPE CVE-2020-36607 RESERVED CVE-2016-20017 (D-Link DSL-2750B devices before 1.05 allow remote unauthenticated comm ...) @@ -5180,7 +5180,7 @@ CVE-2022-43374 CVE-2022-43373 RESERVED CVE-2022-43372 (Emlog Pro v1.7.1 was discovered to contain a reflected cross-site scri ...) - TODO: check + NOT-FOR-US: Emlog Pro CVE-2022-43371 RESERVED CVE-2022-43370 @@ -5739,7 +5739,7 @@ CVE-2022-43111 CVE-2022-43110 RESERVED CVE-2022-43109 (D-Link DIR-823G v1.0.2 was found to contain a command injection vulner ...) - TODO: check + NOT-FOR-US: D-Link CVE-2022-43108 (Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow ...) NOT-FOR-US: Tenda CVE-2022-43107 (Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow ...) @@ -6845,13 +6845,13 @@ CVE-2022-42755 CVE-2022-42754 RESERVED CVE-2022-42753 (SalonERP version 3.0.2 allows an external attacker to steal the cookie ...) - TODO: check + NOT-FOR-US: SalonERP CVE-2022-42752 RESERVED CVE-2022-42751 (CandidATS version 3.0.0 allows an external attacker to elevate privile ...) - TODO: check + NOT-FOR-US: CandidATS CVE-2022-42750 (CandidATS version 3.0.0 allows an external attacker to steal the cooki ...) - TODO: check + NOT-FOR-US: CandidATS CVE-2022-42749 RESERVED CVE-2022-42748 @@ -10040,7 +10040,7 @@ CVE-2022-41437 (Billing System Project v1.0 was discovered to contain a remote c CVE-2022-41436 (An issue in OXHOO TP50 OXH1.50 allows unauthenticated attackers to acc ...) NOT-FOR-US: OXHOO CVE-2022-41435 (OpenWRT LuCI version git-22.140.66206-02913be was discovered to contai ...) - TODO: check + NOT-FOR-US: OpenWRT LuCI CVE-2022-41434 RESERVED CVE-2022-41433 @@ -10550,7 +10550,7 @@ CVE-2022-3260 CVE-2022-3259 RESERVED CVE-2022-3258 (Incorrect Permission Assignment for Critical Resource vulnerability in ...) - TODO: check + NOT-FOR-US: HYPR Workforce Access CVE-2022-3257 (Mattermost version 7.1.x and earlier fails to sufficiently process a s ...) - mattermost-server (bug #823556) CVE-2022-3256 (Use After Free in GitHub repository vim/vim prior to 9.0.0530. ...) @@ -12339,7 +12339,7 @@ CVE-2022-40503 CVE-2022-40502 RESERVED CVE-2022-3181 (An Improper Input Validation vulnerability exists in Trihedral VTScada ...) - TODO: check + NOT-FOR-US: Trihedral VTScada CVE-2022-3180 RESERVED CVE-2022-3179 (Weak Password Requirements in GitHub repository ikus060/rdiffweb prior ...) @@ -13645,9 +13645,9 @@ CVE-2022-39952 CVE-2022-39951 RESERVED CVE-2022-39950 (An improper neutralization of input during web page generation vulnera ...) - TODO: check + NOT-FOR-US: FortiGuard CVE-2022-39949 (An improper control of a resource through its lifetime vulnerability [ ...) - TODO: check + NOT-FOR-US: FortiGuard CVE-2022-39948 RESERVED CVE-2022-39947 @@ -13655,7 +13655,7 @@ CVE-2022-39947 CVE-2022-39946 RESERVED CVE-2022-39945 (An improper access control vulnerability [CWE-284] in FortiMail 7.2.0, ...) - TODO: check +
[Git][security-tracker-team/security-tracker][master] 3 commits: Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 71658853 by Salvatore Bonaccorso at 2022-08-08T22:25:52+02:00 Process some NFUs - - - - - 502a8b9e by Salvatore Bonaccorso at 2022-08-08T22:25:54+02:00 Add new zammad CVEs, itped - - - - - be4c2264 by Salvatore Bonaccorso at 2022-08-08T22:25:55+02:00 Add CVE-2022-34293/wolfssl - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -869,25 +869,25 @@ CVE-2022-37454 CVE-2022-37453 RESERVED CVE-2022-2708 (A vulnerability, which was classified as critical, was found in Source ...) - TODO: check + NOT-FOR-US: SourceCodester Gym Management System CVE-2022-2707 (A vulnerability classified as critical was found in SourceCodester Onl ...) - TODO: check + NOT-FOR-US: SourceCodester Online Class and Exam Scheduling System CVE-2022-2706 (A vulnerability classified as critical has been found in SourceCodeste ...) - TODO: check + NOT-FOR-US: SourceCodester Online Class and Exam Scheduling System CVE-2022-2705 (A vulnerability was found in SourceCodester Simple Student Information ...) - TODO: check + NOT-FOR-US: SourceCodester Simple Student Information System CVE-2022-2704 (A vulnerability was found in SourceCodester Simple E-Learning System. ...) - TODO: check + NOT-FOR-US: SourceCodester Simple E-Learning System CVE-2022-2703 (A vulnerability was found in SourceCodester Gym Management System. It ...) - TODO: check + NOT-FOR-US: SourceCodester Gym Management System CVE-2022-2702 (A vulnerability was found in SourceCodester Company Website CMS and cl ...) - TODO: check + NOT-FOR-US: SourceCodester Company Website CMS CVE-2022-2701 (A vulnerability classified as problematic was found in SourceCodester ...) - TODO: check + NOT-FOR-US: SourceCodester Simple E-Learning System CVE-2022-2700 (A vulnerability classified as critical has been found in SourceCodeste ...) - TODO: check + NOT-FOR-US: SourceCodester Gym Management System CVE-2022-2699 (A vulnerability was found in SourceCodester Simple E-Learning System. ...) - TODO: check + NOT-FOR-US: SourceCodester Simple E-Learning System CVE-2022-2698 (A vulnerability was found in SourceCodester Simple E-Learning System. ...) NOT-FOR-US: SourceCodester Simple E-Learning System CVE-2022-2697 (A vulnerability was found in SourceCodester Simple E-Learning System. ...) @@ -4060,13 +4060,13 @@ CVE-2022-36269 CVE-2022-36268 RESERVED CVE-2022-36267 (In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Una ...) - TODO: check + NOT-FOR-US: Airspan AirSpot CVE-2022-36266 (In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a sto ...) - TODO: check + NOT-FOR-US: Airspan AirSpot CVE-2022-36265 (In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hid ...) - TODO: check + NOT-FOR-US: Airspan AirSpot CVE-2022-36264 (In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Un ...) - TODO: check + NOT-FOR-US: Airspan AirSpot CVE-2022-36263 RESERVED CVE-2022-36262 @@ -5843,13 +5843,13 @@ CVE-2022-35492 CVE-2022-35491 RESERVED CVE-2022-35490 (Zammad 5.2.0 is vulnerable to privilege escalation. Zammad has a preve ...) - TODO: check + - zammad (bug #841355) CVE-2022-35489 (In Zammad 5.2.0, customers who have secondary organizations assigned w ...) - TODO: check + - zammad (bug #841355) CVE-2022-35488 (In Zammad 5.2.0, an attacker could manipulate the rate limiting in the ...) - TODO: check + - zammad (bug #841355) CVE-2022-35487 (Zammad 5.2.0 suffers from Incorrect Access Control. Zammad did not cor ...) - TODO: check + - zammad (bug #841355) CVE-2022-35486 RESERVED CVE-2022-35485 @@ -9012,7 +9012,8 @@ CVE-2022-34295 (totd before 1.5.3 does not properly randomize mesg IDs. ...) CVE-2022-34294 RESERVED CVE-2022-34293 (wolfSSL before 5.4.0 allows remote attackers to cause a denial of serv ...) - TODO: check + - wolfssl + NOTE: http://www.openwall.com/lists/oss-security/2022/08/08/6 CVE-2022-34292 RESERVED CVE-2022-34291 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) @@ -23593,7 +23594,7 @@ CVE-2022-1325 CVE-2022-1324 (The Event Timeline WordPress plugin through 1.1.5 does not sanitize an ...) NOT-FOR-US: WordPress plugin CVE-2022-1323 (The Discy WordPress theme before 5.0 lacks authorization checks then p ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2022-1322 RESERVED CVE-2022-1321 (The miniOrange's Google Authenticator WordPress plugin before 5.5.6 do ...) View it on GitLab:
[Git][security-tracker-team/security-tracker][master] 3 commits: Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b0118c06 by Salvatore Bonaccorso at 2022-07-11T21:37:32+02:00 Process some NFUs - - - - - c729c039 by Salvatore Bonaccorso at 2022-07-11T21:37:33+02:00 Add CVE-2022-33980/commons-configuration2 - - - - - f71e4e3b by Salvatore Bonaccorso at 2022-07-11T21:37:35+02:00 Add CVE-2022-32061/snipe-it - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2441,7 +2441,7 @@ CVE-2022-30692 CVE-2022-29514 RESERVED CVE-2022-27168 (Cross-site scripting vulnerability in LiteCart versions prior to 2.4.2 ...) - TODO: check + NOT-FOR-US: LiteCart CVE-2022-2214 (A vulnerability was found in SourceCodester Library Management System ...) NOT-FOR-US: SourceCodester Library Management System CVE-2022-2213 (A vulnerability was found in SourceCodester Library Management System ...) @@ -4191,7 +4191,8 @@ CVE-2022-33981 (drivers/block/floppy.c in the Linux kernel before 5.17.6 is vuln NOTE: https://www.openwall.com/lists/oss-security/2022/04/28/1 NOTE: https://git.kernel.org/linus/233087ca063686964a53c829d547c7571e3f67bf (5.18-rc5) CVE-2022-33980 (Apache Commons Configuration performs variable interpolation, allowing ...) - TODO: check + - commons-configuration2 + NOTE: https://www.openwall.com/lists/oss-security/2022/07/06/5 CVE-2022-2129 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...) - vim [stretch] - vim (Minor issue) @@ -7472,7 +7473,7 @@ CVE-2022-32569 CVE-2022-32568 RESERVED CVE-2022-32567 (The Appfire Jira Misc Custom Fields (JMCF) app 2.4.6 for Atlassian Jir ...) - TODO: check + NOT-FOR-US: Appfire Jira Misc Custom Fields (JMCF) app CVE-2022-32566 RESERVED CVE-2022-32565 (An issue was discovered in Couchbase Server before 7.0.4. The Backup S ...) @@ -7926,7 +7927,7 @@ CVE-2022-32443 CVE-2022-32442 (u5cms version 8.3.5 is vulnerable to Cross Site Scripting (XSS). When ...) NOT-FOR-US: u5cms CVE-2022-32441 (A memory corruption in Hex Rays Ida Pro v6.6 allows attackers to cause ...) - TODO: check + NOT-FOR-US: Hex Rays Ida Pro CVE-2022-32440 RESERVED CVE-2022-32439 @@ -8218,7 +8219,7 @@ CVE-2022-32297 CVE-2022-32295 (On Ampere Altra and AltraMax devices before SRP 1.09, the the Altra re ...) NOT-FOR-US: Ampere devices CVE-2022-32294 (Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-l ...) - TODO: check + NOT-FOR-US: Zimbra CVE-2022-32293 RESERVED CVE-2022-32292 @@ -8491,13 +8492,13 @@ CVE-2022-1986 (OS Command Injection in GitHub repository gogs/gogs prior to 0.12 CVE-2022-32234 RESERVED CVE-2022-30943 (Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon ...) - TODO: check + NOT-FOR-US: Cybozu CVE-2022-30602 (Operation restriction bypass in multiple applications of Cybozu Garoon ...) - TODO: check + NOT-FOR-US: Cybozu CVE-2022-29926 RESERVED CVE-2022-29512 (Exposure of sensitive information to an unauthorized actor issue in mu ...) - TODO: check + NOT-FOR-US: Cybozu CVE-2022-1985 (The Download Manager Plugin for WordPress is vulnerable to reflected C ...) NOT-FOR-US: WordPress plugin CVE-2022-1984 @@ -9043,7 +9044,7 @@ CVE-2022-32063 CVE-2022-32062 RESERVED CVE-2022-32061 (An arbitrary file upload vulnerability in the Select User function und ...) - TODO: check + - snipe-it (bug #1005172) CVE-2022-32060 (An arbitrary file upload vulnerability in the Update Branding Settings ...) - snipe-it (bug #1005172) CVE-2022-32059 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6b3e374505c297f9ac83178fa1db2d60f833d287...f71e4e3bd346cb01a2be751d9c51fa5290be7023 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6b3e374505c297f9ac83178fa1db2d60f833d287...f71e4e3bd346cb01a2be751d9c51fa5290be7023 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 79fd9868 by Salvatore Bonaccorso at 2021-05-10T21:59:17+02:00 Process some NFUs - - - - - ad36c4d5 by Salvatore Bonaccorso at 2021-05-11T08:59:12+02:00 Track fixed version for CVE-2021-20308/htmldoc via unstable - - - - - 67f2be05 by Salvatore Bonaccorso at 2021-05-11T09:00:08+02:00 Track fixed version for CVE-2021-32056/cyrus-imapd via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -884,7 +884,7 @@ CVE-2021-32057 RESERVED CVE-2021-32056 [annotate: don't allow everyone to write shared server entries ] RESERVED - - cyrus-imapd + - cyrus-imapd 3.2.6-2 NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/621f9e41465b521399f691c241181300fab55995 NOTE: https://cyrus.topicbox.com/groups/announce/T126392718bc29d6b/cyrus-imap-3-2-7-released CVE-2021-32054 @@ -2882,7 +2882,7 @@ CVE-2021-31247 CVE-2021-31246 RESERVED CVE-2021-31245 (omr-admin.py in openmptcprouter-vps-admin 0.57.3 and earlier compares ...) - TODO: check + NOT-FOR-US: openmptcprouter-vps-admin CVE-2021-31244 RESERVED CVE-2021-31243 @@ -6866,9 +6866,9 @@ CVE-2021-29493 (Kennnyshiwa-cogs contains cogs for Red Discordbot. An RCE exploi CVE-2021-29492 RESERVED CVE-2021-29491 (Mixme is a library for recursive merging of Javascript objects. In Nod ...) - TODO: check + NOT-FOR-US: mixme nodejs module CVE-2021-29490 (Jellyfin is a free software media system that provides media from a de ...) - TODO: check + NOT-FOR-US: Jellyfin CVE-2021-29489 (Highcharts JS is a JavaScript charting library based on SVG. In Highch ...) NOT-FOR-US: Highcharts JS CVE-2021-29488 (SABnzbd is an open source binary newsreader. A vulnerability was disco ...) @@ -13831,7 +13831,7 @@ CVE-2021-26545 CVE-2021-26544 (Livy server version 0.7.0-incubating (only) is vulnerable to a cross s ...) NOT-FOR-US: Apache Livy CVE-2021-26543 (The "gitDiff" function in Wayfair git-parse =1.0.4 has a command i ...) - TODO: check + NOT-FOR-US: git-parse nodejs module CVE-2021-26542 RESERVED CVE-2021-26541 (The gitlog function in src/index.ts in gitlog before 4.0.4 has a comma ...) @@ -29606,7 +29606,7 @@ CVE-2021-20309 [Division by zero in WaveImage() of MagickCore/visual-effects.c] NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/94174beff065cb5683d09d79e992c3ebbdead311 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/f1e68d22d1b35459421710587a0dcbab6900b51f CVE-2021-20308 (Integer overflow in the htmldoc 1.9.11 and before may allow attackers ...) - - htmldoc (unimportant; bug #984765) + - htmldoc 1.9.11-3 (unimportant; bug #984765) NOTE: https://github.com/michaelrsweet/htmldoc/issues/423 NOTE: Crash in CLI tool, no security impact CVE-2021-20307 (Format string vulnerability in panoFileOutputNamesCreate() in libpano1 ...) @@ -32985,7 +32985,7 @@ CVE-2021-1897 CVE-2021-1896 RESERVED CVE-2021-1895 (Possible integer overflow due to improper length check while flashing ...) - TODO: check + NOT-FOR-US: Snapdragon CVE-2021-1894 RESERVED CVE-2021-1893 @@ -80714,7 +80714,7 @@ CVE-2020-11270 (Possible denial of service due to RTT responder consistently rej CVE-2020-11269 (Possible memory corruption while processing EAPOL frames due to lack o ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11268 (Potential UE reset while decoding a crafted Sib1 or SIB1 that schedule ...) - TODO: check + NOT-FOR-US: Snapdragon CVE-2020-11267 RESERVED CVE-2020-11266 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2c88afa77085ee22214f9341283b0ef203cd892a...67f2be05fdf8827c7f6f327764d1c0d119b9dded -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2c88afa77085ee22214f9341283b0ef203cd892a...67f2be05fdf8827c7f6f327764d1c0d119b9dded You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2e985efc by Salvatore Bonaccorso at 2020-01-16T09:21:38+01:00 Process some NFUs - - - - - dacc4e34 by Salvatore Bonaccorso at 2020-01-16T09:21:53+01:00 Add CVE-2020-7106/cacti - - - - - 8ea83610 by Salvatore Bonaccorso at 2020-01-16T09:22:07+01:00 Add CVE-2020-7105/hiredis - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,13 +1,15 @@ CVE-2020-7109 RESERVED CVE-2020-7108 (The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ...) - TODO: check + NOT-FOR-US: LearnDash LMS plugin for WordPress CVE-2020-7107 (The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Dis ...) - TODO: check + NOT-FOR-US: Ultimate FAQ plugin for WordPress CVE-2020-7106 (Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.p ...) - TODO: check + - cacti + NOTE: https://github.com/Cacti/cacti/issues/3191 CVE-2020-7105 (async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a N ...) - TODO: check + - hiredis + NOTE: https://github.com/redis/hiredis/issues/747 CVE-2020-7104 RESERVED CVE-2019-20380 @@ -8399,17 +8401,17 @@ CVE-2019-19861 CVE-2019-19860 RESERVED CVE-2019-19859 (An issue was discovered in Serpico (aka SimplE RePort wrIting and Coll ...) - TODO: check + NOT-FOR-US: Serpico CVE-2019-19858 (An issue was discovered in Serpico (aka SimplE RePort wrIting and Coll ...) - TODO: check + NOT-FOR-US: Serpico CVE-2019-19857 (An issue was discovered in Serpico (aka SimplE RePort wrIting and Coll ...) - TODO: check + NOT-FOR-US: Serpico CVE-2019-19856 (An issue was discovered in Serpico (aka SimplE RePort wrIting and Coll ...) - TODO: check + NOT-FOR-US: Serpico CVE-2019-19855 (An issue was discovered in Serpico (aka SimplE RePort wrIting and Coll ...) - TODO: check + NOT-FOR-US: Serpico CVE-2019-19854 (An issue was discovered in Serpico (aka SimplE RePort wrIting and Coll ...) - TODO: check + NOT-FOR-US: Serpico CVE-2019-19853 RESERVED CVE-2019-19852 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/556cfc30a85eda45847435950cd09556a91e642f...8ea83610a0b2d1dda021de153819014c3ad42dfc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/556cfc30a85eda45847435950cd09556a91e642f...8ea83610a0b2d1dda021de153819014c3ad42dfc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fcf0e0d7 by Salvatore Bonaccorso at 2019-12-26T21:16:34Z Process some NFUs - - - - - e2f879c1 by Salvatore Bonaccorso at 2019-12-26T21:16:57Z Add CVE-2019-16789/waitress - - - - - dbdba091 by Salvatore Bonaccorso at 2019-12-26T21:17:44Z Merge remote-tracking branch origin/master - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7,9 +7,9 @@ CVE-2019-20001 CVE-2019-2 (The malware scan function in BullGuard Premium Protection 20.0.371.8 h ...) NOT-FOR-US: BullGuard Premium Protection CVE-2019-1 (Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) ...) - TODO: check + NOT-FOR-US: Halo CVE-2019-19998 (Xiuno BBS 4.0 allows XXE via plugin/xn_wechat_public/route/token.php. ...) - TODO: check + NOT-FOR-US: Xiuno BBS CVE-2019-19997 RESERVED CVE-2019-19996 (An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. A malfor ...) @@ -3702,7 +3702,7 @@ CVE-2019-19683 (RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable t CVE-2019-19682 (nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the co ...) NOT-FOR-US: nopCommerce CVE-2019-19681 (Pandora FMS 7.x suffers from remote code execution vulnerability. With ...) - TODO: check + NOT-FOR-US: Pandora FMS CVE-2019-19680 RESERVED CVE-2019-19679 (In "Xray Test Management for Jira" prior to version 3.5.5, remote auth ...) @@ -11240,7 +11240,7 @@ CVE-2019-18251 (In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Su CVE-2019-18250 (In all versions of ABB Power Generation Information Manager (PGIM) and ...) NOT-FOR-US: ABB CVE-2019-18249 (Reliable Controls MACH-ProWebCom/Sys, all versions prior to 2.15 (Firm ...) - TODO: check + NOT-FOR-US: Reliable Controls CVE-2019-18248 RESERVED CVE-2019-18247 (An attacker may use a specially crafted message to force Relion 650 se ...) @@ -15878,7 +15878,11 @@ CVE-2019-16791 CVE-2019-16790 RESERVED CVE-2019-16789 (In Waitress through version 1.4.0, if a proxy server is used in front ...) - TODO: check + - waitress + [buster] - waitress (Minor issue) + [stretch] - waitress (Minor issue) + NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-m5ff-3wj3-8ph4 + NOTE: https://github.com/Pylons/waitress/commit/11d9e138125ad46e951027184b13242a3c1de017 CVE-2019-16788 RESERVED CVE-2019-16786 (Waitress through version 1.3.1 would parse the Transfer-Encoding heade ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/13d399b4dc59c1f3d5294b821f1de8613de2106f...dbdba0910571cd02900dba25036165bfc98691e1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/13d399b4dc59c1f3d5294b821f1de8613de2106f...dbdba0910571cd02900dba25036165bfc98691e1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits