[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 36cb0ed7 by Salvatore Bonaccorso at 2024-07-27T14:59:46+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -31,7 +31,7 @@ CVE-2024-42029 (xdg-desktop-portal-hyprland (aka an XDG Desktop Portal backend f CVE-2024-41815 (Starship is a cross-shell prompt. Starting in version 1.0.0 and prior ...) - starship (bug #946187) CVE-2024-41628 (Directory Traversal vulnerability in Severalnines Cluster Control 1.9. ...) - TODO: check + NOT-FOR-US: Severalnines Cluster Control CVE-2024-41120 (streamlit-geospatial is a streamlit multipage app for geospatial appli ...) NOT-FOR-US: streamlit-geospatial CVE-2024-41119 (streamlit-geospatial is a streamlit multipage app for geospatial appli ...) @@ -47,13 +47,13 @@ CVE-2024-41115 (streamlit-geospatial is a streamlit multipage app for geospatial CVE-2024-41114 (streamlit-geospatial is a streamlit multipage app for geospatial appli ...) NOT-FOR-US: streamlit-geospatial CVE-2024-40433 (Insecure Permissions vulnerability in Tencent wechat v.8.0.37 allows a ...) - TODO: check + NOT-FOR-US: Tencent wechat CVE-2024-37034 (An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 bef ...) - TODO: check + NOT-FOR-US: Couchbase Server CVE-2024-1804 (The Tutor LMS \u2013 Migration Tool plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1798 (The Tutor LMS \u2013 Migration Tool plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-7128 (A flaw was found in the Openshift console. Several endpoints in the ap ...) NOT-FOR-US: Openshift CVE-2024-7062 (Nimble Commander suffers from a privilege escalation vulnerability due ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36cb0ed7a7b472ff411314a5b2e995a49c095d36 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36cb0ed7a7b472ff411314a5b2e995a49c095d36 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c62f38e7 by Salvatore Bonaccorso at 2024-07-10T10:37:11+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -73,7 +73,7 @@ CVE-2024-36451 (Improper handling of insufficient permissions or privileges vuln CVE-2024-36450 (Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin ver ...) TODO: check CVE-2024-35154 (IBM WebSphere Application Server 8.5 and 9.0 could allow a remote auth ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-34726 (In PVRSRV_MMap of pvr_bridge_k.c, there is a possible arbitrary code e ...) TODO: check CVE-2024-34725 (In DevmemIntUnexportCtx of devicemem_server.c, there is a possible arb ...) @@ -139,7 +139,7 @@ CVE-2024-27386 (A vulnerability was discovered in the slsi_handle_nan_rx_event_l CVE-2024-27385 (A vulnerability was discovered in the slsi_handle_nan_rx_event_log_ind ...) TODO: check CVE-2024-25023 (IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar S ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-23711 (In DevmemXIntUnreserveRange of devicemem_server.c, there is a possible ...) TODO: check CVE-2024-23698 (In RGXFWChangeOSidPriority of rgxfwutils.c, there is a possible arbitr ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c62f38e738a557bc796c16d148b22dbe141f08c9 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c62f38e738a557bc796c16d148b22dbe141f08c9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8514f364 by Salvatore Bonaccorso at 2024-07-08T22:17:36+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17,9 +17,9 @@ CVE-2024-39896 (Directus is a real-time API and App dashboard for managing SQL d CVE-2024-39895 (Directus is a real-time API and App dashboard for managing SQL databas ...) TODO: check CVE-2024-39743 (IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-39742 (IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-39701 (Directus is a real-time API and App dashboard for managing SQL databas ...) TODO: check CVE-2024-39699 (Directus is a real-time API and App dashboard for managing SQL databas ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8514f3645e216176099d51a69c8d9a58dcdf7cf0 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8514f3645e216176099d51a69c8d9a58dcdf7cf0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fbb50b69 by Salvatore Bonaccorso at 2024-07-05T21:25:02+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2024-39943 (rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, an ...) TODO: check CVE-2024-39937 (supOS 5.0 allows api/image/download?fileName=../ directory traversal f ...) - TODO: check + NOT-FOR-US: supOS CVE-2024-39936 (An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2. ...) TODO: check CVE-2024-39935 (jc21 NGINX Proxy Manager before 2.11.3 allows backend/internal/certifi ...) @@ -64,7 +64,7 @@ CVE-2024-39472 (In the Linux kernel, the following vulnerability has been resolv - linux NOTE: https://git.kernel.org/linus/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a (6.10-rc1) CVE-2024-34481 (drupal-wiki.com Drupal Wiki before 8.31.1 allows XSS via comments, cap ...) - TODO: check + NOT-FOR-US: drupal-wiki.com Drupal Wiki CVE-2024-6513 REJECTED CVE-2024-6511 (A vulnerability classified as problematic was found in y_project RuoYi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fbb50b69b073c89b2bd280c6e3919b07ea1fb993 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fbb50b69b073c89b2bd280c6e3919b07ea1fb993 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d777e250 by Salvatore Bonaccorso at 2024-06-23T12:21:16+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2024-6267 (A vulnerability classified as problematic was found in SourceCodester ...) - TODO: check + NOT-FOR-US: SourceCodester Service Provider Management System CVE-2024-6266 (A vulnerability classified as critical has been found in Pear Admin Bo ...) - TODO: check + NOT-FOR-US: Pear Admin Boot CVE-2024-6253 (A vulnerability was found in itsourcecode Online Food Ordering System ...) NOT-FOR-US: itsourcecode Online Food Ordering System CVE-2024-6252 (A vulnerability has been found in Zorlan SkyCaiji up to 2.8 and classi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d777e250faedc8570273ced1281bf37c9bee115e -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d777e250faedc8570273ced1281bf37c9bee115e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7d4a9892 by Salvatore Bonaccorso at 2024-06-06T22:19:54+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -245,7 +245,7 @@ CVE-2024-28995 (SolarWinds Serv-U was susceptible to a directory transversal vul CVE-2024-23793 (The file upload feature in OTRS and ((OTRS)) Community Edition has a p ...) TODO: check CVE-2024-22326 (IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.4 ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-1881 (AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to ...) TODO: check CVE-2024-1880 (An OS command injection vulnerability exists in the MacOS Text-To-Spee ...) @@ -257,7 +257,7 @@ CVE-2024-1873 (parisneo/lollms-webui is vulnerable to path traversal and denial CVE-2024-0520 (A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code ...) TODO: check CVE-2023-45192 (IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-5665 (The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPr ...) NOT-FOR-US: WordPress plugin CVE-2024-5656 (The Google CSE plugin for WordPress is vulnerable to Stored Cross-Site ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d4a989238e445154013b34a4c24669c041bb8b4 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d4a989238e445154013b34a4c24669c041bb8b4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ee1f63f5 by Salvatore Bonaccorso at 2024-05-28T22:21:55+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -103,7 +103,7 @@ CVE-2024-2451 (Improper fingerprint validation in the TeamViewer Client (Full & CVE-2024-2199 (A denial of service vulnerability was found in 389-ds-base ldap server ...) TODO: check CVE-2024-29072 (A privilege escalation vulnerability exists in the Foxit Reader 2024.2 ...) - TODO: check + NOT-FOR-US: Foxit Reader CVE-2024-28061 (An issue was discovered in Apiris Kafeo 6.4.4. It permits a bypass, of ...) TODO: check CVE-2024-28060 (An issue was discovered in Apiris Kafeo 6.4.4. It permits DLL hijackin ...) @@ -189,7 +189,7 @@ CVE-2023-43843 (Incorrect access control in the account management function of w CVE-2023-43842 (Incorrect access control in the account management function of web int ...) TODO: check CVE-2023-37411 (IBM Aspera Faspex 5.0.0 through 5.0.6 is vulnerable to cross-site scri ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-35953 (Multiple stack-based buffer overflow vulnerabilities exist in the read ...) TODO: check CVE-2023-35952 (Multiple stack-based buffer overflow vulnerabilities exist in the read ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee1f63f56291cae52eaf9f2880ee00f622981b72 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee1f63f56291cae52eaf9f2880ee00f622981b72 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4d3e18f8 by Salvatore Bonaccorso at 2024-05-13T06:14:26+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2024-4799 (A vulnerability, which was classified as critical, was found in Kaship ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-4798 (A vulnerability, which was classified as critical, has been found in S ...) - TODO: check + NOT-FOR-US: SourceCodester Online Computer and Laptop Store CVE-2024-4797 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) NOT-FOR-US: Campcodes Online Laundry Management System CVE-2024-4796 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d3e18f8b18b24bd0337f7f9aec68af58803ec23 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d3e18f8b18b24bd0337f7f9aec68af58803ec23 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 650b9c8f by Salvatore Bonaccorso at 2024-04-18T12:31:18+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -230,9 +230,9 @@ CVE-2024-31578 (FFmpeg version n6.1.1 was discovered to contain a heap use-after CVE-2024-31463 (Ironic-image is an OpenStack Ironic deployment packaged and configured ...) TODO: check CVE-2024-31041 (Null Pointer Dereference vulnerability in topic_filtern function in mq ...) - TODO: check + NOT-FOR-US: NanoMQ CVE-2024-31040 (Buffer Overflow vulnerability in the get_var_integer function in mqtt_ ...) - TODO: check + NOT-FOR-US: NanoMQ CVE-2024-31031 (An issue in `coap_pdu.c` in libcoap 4.3.4 allows attackers to cause un ...) TODO: check CVE-2024-30990 (SQL Injection vulnerability in the "Invoices" page in phpgurukul Clien ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/650b9c8ff693ad4e62ad53672d20dd60ab063f5b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/650b9c8ff693ad4e62ad53672d20dd60ab063f5b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6e56deff by Salvatore Bonaccorso at 2024-04-16T21:08:46+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -267817,9 +267817,9 @@ CVE-2020-22542 CVE-2020-22541 RESERVED CVE-2020-22540 (Stored Cross-Site Scripting (XSS) vulnerability in Codoforum v4.9, all ...) - TODO: check + NOT-FOR-US: Codoforum CVE-2020-22539 (An arbitrary file upload vulnerability in the Add Category function of ...) - TODO: check + NOT-FOR-US: Codoforum CVE-2020-22538 RESERVED CVE-2020-22537 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e56deff06bf24c4810af45a0fc95f56a44c88d9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e56deff06bf24c4810af45a0fc95f56a44c88d9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 593eb613 by Salvatore Bonaccorso at 2024-04-14T13:19:03+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2024-3740 (A vulnerability, which was classified as critical, has been found in c ...) - TODO: check + NOT-FOR-US: cym1102 nginxWebUI CVE-2024-3739 (A vulnerability classified as critical was found in cym1102 nginxWebUI ...) NOT-FOR-US: cym1102 nginxWebUI CVE-2024-3738 (A vulnerability classified as critical has been found in cym1102 nginx ...) @@ -30,7 +30,7 @@ CVE-2024-26817 (In the Linux kernel, the following vulnerability has been resolv CVE-2024-3027 (The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized ...) NOT-FOR-US: WordPress plugin CVE-2024-32028 (OpenTelemetry dotnet is a dotnet telemetry framework. In affected vers ...) - TODO: check + NOT-FOR-US: OpenTelemetry dotnet CVE-2024-32019 (Netdata is an open source observability tool. In affected versions the ...) - netdata (Vulnerable code not present) NOTE: https://github.com/netdata/netdata/security/advisories/GHSA-pmhq-4cxq-wj93 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/593eb6138a9f208b2c9f973fbacf9e7e68246ddd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/593eb6138a9f208b2c9f973fbacf9e7e68246ddd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9759275c by Salvatore Bonaccorso at 2024-04-04T22:21:58+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -53,11 +53,11 @@ CVE-2024-29182 (Collabora Online is a collaborative online office suite based on CVE-2024-28871 (LibHTP is a security-aware parser for the HTTP protocol and the relate ...) TODO: check CVE-2024-28787 (IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application G ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-27575 (Directory Traversal vulnerability in INOTEC Sicherheitstechnik GmbH IN ...) TODO: check CVE-2024-27268 (IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.3 is ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-25709 (There is a stored Cross-site Scripting vulnerability in Esri Portal fo ...) TODO: check CVE-2024-25708 (There is a stored Cross-site Scripting vulnerability in Esri Portal fo ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9759275ccc80082310ffb67c758ff344191add5c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9759275ccc80082310ffb67c758ff344191add5c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1001ce8c by Salvatore Bonaccorso at 2024-03-25T15:39:44+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7,9 +7,9 @@ CVE-2024-29216 (Exposed IOCTL with insufficient access control issue exists in c CVE-2024-29194 (OneUptime is a solution for monitoring and managing online services. T ...) NOT-FOR-US: OneUptime CVE-2024-29188 (WiX toolset lets developers create installers for Windows Installer, t ...) - TODO: check + NOT-FOR-US: WiX toolset (not same as wixl from src:msitools) CVE-2024-29187 (WiX toolset lets developers create installers for Windows Installer, t ...) - TODO: check + NOT-FOR-US: WiX toolset (not same as wixl from src:msitools) CVE-2024-29071 (HGW BL1500HM Ver 002.001.013 and earlier contains a use of week creden ...) NOT-FOR-US: HGW BL1500HM CVE-2024-29034 (CarrierWave is a solution for file uploads for Rails, Sinatra and othe ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1001ce8ce6c1f5873290579ab5bb8c7a2751a79f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1001ce8ce6c1f5873290579ab5bb8c7a2751a79f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f0cb33cb by Salvatore Bonaccorso at 2024-03-21T21:16:28+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -101,7 +101,7 @@ CVE-2024-27956 (Improper Neutralization of Special Elements used in an SQL Comma CVE-2024-27683 (D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buff ...) TODO: check CVE-2024-27277 (The private key for the IBM Storage Protect Plus Server 10.1.0 through ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-27190 (Missing Authorization vulnerability in Jean-David Daviet Download Medi ...) TODO: check CVE-2024-25935 (Missing Authorization vulnerability in Metagauss RegistrationMagic.Thi ...) @@ -129,7 +129,7 @@ CVE-2023-51141 (An issue in ZKTeko BioTime v.8.5.4 and before allows a remote at CVE-2023-49837 (Uncontrolled Resource Consumption vulnerability in David Artiss Code E ...) TODO: check CVE-2023-47715 (IBM Storage Protect Plus Server 10.1.0 through 10.1.16 could allow an ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-26643 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux [buster] - linux (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0cb33cb7eb9b179fb696c68e81a2c8f75932730 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0cb33cb7eb9b179fb696c68e81a2c8f75932730 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bf5458b9 by Salvatore Bonaccorso at 2024-03-21T09:36:27+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -47,11 +47,11 @@ CVE-2024-29033 (OAuthenticator provides plugins for JupyterHub to use common OAu CVE-2024-29032 (Qiskit IBM Runtime is an environment that streamlines quantum computat ...) NOT-FOR-US: IBM CVE-2024-29026 (Owncast is an open source, self-hosted, decentralized, single user liv ...) - TODO: check + NOT-FOR-US: Owncast CVE-2024-29018 (Moby is an open source container framework that is a key component of ...) TODO: check CVE-2024-28916 (Xbox Gaming Services Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-28835 (A flaw has been discovered in GnuTLS where an application crash can be ...) TODO: check CVE-2024-28635 (Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf5458b9e10948d434149df4bcc9786fb5edb2d6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf5458b9e10948d434149df4bcc9786fb5edb2d6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b076ba37 by Salvatore Bonaccorso at 2024-03-14T21:35:50+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2024-1930 + NOT-FOR-US: dnf5daemon-server +CVE-2024-1929 + NOT-FOR-US: dnf5daemon-server CVE-2024-2438 REJECTED CVE-2024-2437 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b076ba37e8f224be6e224960c7c428324680b12d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b076ba37e8f224be6e224960c7c428324680b12d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 82315a7e by Salvatore Bonaccorso at 2024-03-10T21:24:22+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2024-2355 (A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project ...) - TODO: check + NOT-FOR-US: keerti1924 Secret-Coder-PHP-Project CVE-2024-2354 (A vulnerability, which was classified as problematic, was found in Dre ...) - TODO: check + NOT-FOR-US: Dreamer CMS CVE-2024-2353 (A vulnerability, which was classified as critical, has been found in T ...) NOT-FOR-US: Totolink CVE-2024-2352 (A vulnerability, which was classified as critical, has been found in 1 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82315a7e28b28c15b606431bf909fe71a023f769 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82315a7e28b28c15b606431bf909fe71a023f769 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a140735a by Salvatore Bonaccorso at 2024-03-03T20:35:40+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17,7 +17,7 @@ CVE-2024-24307 (Path Traversal vulnerability in Tunis Soft "Product Designer" (p CVE-2024-0968 (Cross-site Scripting (XSS) - DOM in GitHub repository langchain-ai/cha ...) NOT-FOR-US: LanChain-ai Langchain CVE-2024-0795 (If an attacked was given access to an instance with the admin or manag ...) - TODO: check + NOT-FOR-US: AnythingLLM CVE-2024-26621 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/4ef9ad19e17676b9ef071309bc62020e2373705d (6.8-rc3) @@ -590,7 +590,7 @@ CVE-2023-46950 (Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 CVE-2023-39254 (Dell Update Package (DUP), Versions prior to 4.9.10 contain an Uncontr ...) NOT-FOR-US: Dell CVE-2024-2045 (Session version 1.17.5 allows obtaining internal application files and ...) - TODO: check + NOT-FOR-US: Session Android CVE-2024-2022 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...) NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-2021 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a140735aa6c893cf0a6d9f85c42287246df27d40 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a140735aa6c893cf0a6d9f85c42287246df27d40 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 997a1929 by Salvatore Bonaccorso at 2024-02-21T21:19:44+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -89,7 +89,7 @@ CVE-2023-6533 (Malformed Device Reset Locally Command Class packets can be sent CVE-2023-50975 (The TD Bank TD Advanced Dashboard client through 3.0.3 for macOS allow ...) TODO: check CVE-2023-50955 (IBM InfoSphere Information Server 11.7 could allow an authenticated pr ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-49100 (Trusted Firmware-A (TF-A) before 2.10 has a potential read out-of-boun ...) TODO: check CVE-2023-47795 (Stored cross-site scripting (XSS) vulnerability in the Document and Me ...) @@ -97,7 +97,7 @@ CVE-2023-47795 (Stored cross-site scripting (XSS) vulnerability in the Document CVE-2023-46241 (`discourse-microsoft-auth` is a plugin that enables authentication via ...) TODO: check CVE-2023-33843 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-0410 - gitlab CVE-2023-3509 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/997a192908af5823a442fd3d9d711254ffdd4c95 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/997a192908af5823a442fd3d9d711254ffdd4c95 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d332a557 by Salvatore Bonaccorso at 2024-02-14T22:17:20+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -198,7 +198,7 @@ CVE-2023-44294 (In Dell Secure Connect Gateway Application and Secure Connect Ga CVE-2023-43749 REJECTED CVE-2023-42776 (Improper input validation in some Intel(R) SGX DCAP software for Windo ...) - TODO: check + NOT-FOR-US: Intel CVE-2023-42775 REJECTED CVE-2023-42665 @@ -216,7 +216,7 @@ CVE-2023-41090 (Race condition in some Intel(R) MAS software before version 2.3 CVE-2023-40161 (Improper access control in some Intel Unite(R) Client software before ...) TODO: check CVE-2023-40156 (Uncontrolled search path element in some Intel(R) SSU software before ...) - TODO: check + NOT-FOR-US: Intel CVE-2023-40154 (Incorrect default permissions in the Intel(R) SUR for Gameplay Softwar ...) TODO: check CVE-2023-39941 (Improper access control in some Intel(R) SUR software before version 2 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d332a55750c008b5f2b8854634c9722620d4b2e1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d332a55750c008b5f2b8854634c9722620d4b2e1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f5d14b57 by Salvatore Bonaccorso at 2024-02-09T08:42:33+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -113123,6 +113123,7 @@ CVE-2022-2233 (The Banner Cycler plugin for WordPress is vulnerable to Cross-Sit NOT-FOR-US: Banner Cycler plugin for WordPress CVE-2022-2232 RESERVED + NOT-FOR-US: Keycloak CVE-2022-2231 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.) - vim 2:9.0.0135-1 (unimportant) NOTE: https://huntr.dev/bounties/8dae6ab4-7a7a-4716-a65c-9b090fa057b5 @@ -135911,6 +135912,7 @@ CVE-2022-0932 (Missing Authorization in GitHub repository saleor/saleor prior to NOT-FOR-US: saleor CVE-2022-0931 RESERVED + NOT-FOR-US: Red Hat 3scale API gateway CVE-2022-0930 (File upload filter bypass leading to stored XSS in GitHub repository m ...) NOT-FOR-US: microweber CVE-2022-0929 (XSS on dynamic_text module in GitHub repository microweber/microweber ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5d14b57efdb9d53ff44f45f9b97ca5617cef534 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5d14b57efdb9d53ff44f45f9b97ca5617cef534 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 779db563 by Salvatore Bonaccorso at 2024-02-07T09:18:51+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -69,7 +69,7 @@ CVE-2024-22514 (An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows CVE-2024-22388 (Certain configuration available in the communication channel for encod ...) TODO: check CVE-2024-22331 (IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-22241 (Aria Operations for Networks contains a cross site scripting vulnerabi ...) TODO: check CVE-2024-22240 (Aria Operations for Networks contains a local file read vulnerability. ...) @@ -159,7 +159,7 @@ CVE-2023-47167 (A post authentication command injection vulnerability exists in CVE-2023-46683 (A post authentication command injection vulnerability exists when con ...) TODO: check CVE-2023-46183 (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-45735 (A potential attacker with access to the Westermo Lynx device may be ab ...) TODO: check CVE-2023-45227 (An attacker with access to the web application with vulnerable softwar ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/779db56330229c473dd2af6472eb2d50e5f09ff0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/779db56330229c473dd2af6472eb2d50e5f09ff0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e85f0c94 by Salvatore Bonaccorso at 2024-01-21T16:31:25+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -29,7 +29,7 @@ CVE-2024-23682 (Artemis Java Test Sandbox versions before 1.8.0 are vulnerable t CVE-2024-23681 (Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a s ...) NOT-FOR-US: Artemis Java Test Sandbox CVE-2024-23680 (AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9. ...) - TODO: check + NOT-FOR-US: AWS Encryption SDK for Java CVE-2024-23679 (Enonic XP versions less than 7.7.4 are vulnerable to a session fixatio ...) NOT-FOR-US: Enonic XP CVE-2024-23332 (The Notary Project is a set of specifications and tools intended to pr ...) @@ -83,7 +83,7 @@ CVE-2023-47024 (Cross Site Request Forgery vulnerability in NCR Terminal Handler CVE-2023-46447 (The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth ...) NOT-FOR-US: POPS! Rebel CVE-2024-23331 (Vite is a frontend tooling framework for javascript. The Vite dev serv ...) - TODO: check + NOT-FOR-US: Vite CVE-2024-23329 (changedetection.io is an open source tool designed to monitor websites ...) NOT-FOR-US: changedetection.io CVE-2024-22957 (swftools 0.9.2 was discovered to contain an Out-of-bounds Read vulnera ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e85f0c944fb1b2add39e25a52d24475f6e8596a1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e85f0c944fb1b2add39e25a52d24475f6e8596a1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 639e8ce4 by Salvatore Bonaccorso at 2024-01-06T21:16:25+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2023-6801 (The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6798 (The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-21642 (D-Tale is a visualizer for Pandas data structures. Users hosting versi ...) NOT-FOR-US: D-Tale CVE-2024-21641 (Flarum is open source discussion platform software. Prior to version 1 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/639e8ce442bc7a94976b1e56987c5c0bb4735432 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/639e8ce442bc7a94976b1e56987c5c0bb4735432 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fa1e57e7 by Salvatore Bonaccorso at 2024-01-04T19:45:35+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -66,7 +66,7 @@ CVE-2024-21908 (TinyMCE versions before 5.9.0 are affected by a stored cross-sit - tinymce NOTE: https://github.com/tinymce/tinymce/security/advisories/GHSA-5h9g-x5rv-25wg CVE-2024-21907 (Newtonsoft.Json before version 13.0.1 is affected by a mishandling of ...) - TODO: check + NOT-FOR-US: Newtonsoft.Json CVE-2024-21633 (Apktool is a tool for reverse engineering Android APK files. In versio ...) - apktool NOTE: https://github.com/iBotPeaches/Apktool/security/advisories/GHSA-2hqv-2xv4-5h5w @@ -149,7 +149,7 @@ CVE-2023-46738 (CubeFS is an open-source cloud-native file storage system. A sec CVE-2023-45559 (An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send cra ...) NOT-FOR-US: Tamaki_hamanoki Line CVE-2023-39655 (A host header injection vulnerability exists in the NPM package @perfo ...) - TODO: check + NOT-FOR-US: couch-auth Node.js module CVE-2023-38678 (OOB access in paddle.modein PaddlePaddle before 2.6.0. This flaw can c ...) NOT-FOR-US: PaddlePaddle CVE-2023-38677 (FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can c ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa1e57e7327f18e8287f0dcc093c848ac3ab557c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa1e57e7327f18e8287f0dcc093c848ac3ab557c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b5fd82fa by Salvatore Bonaccorso at 2024-01-03T11:03:23+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -71,9 +71,9 @@ CVE-2023-50342 (HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object R CVE-2023-50341 (HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete ...) NOT-FOR-US: HCL CVE-2023-50020 (An issue was discovered in open5gs v2.6.6. SIGPIPE can be used to cras ...) - TODO: check + NOT-FOR-US: Open5GS CVE-2023-50019 (An issue was discovered in open5gs v2.6.6. InitialUEMessage, Registrat ...) - TODO: check + NOT-FOR-US: Open5GS CVE-2023-4164 (There is a possible informationdisclosure due to a missing permission ...) TODO: check CVE-2023-49558 (An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a de ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5fd82fa640e35b53107951c80ec64b310be6f4b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5fd82fa640e35b53107951c80ec64b310be6f4b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 109f92b7 by Salvatore Bonaccorso at 2023-12-18T21:25:20+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -67,11 +67,11 @@ CVE-2023-47789 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce C CVE-2023-47787 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooComm ...) TODO: check CVE-2023-47741 (IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser cl ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-46617 (Cross-Site Request Forgery (CSRF) vulnerability in AdFoxly AdFoxly \u2 ...) TODO: check CVE-2023-46177 (IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to t ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-39509 (A command injection vulnerability exists in Bosch IP cameras that allo ...) TODO: check CVE-2023-35867 (An improper handling of a malformed API answer packets to API clients ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/109f92b73c7a782b30f995134e40d2fe8b76f8d6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/109f92b73c7a782b30f995134e40d2fe8b76f8d6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d461a7ac by Salvatore Bonaccorso at 2023-12-09T11:35:42+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13,9 +13,9 @@ CVE-2023-49799 (`nuxt-api-party` is an open source module to proxy API requests. CVE-2023-49798 (OpenZeppelin Contracts is a library for smart contract development. A ...) NOT-FOR-US: OpenZeppelin Contracts CVE-2023-49797 (PyInstaller bundles a Python application and all its dependencies into ...) - TODO: check + NOT-FOR-US: PyInstaller CVE-2023-48311 (dockerspawner is a tool to spawn JupyterHub single user servers in Doc ...) - TODO: check + NOT-FOR-US: dockerspawner CVE-2023-47722 (IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in bro ...) NOT-FOR-US: IBM CVE-2023-47465 (An issue in GPAC v.2.2.1 and before allows a local attacker to cause a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d461a7ac625442d51d04f15c1ec314befc5a9f9e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d461a7ac625442d51d04f15c1ec314befc5a9f9e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 474e3f17 by Salvatore Bonaccorso at 2023-12-05T07:17:01+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2023-4503 + NOT-FOR-US: Red Hat EAP-Galleon +CVE-2023-6484 + NOT-FOR-US: Keycloak CVE-2023-6481 (A serialization vulnerability in logback receiver component part of l ...) - logback (Incomplte fix not applied) NOTE: https://logback.qos.ch/news.html#1.3.14 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/474e3f1772a3e004df5f4b76bca80ff55f35 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/474e3f1772a3e004df5f4b76bca80ff55f35 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6087b4d1 by Salvatore Bonaccorso at 2023-11-11T08:32:37+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17,7 +17,7 @@ CVE-2023-47164 (Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earli CVE-2023-47129 (Statmic is a core Laravel content management system Composer package. ...) TODO: check CVE-2023-47128 (Piccolo is an object-relational mapping and query builder which suppor ...) - TODO: check + NOT-FOR-US: Piccolo ORM (not the same as src:piccolo) CVE-2023-47121 (Discourse is an open source platform for community discussion. Prior t ...) NOT-FOR-US: Discourse CVE-2023-47120 (Discourse is an open source platform for community discussion. In vers ...) @@ -25,7 +25,7 @@ CVE-2023-47120 (Discourse is an open source platform for community discussion. I CVE-2023-47119 (Discourse is an open source platform for community discussion. Prior t ...) NOT-FOR-US: Discourse CVE-2023-47108 (OpenTelemetry-Go Contrib is a collection of third-party packages for O ...) - TODO: check + NOT-FOR-US: OpenTelemetry-Go Contrib CVE-2023-46735 (Symfony is a PHP framework for web and console applications and a set ...) - symfony (Vulnerable code introduced later in v6.3.0) NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-72x2-5c85-6wmr View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6087b4d144f0bfe681dd77d576e9de1cc2ae07b0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6087b4d144f0bfe681dd77d576e9de1cc2ae07b0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 49ac3735 by Salvatore Bonaccorso at 2023-11-01T16:51:57+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -497443,7 +497443,7 @@ CVE-2015-2970 (index.php in LEMON-S PHP Simple Oekaki BBS before 1.21 allows rem CVE-2015-2969 (Cross-site scripting (XSS) vulnerability in index.php in LEMON-S PHP S ...) NOT-FOR-US: Oekaki BBS CVE-2015-2968 (LINE@ for Android version 1.0.0 and LINE@ for iOS version 1.0.0 are vu ...) - TODO: check + NOT-FOR-US: LINE apps for Android and iOS CVE-2015-2966 (Directory traversal vulnerability in the Droidware UK Explorer+ File M ...) NOT-FOR-US: Droidware UK Explorer+ File Manager application for Android CVE-2015-2965 (Directory traversal vulnerability in osCommerce Japanese 2.2ms1j-R8 an ...) @@ -504420,7 +504420,7 @@ CVE-2015-0899 (The MultiPageValidator implementation in Apache Struts 1 1.1 thro CVE-2015-0898 (futomi CGI Cafe MP Form Mail CGI eCommerce before 2.0.12 on Windows al ...) NOT-FOR-US: futomi CGI Cafe MP Form Mail CGI eCommerce CVE-2015-0897 (LINE for Android version 5.0.2 and earlier and LINE for iOS version 5. ...) - TODO: check + NOT-FOR-US: LINE apps for Android and iOS CVE-2015-0896 (Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer befor ...) {DLA-453-1 DLA-296-1} - extplorer (bug #783231) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49ac373566cf7ee4824bb73b16dcf8668cc1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49ac373566cf7ee4824bb73b16dcf8668cc1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 72ba6d11 by Salvatore Bonaccorso at 2023-10-29T21:15:47+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2007-10003 (A vulnerability, which was classified as critical, has been found in T ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2005-10002 (A vulnerability, which was classified as critical, was found in almost ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5840 (Weak Password Recovery Mechanism for Forgotten Password in GitHub repo ...) NOT-FOR-US: LinkStack CVE-2023-5839 (Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72ba6d11f2f040b990eb8d49101bbbd6ae39dd9d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72ba6d11f2f040b990eb8d49101bbbd6ae39dd9d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d642379c by Salvatore Bonaccorso at 2023-10-18T12:38:46+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -19,9 +19,9 @@ CVE-2023-45049 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi CVE-2023-45008 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPJo ...) NOT-FOR-US: WordPress plugin CVE-2023-42507 (Stack-based buffer overflow vulnerability exists in OnSinView2 version ...) - TODO: check + NOT-FOR-US: OnSinView2 CVE-2023-42506 (Improper restriction of operations within the bounds of a memory buffe ...) - TODO: check + NOT-FOR-US: OnSinView2 CVE-2023-42319 (Geth (aka go-ethereum) through 1.13.4, when --http --graphql is used, ...) TODO: check CVE-2023-41715 (SonicOS post-authentication Improper Privilege Management vulnerabilit ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d642379c64f7d1c0ea2b87bf3022d8bfb51cd5c7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d642379c64f7d1c0ea2b87bf3022d8bfb51cd5c7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3af1761d by Salvatore Bonaccorso at 2023-10-07T10:22:25+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -91031,7 +91031,7 @@ CVE-2022-34357 CVE-2022-34356 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...) NOT-FOR-US: IBM CVE-2022-34355 (IBM Jazz Foundation (IBM Engineering Lifecycle Management 6.0.6, 6.0.6 ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-34354 (IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage o ...) NOT-FOR-US: IBM CVE-2022-34353 @@ -94050,7 +94050,7 @@ CVE-2022-33162 CVE-2022-33161 RESERVED CVE-2022-33160 (IBM Security Directory Suite 8.0.1 uses weaker than expected cryptogra ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-33159 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user cre ...) NOT-FOR-US: IBM CVE-2022-33158 (Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulner ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3af1761ded302a7c216500e0f72c1c5918af59ee -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3af1761ded302a7c216500e0f72c1c5918af59ee You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c96bf0c2 by Salvatore Bonaccorso at 2023-10-06T22:29:20+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -49,7 +49,7 @@ CVE-2023-44146 (Cross-Site Request Forgery (CSRF) vulnerability in Checkfront In CVE-2023-43810 (OpenTelemetry, also known as OTel for short, is a vendor-neutral open- ...) TODO: check CVE-2023-43058 (IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escal ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-42445 (Gradle is a build tool with a focus on build automation and support fo ...) TODO: check CVE-2023-41950 (Cross-Site Request Forgery (CSRF) vulnerability in Laposta - Roel Bous ...) @@ -77,7 +77,7 @@ CVE-2023-38703 (PJSIP is a free and open source multimedia communication library CVE-2023-36465 (Decidim is a participatory democracy framework, written in Ruby on Rai ...) TODO: check CVE-2023-35897 (IBM Spectrum Protect Client and IBM Storage Protect for Virtual Enviro ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-32972 (A buffer copy without checking size of input vulnerability has been re ...) TODO: check CVE-2023-32971 (A buffer copy without checking size of input vulnerability has been re ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c96bf0c27c5c1a3e2491a8095b179162ff1028a6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c96bf0c27c5c1a3e2491a8095b179162ff1028a6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fa391c52 by Salvatore Bonaccorso at 2023-09-28T22:22:50+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -49,11 +49,11 @@ CVE-2023-43323 (mooSocial 3.1.8 is vulnerable to external service interaction on CVE-2023-43226 (An arbitrary file upload vulnerability in dede/baidunews.php in DedeCM ...) TODO: check CVE-2023-43044 (IBM License Metric Tool 9.2 could allow a remote attacker to traverse ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-41911 (Samsung Mobile Processor Exynos 2200 allows a GPU Double Free (issue 1 ...) TODO: check CVE-2023-40375 (Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contain ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-40307 (An attacker with standard privileges on macOS when requesting administ ...) TODO: check CVE-2023-39195 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa391c527ed045d59dd5854182ff812a8d0e04d0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa391c527ed045d59dd5854182ff812a8d0e04d0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cf0aa547 by Salvatore Bonaccorso at 2023-09-07T10:31:22+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,9 +1,9 @@ CVE-2023-4815 (Missing Authentication for Critical Function in GitHub repository answ ...) TODO: check CVE-2023-4792 (The Duplicate Post Page Menu & Custom Post Type plugin for WordPress i ...) - TODO: check + NOT-FOR-US: Duplicate Post Page Menu & Custom Post Type plugin for WordPress CVE-2023-4772 (The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site ...) - TODO: check + NOT-FOR-US: Newsletter plugin for WordPress CVE-2023-41329 (WireMock is a tool for mocking HTTP services. The proxy mode of WireMo ...) TODO: check CVE-2023-41327 (WireMock is a tool for mocking HTTP services. WireMock can be configur ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf0aa547b007113afdbbb8a9df39fe7e54515c04 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf0aa547b007113afdbbb8a9df39fe7e54515c04 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8411e245 by Salvatore Bonaccorso at 2023-08-30T20:35:31+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -27,7 +27,7 @@ CVE-2023-39559 (AudimexEE 15.0 was discovered to contain a full path disclosure CVE-2023-39558 (AudimexEE v15.0 was discovered to contain multiple reflected cross-sit ...) NOT-FOR-US: AudimexEE CVE-2023-38975 (* Buffer Overflow vulnerability in qdrant v.1.3.2 allows a remote atta ...) - TODO: check + NOT-FOR-US: qdrant CVE-2023-38971 (Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allo ...) NOT-FOR-US: Badaso CVE-2023-32241 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPDevelo ...) @@ -70,7 +70,7 @@ CVE-2023-3252 (An arbitrary file write vulnerability exists where an authenticat CVE-2023-3251 (A pass-back vulnerability exists where an authenticated, remote attack ...) TODO: check CVE-2023-39678 (A cross-site scripting (XSS) vulnerability in the device web interface ...) - TODO: check + NOT-FOR-US: BDCOM OLT P3310D-2AC CVE-2023-39663 (Mathjax up to v2.7.9 was discovered to contain two Regular expression ...) TODO: check CVE-2023-39616 (AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read mem ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8411e245b40404a35398b177655759cdff29ebd2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8411e245b40404a35398b177655759cdff29ebd2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 64687fd8 by Salvatore Bonaccorso at 2023-08-27T17:31:41+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -35,11 +35,11 @@ CVE-2023-40587 (Pyramid is an open source Python web framework. A path traversal NOTE: Underlying issue fixed in Python 3.11 and 3.12. TODO: check, claimed to be only affecting >= 2.0 CVE-2023-40586 (OWASP Coraza WAF is a golang modsecurity compatible web application fi ...) - TODO: check + NOT-FOR-US: OWASP Coraza WAF CVE-2023-40585 (ironic-image is a container image to run OpenStack Ironic as part of M ...) TODO: check CVE-2023-40583 (libp2p is a networking stack and library modularized out of The IPFS P ...) - TODO: check + NOT-FOR-US: go-libp2p CVE-2023-40571 (weblogic-framework is a tool for detecting weblogic vulnerabilities. V ...) TODO: check CVE-2023-40166 (Notepad++ is a free and open-source source code editor. Versions 8.5.6 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64687fd89654dad7b43eb5f0ba22be5e996badf4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64687fd89654dad7b43eb5f0ba22be5e996badf4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8fb90b5b by Salvatore Bonaccorso at 2023-08-27T14:35:15+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2023-4556 (A vulnerability was found in SourceCodester Online Graduate Tracer Sys ...) - TODO: check + NOT-FOR-US: SourceCodester Online Graduate Tracer System CVE-2023-4555 (A vulnerability has been found in SourceCodester Inventory Management ...) - TODO: check + NOT-FOR-US: SourceCodester Inventory Management System CVE-2023-4548 (A vulnerability classified as critical has been found in SPA-Cart eCom ...) NOT-FOR-US: SPA-Cart eCommerce CMS CVE-2023-4547 (A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has be ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fb90b5bf91813f6174d5312e73846e947fd5b99 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fb90b5bf91813f6174d5312e73846e947fd5b99 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1490561e by Salvatore Bonaccorso at 2023-08-27T08:39:00+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2023-4548 (A vulnerability classified as critical has been found in SPA-Cart eCom ...) - TODO: check + NOT-FOR-US: SPA-Cart eCommerce CMS CVE-2023-4547 (A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has be ...) - TODO: check + NOT-FOR-US: SPA-Cart eCommerce CMS CVE-2023-4546 (A vulnerability was found in Beijing Baichuo Smart S85F Management Pla ...) NOT-FOR-US: Beijing Baichuo Smart S85F Management Plattform CVE-2023-4545 (A vulnerability was found in IBOS OA 4.5.5. It has been classified as ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1490561e6e1ca51549068ce48818c6f170ad6758 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1490561e6e1ca51549068ce48818c6f170ad6758 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 14245744 by Salvatore Bonaccorso at 2023-08-24T23:21:16+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -215334,7 +215334,7 @@ CVE-2020-24115 (In projectworlds Online Book Store 1.0 Use of Hard-coded Credent CVE-2020-24114 RESERVED CVE-2020-24113 (Directory Traversal vulnerability in Contacts File Upload Interface in ...) - TODO: check + NOT-FOR-US: Yealink W60B CVE-2020-24112 RESERVED CVE-2020-24111 @@ -219432,7 +219432,7 @@ CVE-2020-22183 CVE-2020-22182 RESERVED CVE-2020-22181 (A reflected cross site scripting (XSS) vulnerability was discovered on ...) - TODO: check + NOT-FOR-US: Samsung CVE-2020-22180 RESERVED CVE-2020-22179 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1424574447d1389b72d17703e86bb6e1d94f2437 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1424574447d1389b72d17703e86bb6e1d94f2437 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e3159204 by Salvatore Bonaccorso at 2023-08-14T22:23:17+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -37,9 +37,9 @@ CVE-2023-39293 (A Command Injection vulnerability has been identified in the MiV CVE-2023-39292 (A SQL Injection vulnerability has been identified in the MiVoice Offic ...) TODO: check CVE-2023-38741 (IBM TXSeries for Multiplatforms 8.1, 8.2, and 9.1 is vulnerable to a d ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-38721 (The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i conta ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-37847 (novel-plus v3.6.2 was discovered to contain a SQL injection vulnerabil ...) TODO: check CVE-2023-37070 (Code Projects Hospital Information System 1.0 is vulnerable to Cross S ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e31592046077e2077330b9c790066471c50bbf73 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e31592046077e2077330b9c790066471c50bbf73 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 313f413d by Salvatore Bonaccorso at 2023-08-12T10:14:41+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2023-4293 (The Premium Packages - Sell Digital Products Securely plugin for WordP ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-3452 (The Canto plugin for WordPress is vulnerable to Remote File Inclusion ...) - TODO: check + NOT-FOR-US: Canto plugin for WordPress CVE-2023-3937 (Cross site scripting vulnerability in web portal in Snow Software Lice ...) NOT-FOR-US: Snow Software CVE-2023-3864 (Blind SQL injection in a service running in Snow Software license mana ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/313f413d05a4614f32c363282615ebbc599ec2ff -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/313f413d05a4614f32c363282615ebbc599ec2ff You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: de0e2aa7 by Salvatore Bonaccorso at 2023-08-11T22:46:28+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2023-3937 (Cross site scripting vulnerability in web portal in Snow Software Lice ...) - TODO: check + NOT-FOR-US: Snow Software CVE-2023-3864 (Blind SQL injection in a service running in Snow Software license mana ...) - TODO: check + NOT-FOR-US: Snow Software CVE-2023-39949 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...) TODO: check CVE-2023-39948 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de0e2aa7f293f6e3ef3e7893bc7d80d37b7abff7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de0e2aa7f293f6e3ef3e7893bc7d80d37b7abff7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8a787916 by Salvatore Bonaccorso at 2023-08-10T10:21:05+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2023-4277 (The Realia plugin for WordPress is vulnerable to Cross-Site Request Fo ...) - TODO: check + NOT-FOR-US: Realia plugin for WordPress CVE-2023-4276 (The Absolute Privacy plugin for WordPress is vulnerable to Cross-Site ...) - TODO: check + NOT-FOR-US: Absolute Privacy plugin for WordPress CVE-2023-36673 (An issue was discovered in Avira Phantom VPN through 2.23.1 for macOS. ...) TODO: check CVE-2023-36672 (An issue was discovered in the Clario VPN client through 5.9.1.1662 fo ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a787916d9da70327f0b054de8d0ff983fb1ba67 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a787916d9da70327f0b054de8d0ff983fb1ba67 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d159fc5a by Salvatore Bonaccorso at 2023-07-22T14:39:12+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2023-3826 (A vulnerability has been found in IBOS OA 4.5.5 and classified as crit ...) - TODO: check + NOT-FOR-US: IBOS OA CVE-2023-3776 (A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw ...) - linux NOTE: https://git.kernel.org/linus/0323bce598eea038714f941ce2b22541c46d488f (6.5-rc2) @@ -22,7 +22,7 @@ CVE-2023-37917 (KubePi is an opensource kubernetes management panel. A normal us CVE-2023-37916 (KubePi is an opensource kubernetes management panel. The endpoint /kub ...) TODO: check CVE-2023-35077 (An out-of-bounds write vulnerability on windows operating systems caus ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2023-3822 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pi ...) NOT-FOR-US: pimcore CVE-2023-3821 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d159fc5ac09a62bd56f04ca83ddc8400987ba668 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d159fc5ac09a62bd56f04ca83ddc8400987ba668 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3296fc06 by Salvatore Bonaccorso at 2023-07-06T21:46:56+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -42,9 +42,9 @@ CVE-2023-36828 (Statamic is a flat-first, Laravel and Git powered content manage CVE-2023-36827 (Fides is an open-source privacy engineering platform for managing the ...) TODO: check CVE-2023-36822 (Uptime Kuma, a self-hosted monitoring tool, has a path traversal vulne ...) - TODO: check + NOT-FOR-US: Uptime Kuma CVE-2023-36821 (Uptime Kuma, a self-hosted monitoring tool, allows an authenticated at ...) - TODO: check + NOT-FOR-US: Uptime Kuma CVE-2023-36809 (Kiwi TCMS, an open source test management system allows users to uploa ...) NOT-FOR-US: Kiwi TCMS CVE-2023-36808 (GLPI is a free asset and IT management software package. Starting in v ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3296fc067506ab2ee95845d8d1b42d680f450b1e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3296fc067506ab2ee95845d8d1b42d680f450b1e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ebe96281 by Salvatore Bonaccorso at 2023-06-26T22:18:40+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10380,7 +10380,7 @@ CVE-2023-29436 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi CVE-2023-29435 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) TODO: check CVE-2023-29434 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fanc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-29433 RESERVED CVE-2023-29432 @@ -60177,7 +60177,7 @@ CVE-2022-40012 CVE-2022-40011 (Cross Site Scripting (XSS) vulnerability in typora through 1.38 allows ...) NOT-FOR-US: typora CVE-2022-40010 (Tenda AC6 AC1200 Smart Dual-Band WiFi Router 15.03.06.50_multi was dis ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-40009 (SWFTools commit 772e55a was discovered to contain a heap-use-after-fre ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/190 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebe96281b44bdbe8c0c224c48a62c7d1c2816788 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebe96281b44bdbe8c0c224c48a62c7d1c2816788 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9b1a71b8 by Salvatore Bonaccorso at 2023-06-25T22:29:33+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,9 +1,9 @@ CVE-2023-3396 (A vulnerability was found in Campcodes Retro Cellphone Online Store 1. ...) - TODO: check + NOT-FOR-US: Campcodes Retro Cellphone Online Store CVE-2023-36632 (The legacy email.utils.parseaddr function in Python through 3.11.4 all ...) TODO: check CVE-2023-36630 (In CloudPanel before 2.3.1, insecure file upload leads to privilege es ...) - TODO: check + NOT-FOR-US: CloudPanel CVE-2015-20109 (end_pattern (called from internal_fnmatch) in the GNU C Library (aka g ...) TODO: check CVE-2023-36612 (Directory traversal can occur in the Basecamp com.basecamp.bc3 applica ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b1a71b8409bff3d3be89759145ebd34a1ba3f5e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b1a71b8409bff3d3be89759145ebd34a1ba3f5e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4e979b82 by Salvatore Bonaccorso at 2023-06-22T22:16:05+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -65,7 +65,7 @@ CVE-2023-34796 (Cross site scripting (XSS) vulnerabiliy in dmarcts-report-viewer CVE-2023-34601 (Jeesite before commit 10742d3 was discovered to contain a SQL injectio ...) TODO: check CVE-2023-34368 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kanb ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-34170 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP O ...) TODO: check CVE-2023-34028 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF \u2 ...) @@ -16302,7 +16302,7 @@ CVE-2023-27620 (Auth. (contributor+) Stored Cross-site Scripting (XSS) vulnerabi CVE-2023-27619 (Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability ...) NOT-FOR-US: WordPress theme CVE-2023-27618 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in AGI ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-27617 RESERVED CVE-2023-27616 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e979b829f5d6b5f21f59801eb77e5fe12f44988 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e979b829f5d6b5f21f59801eb77e5fe12f44988 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8a0749e6 by Salvatore Bonaccorso at 2023-06-22T12:34:05+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2023-34614 (An issue was discovered jmarsden/jsonij thru 0.5.2 allows attackers to ...) TODO: check CVE-2023-33842 (IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 r ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-33405 (Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect.) TODO: check CVE-2023-32449 (Dell PowerStore versions prior to 3.5 contain an improper verification ...) @@ -11527,7 +11527,7 @@ CVE-2023-28958 CVE-2023-28957 RESERVED CVE-2023-28956 (IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 ma ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-28955 RESERVED CVE-2023-28954 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a0749e64c5804278c4dec5dcebd4a9a5725992d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a0749e64c5804278c4dec5dcebd4a9a5725992d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e5e494c8 by Salvatore Bonaccorso at 2023-06-21T11:13:27+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2023-3339 (A vulnerability has been found in code-projects Agro-School Management ...) - TODO: check + NOT-FOR-US: Agro-School Management System CVE-2023-34340 (Improper Authentication vulnerability in Apache Software Foundation Ap ...) - TODO: check + NOT-FOR-US: Apache Accumulo CVE-2023-3340 (A vulnerability was found in SourceCodester Online School Fees System ...) NOT-FOR-US: SourceCodester Online School Fees System CVE-2023-3337 (A vulnerability was found in PuneethReddyHC Online Shopping System Adv ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5e494c8d7dd3852ba580627f70973891d6efbee -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5e494c8d7dd3852ba580627f70973891d6efbee You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b711aa83 by Salvatore Bonaccorso at 2023-06-03T22:16:42+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,11 +1,11 @@ CVE-2023-3086 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...) - teampass (bug #730180) CVE-2023-3085 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: X-RT luci CVE-2023-3084 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...) - teampass (bug #730180) CVE-2023-32582 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kyle ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-3083 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...) - teampass (bug #730180) CVE-2023-3055 (The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross- ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b711aa8380b6d05b3f7501a61cb9fd0c61d1812e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b711aa8380b6d05b3f7501a61cb9fd0c61d1812e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e7ebf32e by Salvatore Bonaccorso at 2023-06-02T11:31:39+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2023-3000 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) TODO: check CVE-2023-2835 (The WP Directory Kit plugin for WordPress is vulnerable to Reflected C ...) - TODO: check + NOT-FOR-US: WP Directory Kit plugin for WordPress CVE-2016-15032 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problema ...) TODO: check CVE-2015-10110 (A vulnerability classified as problematic was found in ruddernation Ti ...) @@ -14259,7 +14259,7 @@ CVE-2023-1161 (ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0 CVE-2023-1160 (Use of Platform-Dependent Third Party Components in GitHub repository ...) NOT-FOR-US: Cockpit Content Platform (different from src:cockpit) CVE-2023-1159 (The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scr ...) - TODO: check + NOT-FOR-US: Bookly plugin for WordPress CVE-2023-1158 (Hitachi Vantara Pentaho Business Analytics Server versions before 9.4. ...) NOT-FOR-US: Hitachi Vantara Pentaho Business Analytics Server CVE-2023-1157 (A vulnerability, which was classified as problematic, was found in fin ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7ebf32e24833c976e8d320a69c6c70068790dc7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7ebf32e24833c976e8d320a69c6c70068790dc7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c4742010 by Salvatore Bonaccorso at 2023-05-18T10:21:52+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6,11 +6,11 @@ CVE-2023-33203 (The Linux kernel before 6.2.9 has a race condition and resultant [buster] - linux 4.19.282-1 NOTE: https://git.kernel.org/linus/6b6bc5b8bd2d4ca9e1efa9ae0f98a0b0687ace75 (6.3-rc4) CVE-2023-31729 (TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection.) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2023-2780 (Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prio ...) TODO: check CVE-2023-2757 (The Waiting: One-click countdowns plugin for WordPress is vulnerable t ...) - TODO: check + NOT-FOR-US: Waiting: One-click countdowns plugin for WordPress CVE-2019-25137 (Umbraco CMS 7.12.4 allows Remote Code Execution by authenticated admin ...) TODO: check CVE-2023-32763 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c474201035b1cb168b6231004287c72ca40e5d48 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c474201035b1cb168b6231004287c72ca40e5d48 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f59224e0 by Salvatore Bonaccorso at 2023-05-17T11:40:25+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15,11 +15,11 @@ CVE-2023-2753 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten CVE-2023-2752 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) TODO: check CVE-2023-2706 (The OTP Login Woocommerce & Gravity Forms plugin for WordPress is vuln ...) - TODO: check + NOT-FOR-US: OTP Login Woocommerce & Gravity Forms plugin for WordPress CVE-2023-2608 (The Multiple Page Generator Plugin for WordPress is vulnerable to Cros ...) TODO: check CVE-2023-2528 (The Contact Form by Supsystic plugin for WordPress is vulnerable to Cr ...) - TODO: check + NOT-FOR-US: Contact Form by Supsystic plugin for WordPress CVE-2023-2509 (A Cross-Site Scripting(XSS) vulnerability was found on ADM, LooksGood ...) TODO: check CVE-2023-2469 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f59224e0f893085c1a866a04b0da0be06c1a74e0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f59224e0f893085c1a866a04b0da0be06c1a74e0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c74e77ed by Salvatore Bonaccorso at 2023-05-16T21:12:28+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -73,7 +73,7 @@ CVE-2023-32955 (Improper neutralization of special elements used in an OS comman CVE-2023-32309 (PyMdown Extensions is a set of extensions for the `Python-Markdown` ma ...) TODO: check CVE-2023-32308 (anuko timetracker is an open source time tracking system. Boolean-base ...) - TODO: check + NOT-FOR-US: Anuko Time Tracker CVE-2023-32068 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-2710 (The video carousel slider with lightbox plugin for WordPress is vulner ...) @@ -81,7 +81,7 @@ CVE-2023-2710 (The video carousel slider with lightbox plugin for WordPress is v CVE-2023-2708 (The Video Gallery plugin for WordPress is vulnerable to Reflected Cros ...) NOT-FOR-US: Video Gallery plugin for WordPress CVE-2023-32787 (The OPC UA Legacy Java Stack before 6f176f2 enables an attacker to blo ...) - TODO: check + NOT-FOR-US: OPC UA Legacy Java Stack CVE-2023-32314 (vm2 is a sandbox that can run untrusted code with Node's built-in modu ...) NOT-FOR-US: Node vm2 CVE-2023-32313 (vm2 is a sandbox that can run untrusted code with Node's built-in modu ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c74e77ed6c3553bad74952d9adf43cb2664b631b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c74e77ed6c3553bad74952d9adf43cb2664b631b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f6e96e1f by Salvatore Bonaccorso at 2023-05-12T22:24:15+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11273,7 +11273,7 @@ CVE-2023-27865 CVE-2023-27864 (IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to HTML ...) NOT-FOR-US: IBM CVE-2023-27863 (IBM Spectrum Protect Plus Server 10.1.13, under specific configuration ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-27862 RESERVED CVE-2023-27861 @@ -16580,7 +16580,7 @@ CVE-2023-25929 CVE-2023-25928 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) NOT-FOR-US: IBM CVE-2023-25927 (IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-25926 RESERVED CVE-2023-25925 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6e96e1f86a83c57fc689f2c2ffd75dc9d954abf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6e96e1f86a83c57fc689f2c2ffd75dc9d954abf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ea818f76 by Salvatore Bonaccorso at 2023-05-09T22:21:38+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -22215,7 +22215,7 @@ CVE-2023-23886 CVE-2023-23885 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23884 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kanb ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-23883 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilityin David ...) TODO: check CVE-2023-23882 @@ -22914,7 +22914,7 @@ CVE-2023-23666 CVE-2023-23665 RESERVED CVE-2023-23664 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-23663 RESERVED CVE-2023-23662 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea818f768e252fb3490b7bfdee1472f1266ca45c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea818f768e252fb3490b7bfdee1472f1266ca45c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b5712724 by Salvatore Bonaccorso at 2023-05-07T22:18:29+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2023-2565 (A vulnerability has been found in SourceCodester Multi Language Hotel ...) - TODO: check + NOT-FOR-US: SourceCodester Multi Language Hotel Management Software CVE-2023-2564 (OS Command Injection in GitHub repository sbs20/scanservjs prior to v2 ...) - TODO: check + NOT-FOR-US: scanservjs (SANE scanner nodejs web ui) CVE-2023-32290 (The myMail app through 14.30 for iOS sends cleartext credentials in a ...) NOT-FOR-US: myMail app for iOS CVE-2023-2560 (A vulnerability was found in jja8 NewBingGoGo up to 2023.5.5.2. It has ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5712724042405443601c198cb16e968346cc829 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5712724042405443601c198cb16e968346cc829 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: df41dacc by Salvatore Bonaccorso at 2023-05-06T13:52:39+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -34,7 +34,7 @@ CVE-2023-31415 (Kibana version 8.7.0 contains an arbitrary code execution flaw. CVE-2023-31414 (Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code executio ...) - kibana (bug #700337) CVE-2023-31413 (Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson inp ...) - TODO: check + NOT-FOR-US: Filebeat CVE-2023-2535 REJECTED NOT-FOR-US: KNIME @@ -3529,7 +3529,7 @@ CVE-2023-30218 CVE-2023-30217 RESERVED CVE-2023-30216 (Insecure permissions in the updateUserInfo function of newbee-mall bef ...) - TODO: check + NOT-FOR-US: newbee-mall CVE-2023-30215 RESERVED CVE-2023-30214 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df41daccc4b43784c8e54e0f7afc3bfc82b0353c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df41daccc4b43784c8e54e0f7afc3bfc82b0353c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 09c83aa6 by Salvatore Bonaccorso at 2023-05-04T23:07:53+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -18898,7 +18898,7 @@ CVE-2023-24960 (IBM InfoSphere Information Server 11.7 could allow a remote atta CVE-2023-24959 RESERVED CVE-2023-24958 (A vulnerability in the IBM TS7700 Management Interface 8.51.2.12, 8.52 ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-24957 RESERVED CVE-2023-24956 (Forget Heart Message Box v1.1 was discovered to contain a SQL injectio ...) @@ -23406,7 +23406,7 @@ CVE-2023-23472 CVE-2023-23471 RESERVED CVE-2023-23470 (IBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated privileged a ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-23469 (IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0. ...) NOT-FOR-US: IBM CVE-2023-23468 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09c83aa6624bc2e1ab302d17e7c4dbd88efd2385 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09c83aa6624bc2e1ab302d17e7c4dbd88efd2385 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 26b0cc91 by Salvatore Bonaccorso at 2023-04-26T10:26:15+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -49501,7 +49501,7 @@ CVE-2022-41741 (NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open CVE-2022-41740 (IBM Robotic Process Automation 20.12 through 21.0.6 could allow an att ...) NOT-FOR-US: IBM CVE-2022-41739 (IBM Spectrum Scale (IBM Spectrum Scale Container Native Storage Access ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-41738 RESERVED CVE-2022-41737 @@ -62862,7 +62862,7 @@ CVE-2022-36771 (IBM QRadar User Behavior Analytics could allow an authenticated CVE-2022-36770 RESERVED CVE-2022-36769 (IBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to up ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-36768 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...) NOT-FOR-US: IBM CVE-2022-2546 (The All-in-One WP Migration WordPress plugin before 7.63 uses the wron ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26b0cc912734077a75336caf6720622914da2338 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26b0cc912734077a75336caf6720622914da2338 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d898e605 by Salvatore Bonaccorso at 2023-04-25T10:26:13+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1630,9 +1630,9 @@ CVE-2023-30630 (Dmidecode before 3.5 allows -dump-bin to overwrite a local file. NOTE: https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=d8cfbc808f387e87091c25e7d5b8c2bb348bb206 NOTE: https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=6ca381c1247c81f74e1ca4e7706f70bdda72e6f2 CVE-2023-30629 (Vyper is a Pythonic Smart Contract Language for the ethereum virtual m ...) - TODO: check + NOT-FOR-US: Vyper CVE-2023-30628 (Kiwi TCMS is an open source test management system. In kiwitcms/Kiwi v ...) - TODO: check + NOT-FOR-US: Kiwi TCMS CVE-2023-30627 (jellyfin-web is the web client for Jellyfin, a free-software media sys ...) TODO: check CVE-2023-30626 (Jellyfin is a free-software media system. Versions starting with 10.8. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d898e60533d540c6d76355742b344b5517471ff3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d898e60533d540c6d76355742b344b5517471ff3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 263122bd by Salvatore Bonaccorso at 2023-04-19T14:08:31+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3420,6 +3420,7 @@ CVE-2023-1945 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-1945 CVE-2023-1944 RESERVED + NOT-FOR-US: minikube CVE-2023-1943 RESERVED CVE-2015-10099 (A vulnerability classified as critical has been found in CP Appointmen ...) @@ -9886,6 +9887,7 @@ CVE-2023-22437 RESERVED CVE-2023-1174 RESERVED + NOT-FOR-US: minikube CVE-2023-1173 REJECTED CVE-2023-1172 (The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scr ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/263122bd2117d52f8fc3262d82d394804d567aec -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/263122bd2117d52f8fc3262d82d394804d567aec You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c30545da by Salvatore Bonaccorso at 2023-04-18T11:55:46+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -73,9 +73,9 @@ CVE-2023-2122 CVE-2023-2121 RESERVED CVE-2023-2120 (The Thumbnail carousel slider plugin for WordPress is vulnerable to Re ...) - TODO: check + NOT-FOR-US: Thumbnail carousel slider plugin for WordPress CVE-2023-2119 (The Responsive Filterable Portfolio plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: Responsive Filterable Portfolio plugin for WordPress CVE-2023-2118 RESERVED CVE-2023-2117 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c30545dab6ed7b5158cc695c1aa0c0634eaab230 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c30545dab6ed7b5158cc695c1aa0c0634eaab230 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ee87fd23 by Salvatore Bonaccorso at 2023-04-16T14:51:19+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2,6 +2,7 @@ CVE-2023-30773 RESERVED CVE-2023-30771 RESERVED + NOT-FOR-US: Apache IoTDB CVE-2015-10103 RESERVED CVE-2015-10102 @@ -17140,6 +17141,7 @@ CVE-2016-15023 (A vulnerability, which was classified as problematic, was found NOT-FOR-US: SiteFusion CVE-2023-24831 RESERVED + NOT-FOR-US: Apache IoTDB CVE-2023-24828 (Onedev is a self-hosted Git Server with CI/CD and Kanban. In versions ...) NOT-FOR-US: Onedev CVE-2023-24827 (syft is a a CLI tool and Go library for generating a Software Bill of ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee87fd23e9b5dce9b6a5cc0bda806d300d727447 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee87fd23e9b5dce9b6a5cc0bda806d300d727447 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e78ea0ae by Salvatore Bonaccorso at 2023-03-30T22:18:40+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15687,7 +15687,7 @@ CVE-2023-23679 CVE-2023-23678 RESERVED CVE-2023-23677 (Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix GTmetri ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-23676 RESERVED CVE-2023-23675 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Catc ...) @@ -15701,7 +15701,7 @@ CVE-2023-23672 CVE-2023-23671 RESERVED CVE-2023-23670 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Team ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-23669 RESERVED CVE-2023-23668 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e78ea0ae637009b7fba12fe700dba04996541187 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e78ea0ae637009b7fba12fe700dba04996541187 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b465f724 by Salvatore Bonaccorso at 2023-03-29T22:43:51+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -930,7 +930,7 @@ CVE-2023-1577 CVE-2023-1576 RESERVED CVE-2023-1575 (The Mega Main Menu plugin for WordPress is vulnerable to Stored Cross- ...) - TODO: check + NOT-FOR-US: Mega Main Menu plugin for WordPress CVE-2023-1574 (Information disclosure in the user creation feature of a MSSQL data so ...) NOT-FOR-US: Devolutions CVE-2023-1573 (A vulnerability was found in DataGear up to 1.11.1 and classified as p ...) @@ -1325,7 +1325,7 @@ CVE-2023-1511 CVE-2023-1510 RESERVED CVE-2023-1509 (The GMAce plugin for WordPress is vulnerable to Cross-Site Request For ...) - TODO: check + NOT-FOR-US: GMAce plugin for WordPress CVE-2023-1508 RESERVED CVE-2023-1507 (A vulnerability has been found in SourceCodester E-Commerce System 1.0 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b465f72495c631dafc6686ccbc82c5f15af8bfe8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b465f72495c631dafc6686ccbc82c5f15af8bfe8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 82ae5927 by Salvatore Bonaccorso at 2023-03-25T21:14:46+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5590,7 +5590,7 @@ CVE-2023-27044 CVE-2023-27043 RESERVED CVE-2023-27042 (Tenda AX3 V16.03.12.11 is vulnerable to Buffer Overflow via /goform/Se ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-27041 (School Registration and Fee System v1.0 was discovered to contain a SQ ...) NOT-FOR-US: School Registration and Fee System CVE-2023-27040 (Simple Image Gallery v1.0 was discovered to contain a remote code exec ...) @@ -78835,7 +78835,7 @@ CVE-2022-28497 (TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to CVE-2022-28496 (TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 discovered to contain a ...) NOT-FOR-US: TOTOLINK CVE-2022-28495 (TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contai ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2022-28494 (TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contai ...) NOT-FOR-US: TOTOLINK CVE-2022-28493 (A vulnerability in TOTOLINK CP900 V6.3c.566 allows attackers to start ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82ae59277b469ac65a78cd04b67e4221ff014737 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82ae59277b469ac65a78cd04b67e4221ff014737 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 56efda40 by Salvatore Bonaccorso at 2023-03-16T11:11:06+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -53,9 +53,9 @@ CVE-2023-28463 CVE-2023-28462 RESERVED CVE-2023-28461 (Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow ...) - TODO: check + NOT-FOR-US: Array Networks CVE-2023-28460 (A command injection vulnerability was discovered in Array Networks APV ...) - TODO: check + NOT-FOR-US: Array Networks CVE-2023-28459 RESERVED CVE-2023-28458 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56efda40a38456676fa4d4539630028511284edf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56efda40a38456676fa4d4539630028511284edf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0eccc9a8 by Salvatore Bonaccorso at 2023-03-16T07:46:17+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11386,6 +11386,7 @@ CVE-2023-22315 (Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior use a NOT-FOR-US: Snap One Wattbox WB-300-IP-3 CVE-2023-0456 RESERVED + NOT-FOR-US: Red Hat 3scale API gateway CVE-2023-0455 (Unrestricted Upload of File with Dangerous Type in GitHub repository u ...) NOT-FOR-US: unilogies/bumsys CVE-2023-0454 (OrangeScrum version 2.0.11 allows an authenticated external attacker t ...) @@ -14144,6 +14145,7 @@ CVE-2023-0265 RESERVED CVE-2023-0264 RESERVED + NOT-FOR-US: Keycloak CVE-2023-0263 (The WP Yelp Review Slider WordPress plugin before 7.1 does not properl ...) NOT-FOR-US: WordPress plugin CVE-2023-0262 (The WP Airbnb Review Slider WordPress plugin before 3.3 does not prope ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0eccc9a86c49257e7db04df8af426e43e137c20b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0eccc9a86c49257e7db04df8af426e43e137c20b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b2ce62e2 by Salvatore Bonaccorso at 2023-03-10T21:12:31+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -211,9 +211,9 @@ CVE-2023-1336 CVE-2023-1335 RESERVED CVE-2023-1334 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...) - TODO: check + NOT-FOR-US: RapidLoad Power-Up for Autoptimize plugin for WordPress CVE-2023-1333 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...) - TODO: check + NOT-FOR-US: RapidLoad Power-Up for Autoptimize plugin for WordPress CVE-2023-1332 RESERVED CVE-2023-1331 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2ce62e2f6daf5acd6346211891f8701d2388ee3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2ce62e2f6daf5acd6346211891f8701d2388ee3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 81d882bb by Salvatore Bonaccorso at 2023-03-04T15:12:37+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -67,9 +67,9 @@ CVE-2023-27569 CVE-2023-27568 RESERVED CVE-2023-27567 (In OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf ...) - TODO: check + NOT-FOR-US: OpenBSD CVE-2023-27566 (Cubism Core in Live2D Cubism Editor 4.2.03 allows out-of-bounds write ...) - TODO: check + NOT-FOR-US: Live2D Cubism Editor CVE-2023-27565 RESERVED CVE-2023-27564 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81d882bbc560425c244070416f19ddbb2ce53787 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81d882bbc560425c244070416f19ddbb2ce53787 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cd396fdc by Salvatore Bonaccorso at 2023-03-04T09:56:13+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -878,7 +878,7 @@ CVE-2023-1080 (The GN Publisher plugin for WordPress is vulnerable to Reflected CVE-2023-27291 RESERVED CVE-2023-27290 (Docker based datastores for IBM Instana (IBM Observability with Instan ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-27289 RESERVED CVE-2023-27288 @@ -3154,7 +3154,7 @@ CVE-2023-0970 CVE-2023-0969 RESERVED CVE-2023-0968 (The Watu Quiz plugin for WordPress is vulnerable to Reflected Cross-Si ...) - TODO: check + NOT-FOR-US: Watu Quiz plugin for WordPress CVE-2023-0967 RESERVED CVE-2023-0966 (A vulnerability classified as problematic was found in SourceCodester ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd396fdc918d6e34b3f3d494ad8d6ed54a3f51ca -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd396fdc918d6e34b3f3d494ad8d6ed54a3f51ca You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7e22143f by Salvatore Bonaccorso at 2023-03-02T21:15:07+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -31,7 +31,7 @@ CVE-2023-27522 CVE-2023-23567 RESERVED CVE-2023-1155 (The Cost Calculator plugin for WordPress is vulnerable to Stored Cross ...) - TODO: check + NOT-FOR-US: Cost Calculator plugin for WordPress CVE-2023-1154 RESERVED CVE-2023-1153 @@ -13770,7 +13770,7 @@ CVE-2023-0087 (The Swifty Page Manager plugin for WordPress is vulnerable to Sto CVE-2023-0086 (The JetWidgets for Elementor plugin for WordPress is vulnerable to Cro ...) NOT-FOR-US: JetWidgets for Elementor plugin for WordPress CVE-2023-0085 (The Metform Elementor Contact Form Builder plugin for WordPress is vul ...) - TODO: check + NOT-FOR-US: Metform Elementor Contact Form Builder plugin for WordPress CVE-2023-0084 RESERVED CVE-2023-0083 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e22143f33b2a3e8e2b0624198447bc60dae8a90 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e22143f33b2a3e8e2b0624198447bc60dae8a90 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2ebe468c by Salvatore Bonaccorso at 2023-03-02T09:37:14+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -236060,7 +236060,7 @@ CVE-2020-5028 CVE-2020-5027 RESERVED CVE-2020-5026 (IBM Financial Transaction Manager for Digital Payments for Multi-Platf ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-5025 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2020-5024 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) @@ -236110,7 +236110,7 @@ CVE-2020-5003 (IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML E CVE-2020-5002 RESERVED CVE-2020-5001 (IBM Financial Transaction Manager 3.2.0 through 3.2.7 could allow a re ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-5000 (IBM Financial Transaction Manager 3.2.0 through 3.2.8 is vulnerable to ...) NOT-FOR-US: IBM CVE-2020-4999 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ebe468cc76597a84d4a9445d4f4cef059572221 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ebe468cc76597a84d4a9445d4f4cef059572221 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5b4ad49c by Salvatore Bonaccorso at 2023-03-02T07:07:13+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -23082,6 +23082,7 @@ CVE-2022-4138 (A Cross Site Request Forgery issue has been discovered in GitLab - gitlab CVE-2022-4137 RESERVED + NOT-FOR-US: Keycloak CVE-2022-45873 (systemd 250 and 251 allows local users to achieve a systemd-coredump d ...) - systemd 252-1 [bullseye] - systemd (Vulnerable code introduced later) @@ -56304,6 +56305,7 @@ CVE-2022-2238 (A vulnerability was found in the search-api container in Red Hat NOT-FOR-US: Red Hat Advanced Cluster Management for Kubernetes 2 / Stolostron CVE-2022-2237 RESERVED + NOT-FOR-US: Keycloak CVE-2022-2236 RESERVED CVE-2022-2235 (Insufficient sanitization in GitLab EE's external issue tracker affect ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b4ad49c91f218f6cd122fd506eb7a3ab7331291 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b4ad49c91f218f6cd122fd506eb7a3ab7331291 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a318bda1 by Salvatore Bonaccorso at 2023-02-25T10:58:40+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,9 +1,9 @@ CVE-2023-1031 RESERVED CVE-2023-1030 (A vulnerability has been found in SourceCodester Online Boat Reservati ...) - TODO: check + NOT-FOR-US: SourceCodester Online BoatReservation System CVE-2023-1029 (The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Reque ...) - TODO: check + NOT-FOR-US: WP Meta SEO plugin for WordPress CVE-2023-1028 RESERVED CVE-2023-1027 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a318bda114529ce675fd1fd1f5b28645fe2b79d1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a318bda114529ce675fd1fd1f5b28645fe2b79d1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a9551e63 by Salvatore Bonaccorso at 2023-02-24T09:37:16+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -431,7 +431,7 @@ CVE-2023-26328 CVE-2023-26327 RESERVED CVE-2023-26326 (The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affec ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-26325 (The 'rx_export_review' action in the ReviewX WordPress Plugin version ...) TODO: check CVE-2023-26324 @@ -6448,7 +6448,7 @@ CVE-2023-24214 CVE-2023-24213 RESERVED CVE-2023-24212 (Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-24211 RESERVED CVE-2023-24210 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9551e63f55757560b1d8d705bfe5236be796353 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9551e63f55757560b1d8d705bfe5236be796353 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bf8e04c7 by Salvatore Bonaccorso at 2023-02-20T10:19:37+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -91,9 +91,9 @@ CVE-2023-26057 CVE-2023-0920 RESERVED CVE-2022-48329 (MISP before 2.4.166 unsafely allows users to use the order parameter, ...) - TODO: check + NOT-FOR-US: MISP CVE-2022-48328 (app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.1 ...) - TODO: check + NOT-FOR-US: MISP CVE-2021-4325 RESERVED CVE-2017-20179 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf8e04c756c1b1760335bd1a3ebd3efd6218 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf8e04c756c1b1760335bd1a3ebd3efd6218 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c34bb48f by Salvatore Bonaccorso at 2023-02-07T21:46:34+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8211,7 +8211,7 @@ CVE-2023-22645 CVE-2023-22644 RESERVED CVE-2023-22643 (An Improper Neutralization of Special Elements used in an OS Command ( ...) - TODO: check + NOT-FOR-US: SAP CVE-2023-22642 RESERVED CVE-2023-22641 @@ -60455,7 +60455,7 @@ CVE-2022-31256 (A Improper Link Resolution Before File Access ('Link Following') CVE-2022-31255 (An Improper Limitation of a Pathname to a Restricted Directory ('Path ...) NOT-FOR-US: Uyuni CVE-2022-31254 (A Incorrect Default Permissions vulnerability in rmt-server-regsharing ...) - TODO: check + NOT-FOR-US: SAP CVE-2022-31253 (A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory ...) TODO: check CVE-2022-31252 (A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enter ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c34bb48f21a8c254a1598b3c6167c3ee3bea4e6b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c34bb48f21a8c254a1598b3c6167c3ee3bea4e6b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c5fc4428 by Salvatore Bonaccorso at 2023-02-06T21:35:47+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3144,7 +3144,7 @@ CVE-2023-24278 CVE-2023-24277 RESERVED CVE-2023-24276 (TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a co ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2023-24275 RESERVED CVE-2023-24274 @@ -39718,7 +39718,7 @@ CVE-2022-2935 (The Image Hover Effects Ultimate plugin for WordPress is vulnerab CVE-2022-2934 (The Beaver Builder WordPress Page Builder for WordPress is vul ...) NOT-FOR-US: WordPress Page Builder CVE-2022-2933 (The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Req ...) - TODO: check + NOT-FOR-US: 0mk Shortener plugin for WordPress CVE-2022-2932 (Cross-site Scripting (XSS) - Reflected in GitHub repository bustle/mob ...) NOT-FOR-US: Mobiledoc Kit CVE-2022-2931 (A potential DOS vulnerability was discovered in GitLab CE/EE affecting ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5fc4428de2ffc4a2bf1119d94d0300e03cc1bf9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5fc4428de2ffc4a2bf1119d94d0300e03cc1bf9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a7a0cead by Salvatore Bonaccorso at 2023-02-01T09:21:27+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -361,7 +361,7 @@ CVE-2023-24833 CVE-2023-24832 RESERVED CVE-2023-0587 (A file upload vulnerability in exists in Trend Micro Apex One server b ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2023-0586 RESERVED CVE-2023-0585 @@ -18446,7 +18446,7 @@ CVE-2022-45104 CVE-2022-45103 (Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Ena ...) NOT-FOR-US: Dell CVE-2022-45102 (Dell EMC Data Protection Central, versions 19.1 through 19.7, contains ...) - TODO: check + NOT-FOR-US: EMC CVE-2022-45101 (Dell PowerScale OneFS 9.0.0.x - 9.4.0.x, contains an Improper Handling ...) TODO: check CVE-2022-45100 (Dell PowerScale OneFS, versions 8.2.x-9.3.x, contains an Improper Cert ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7a0cead354f0993dcba27b699c629db1e53f102 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7a0cead354f0993dcba27b699c629db1e53f102 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e6a2479b by Salvatore Bonaccorso at 2023-01-28T21:16:08+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,9 +1,9 @@ CVE-2023-0562 RESERVED CVE-2023-0561 (A vulnerability, which was classified as critical, was found in Source ...) - TODO: check + NOT-FOR-US: SourceCodester Online Tours & Travels Management System CVE-2023-0560 (A vulnerability, which was classified as critical, has been found in S ...) - TODO: check + NOT-FOR-US: SourceCodester Online Tours & Travels Management System CVE-2016-15022 RESERVED CVE-2009-10003 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6a2479bdb964996c96f9b0e21e2e74d2f3c9d22 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6a2479bdb964996c96f9b0e21e2e74d2f3c9d22 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9aae9976 by Salvatore Bonaccorso at 2023-01-26T18:25:39+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2417,9 +2417,9 @@ CVE-2023-23615 CVE-2023-23614 RESERVED CVE-2023-23613 (OpenSearch is an open source distributed and RESTful search engine. In ...) - TODO: check + NOT-FOR-US: OpenSearch CVE-2023-23612 (OpenSearch is an open source distributed and RESTful search engine. Op ...) - TODO: check + NOT-FOR-US: OpenSearch CVE-2023-23611 (LTI Consumer XBlock implements the consumer side of the LTI specificat ...) NOT-FOR-US: LTI CVE-2023-23610 (GLPI is a Free Asset and IT Management Software package. Versions prio ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9aae9976786b251a91cb703f07131d1601342387 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9aae9976786b251a91cb703f07131d1601342387 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8920c8cc by Salvatore Bonaccorso at 2023-01-26T07:49:30+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5135,6 +5135,7 @@ CVE-2023-22737 RESERVED CVE-2023-22736 RESERVED + NOT-FOR-US: Argo CD CVE-2023-22735 RESERVED CVE-2023-22734 (Shopware is an open source commerce platform based on Symfony Framewor ...) @@ -6133,7 +6134,7 @@ CVE-2023-22484 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and re CVE-2023-22483 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...) TODO: check CVE-2023-22482 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) - TODO: check + NOT-FOR-US: Argo CD CVE-2023-22481 RESERVED CVE-2023-22480 (KubeOperator is an open source Kubernetes distribution focused on help ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8920c8cce59ec01ba78ecaecf9ff3174f904c63a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8920c8cce59ec01ba78ecaecf9ff3174f904c63a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2f69c501 by Salvatore Bonaccorso at 2023-01-09T21:17:35+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -41388,7 +41388,7 @@ CVE-2022-35283 (IBM Security Verify Information Queue 10.0.2 could allow an auth CVE-2022-35282 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) NOT-FOR-US: IBM CVE-2022-35281 (IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maxi ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-35280 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not req ...) NOT-FOR-US: IBM CVE-2022-35279 ("IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0 ...) @@ -80393,7 +80393,7 @@ CVE-2022-22472 (IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 t CVE-2022-22471 RESERVED CVE-2022-22470 (IBM Security Verify Governance 10.0 stores user credentials in plain c ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-22469 RESERVED CVE-2022-22468 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f69c501cbce691c3b53126a9135a531a2546c2b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f69c501cbce691c3b53126a9135a531a2546c2b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f09028b9 by Salvatore Bonaccorso at 2023-01-02T10:30:38+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -71,7 +71,7 @@ CVE-2022-4869 CVE-2022-48199 RESERVED CVE-2021-4297 (A vulnerability has been found in trampgeek jobe up to 1.6.4 and class ...) - TODO: check + NOT-FOR-US: trampgeek jobe CVE-2018-25063 (A vulnerability classified as problematic was found in Zenoss Dashboar ...) NOT-FOR-US: Zenoss Dashboard CVE-2018-25062 (A vulnerability classified as problematic has been found in flar2 Elem ...) @@ -81,7 +81,7 @@ CVE-2015-10006 (A vulnerability, which was classified as problematic, has been f CVE-2014-125030 (A vulnerability, which was classified as critical, has been found in t ...) NOT-FOR-US: taoeffect Empress CVE-2013-10006 (A vulnerability classified as problematic was found in Ziftr primecoin ...) - TODO: check + NOT-FOR-US: Ziftr primecoin CVE-2010-10002 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problema ...) TODO: check CVE-2023-22550 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f09028b9a5a9331c5a4d3c2022828ec1828ee2d7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f09028b9a5a9331c5a4d3c2022828ec1828ee2d7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a99f561e by Salvatore Bonaccorso at 2023-01-01T10:23:36+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -105,13 +105,13 @@ CVE-2022-48198 (The ntpd_driver component before 1.3.0 and 2.x before 2.2.0 for CVE-2022-48197 RESERVED CVE-2018-25061 (A vulnerability was found in rgb2hex up to 0.1.5. It has been rated as ...) - TODO: check + NOT-FOR-US: rgb2hex CVE-2017-20160 (A vulnerability was found in flitto express-param up to 0.x. It has be ...) TODO: check CVE-2014-125029 RESERVED CVE-2014-125028 (A vulnerability was found in valtech IDP Test Client and classified as ...) - TODO: check + NOT-FOR-US: valtech IDP Test Client CVE-2022-4868 (Improper Authorization in GitHub repository froxlor/froxlor prior to 2 ...) - froxlor (bug #581792) CVE-2022-4867 (Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a99f561e44156f7ccc70e3241203d31fe56b556e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a99f561e44156f7ccc70e3241203d31fe56b556e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a914286f by Salvatore Bonaccorso at 2022-12-23T12:34:04+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11,7 +11,7 @@ CVE-2022-47930 CVE-2022-47929 RESERVED CVE-2022-47928 (In MISP before 2.4.167, there is XSS in the template file uploads in a ...) - TODO: check + NOT-FOR-US: MISP CVE-2022-47927 RESERVED CVE-2022-47914 @@ -43907,7 +43907,7 @@ CVE-2022-33326 (Multiple command injection vulnerabilities exist in the web_serv CVE-2022-33325 (Multiple command injection vulnerabilities exist in the web_server aja ...) NOT-FOR-US: Robustel R1510 CVE-2022-33324 (Improper Resource Shutdown or Release vulnerability in Mitsubishi Elec ...) - TODO: check + NOT-FOR-US: Mitsubishi CVE-2022-33323 RESERVED CVE-2022-33322 (Cross-site scripting vulnerability in Mitsubishi Electric consumer ele ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a914286fb15befc8967efda3532621fc2095cb4f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a914286fb15befc8967efda3532621fc2095cb4f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3551f0f3 by Salvatore Bonaccorso at 2022-12-16T21:15:01+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21,7 +21,7 @@ CVE-2022-4557 CVE-2022-4556 (A vulnerability was found in Alinto SOGo up to 5.7.1 and classified as ...) TODO: check CVE-2022-4555 (The WP Shamsi plugin for WordPress is vulnerable to authorization bypa ...) - TODO: check + NOT-FOR-US: WP Shamsi plugin for WordPress CVE-2022-4554 RESERVED CVE-2022-4553 @@ -4400,7 +4400,7 @@ CVE-2022-46111 CVE-2022-46110 RESERVED CVE-2022-46109 (Tenda AC15 V15.03.06.23 is vulnerable to Buffer Overflow via function ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-46108 RESERVED CVE-2022-46107 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3551f0f34e030f4097106e792a77612f285db3ed -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3551f0f34e030f4097106e792a77612f285db3ed You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1ffd0da3 by Salvatore Bonaccorso at 2022-12-06T21:17:47+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10564,7 +10564,7 @@ CVE-2022-43869 CVE-2022-43868 RESERVED CVE-2022-43867 (IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacke ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-43866 RESERVED CVE-2022-43865 @@ -36168,7 +36168,7 @@ CVE-2022-2191 (In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11. CVE-2022-34362 RESERVED CVE-2022-34361 (IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographi ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-34360 RESERVED CVE-2022-34359 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ffd0da3c68389246adbf292f54d1bcf6061ff31 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ffd0da3c68389246adbf292f54d1bcf6061ff31 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ebfb10f3 by Salvatore Bonaccorso at 2022-12-05T10:18:26+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10472,9 +10472,9 @@ CVE-2022-43487 (Cross-site scripting vulnerability in Salon booking system versi CVE-2022-43484 (TERASOLUNA Global Framework 1.0.0 (Public review version) and TERASOLU ...) TODO: check CVE-2022-43470 (Cross-site request forgery (CSRF) vulnerability in +F FS040U software ...) - TODO: check + NOT-FOR-US: +F software CVE-2022-43442 (Plaintext storage of a password vulnerability exists in +F FS040U soft ...) - TODO: check + NOT-FOR-US: +F software CVE-2022-42486 RESERVED CVE-2022-41994 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebfb10f32c45cac6dd66bafd5badc5a9746184de -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebfb10f32c45cac6dd66bafd5badc5a9746184de You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4be48834 by Salvatore Bonaccorso at 2022-12-04T21:16:22+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -32051,9 +32051,9 @@ CVE-2022-35510 CVE-2022-35509 (An issue was discovered in EyouCMS 1.5.8. There is a Storage XSS vulne ...) NOT-FOR-US: Eyoucms CVE-2022-35508 (Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are v ...) - TODO: check + NOT-FOR-US: Proxmox CVE-2022-35507 (A response-header CRLF injection vulnerability in the Proxmox Virtual ...) - TODO: check + NOT-FOR-US: Proxmox CVE-2022-35506 (TripleCross v0.1.0 was discovered to contain a stack overflow which oc ...) NOT-FOR-US: TripleCross CVE-2022-35505 (A segmentation fault in TripleCross v0.1.0 occurs when sending a contr ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4be48834d3721ecd1a4925081aca2730af5489b7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4be48834d3721ecd1a4925081aca2730af5489b7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: baf8b8f4 by Salvatore Bonaccorso at 2022-11-26T09:17:18+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3113,9 +3113,9 @@ CVE-2022-44846 CVE-2022-44845 RESERVED CVE-2022-44844 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2022-44843 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2022-44842 RESERVED CVE-2022-44841 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/baf8b8f4596e48b6dc5728a38ddbc2a3499cb22d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/baf8b8f4596e48b6dc5728a38ddbc2a3499cb22d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: eb8083b2 by Salvatore Bonaccorso at 2022-11-22T21:19:10+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3037,7 +3037,7 @@ CVE-2022-44739 CVE-2022-44738 RESERVED CVE-2022-44737 (Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Secu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-44736 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cham ...) NOT-FOR-US: WordPress plugin CVE-2022-44735 @@ -17344,7 +17344,7 @@ CVE-2022-40230 ("IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not CVE-2022-40229 RESERVED CVE-2022-40228 (IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0 ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-40227 (A vulnerability has been identified in SIMATIC HMI Comfort Panels (inc ...) NOT-FOR-US: Siemens CVE-2022-40226 (A vulnerability has been identified in SICAM P850 (All versions V ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb8083b2bda17692452143ce239b40488261e8d3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb8083b2bda17692452143ce239b40488261e8d3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 77e9353c by Salvatore Bonaccorso at 2022-11-17T21:16:35+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15199,7 +15199,7 @@ CVE-2022-40753 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-si CVE-2022-40752 (IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vul ...) NOT-FOR-US: IBM CVE-2022-40751 (IBM UrbanCode Deploy (UCD) 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7 ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-40750 (IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-s ...) NOT-FOR-US: IBM CVE-2022-40749 @@ -21466,7 +21466,7 @@ CVE-2022-2871 (Cross-site Scripting (XSS) - Stored in GitHub repository notrinos CVE-2022-38391 RESERVED CVE-2022-38390 (Multiple IBM Business Automation Workflow versions are vulnerable to c ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-38389 RESERVED CVE-2022-38388 (IBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow a loc ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77e9353cee48c6a452986a96c702678d2832551e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77e9353cee48c6a452986a96c702678d2832551e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2fb292f6 by Salvatore Bonaccorso at 2022-11-16T09:30:49+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15046,7 +15046,7 @@ CVE-2022-3234 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to CVE-2022-40754 (In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in t ...) - airflow (bug #819700) CVE-2022-40753 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-40752 RESERVED CVE-2022-40751 @@ -21315,7 +21315,7 @@ CVE-2022-38387 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 coul CVE-2022-38386 RESERVED CVE-2022-38385 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allo ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-38384 RESERVED CVE-2022-38383 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fb292f63e905f933aaa88bc4a5535dd5577471e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fb292f63e905f933aaa88bc4a5535dd5577471e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits