[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Apr 13 21:10:30 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a59b672c by security tracker role at 2021-04-13T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2021-3496
+ RESERVED
+CVE-2021-30641
+ RESERVED
+CVE-2021-30640
+ RESERVED
+CVE-2021-30639
+ RESERVED
+CVE-2020-36321
+ RESERVED
+CVE-2020-36320
+ RESERVED
+CVE-2020-36319
+ RESERVED
+CVE-2019-25028
+ RESERVED
+CVE-2019-25027
+ RESERVED
+CVE-2018-25007
+ RESERVED
+CVE-2017-20003
+ RESERVED
CVE-2021-30638
RESERVED
CVE-2021-30637 (htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Descript ...)
@@ -1008,10 +1030,10 @@ CVE-2021-30178 (An issue was discovered in the Linux kernel through 5.11.11. syn
NOTE: https://git.kernel.org/linus/919f4ebc598701670e80e31573a58f1f2d2bf918
CVE-2021-30177 (There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User R ...)
NOT-FOR-US: PHP-Nuke
-CVE-2021-30176
- RESERVED
-CVE-2021-30175
- RESERVED
+CVE-2021-30176 (The ZEROF Expert pro/2.0 application for mobile devices allows SQL Inj ...)
+ TODO: check
+CVE-2021-30175 (ZEROF Web Server 1.0 (April 2021) allows SQL Injection via the /Handle ...)
+ TODO: check
CVE-2021-30174
RESERVED
CVE-2021-30173
@@ -1441,12 +1463,12 @@ CVE-2021-30001
RESERVED
CVE-2021-30000 (An issue was discovered in LATRIX 0.6.0. SQL injection in the txtacces ...)
NOT-FOR-US: LATRIX
-CVE-2021-29999
- RESERVED
-CVE-2021-29998
- RESERVED
-CVE-2021-29997
- RESERVED
+CVE-2021-29999 (An issue was discovered in Wind River VxWorks through 6.8. There is a ...)
+ TODO: check
+CVE-2021-29998 (An issue was discovered in Wind River VxWorks before 6.5. There is a p ...)
+ TODO: check
+CVE-2021-29997 (XML External Entity Resolution (XXE) in Helix ALM. The XML Import func ...)
+ TODO: check
CVE-2021-29996 (Mark Text through 0.16.3 allows attackers arbitrary command execution. ...)
NOT-FOR-US: marktext
CVE-2021-29995
@@ -2664,14 +2686,14 @@ CVE-2021-29440
RESERVED
CVE-2021-29439
RESERVED
-CVE-2021-29438
- RESERVED
-CVE-2021-29437
- RESERVED
-CVE-2021-29436
- RESERVED
-CVE-2021-29435
- RESERVED
+CVE-2021-29438 (The Nextcloud dialogs library (npm package @nextcloud/dialogs) before ...)
+ TODO: check
+CVE-2021-29437 (ScratchOAuth2 is an Oauth implementation for Scratch. Any ScratchOAuth ...)
+ TODO: check
+CVE-2021-29436 (Anuko Time Tracker is an open source, web-based time tracking applicat ...)
+ TODO: check
+CVE-2021-29435 (trestle-auth is an authentication plugin for the Trestle admin framewo ...)
+ TODO: check
CVE-2021-29434
RESERVED
CVE-2021-29433
@@ -2684,10 +2706,10 @@ CVE-2021-29430
RESERVED
CVE-2021-29429 (In Gradle before version 7.0, files created with open permissions in t ...)
TODO: check
-CVE-2021-29428
- RESERVED
-CVE-2021-29427
- RESERVED
+CVE-2021-29428 (In Gradle before version 7.0, on Unix-like systems, the system tempora ...)
+ TODO: check
+CVE-2021-29427 (In Gradle from version 5.1 and before version 7.0 there is a vulnerabi ...)
+ TODO: check
CVE-2021-29426
RESERVED
CVE-2021-29425 (In Apache Commons IO before 2.7, When invoking the method FileNameUtil ...)
@@ -3717,8 +3739,8 @@ CVE-2021-28975
RESERVED
CVE-2021-28974
RESERVED
-CVE-2021-28973
- RESERVED
+CVE-2021-28973 (The XML Import functionality of the Administration console in Perforce ...)
+ TODO: check
CVE-2021-28970 (eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500 devices ...)
NOT-FOR-US: Central Management of FireEye EX 3500 devices
CVE-2021-28969 (eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticat ...)
@@ -4480,12 +4502,12 @@ CVE-2021-28649
RESERVED
CVE-2021-28648
RESERVED
-CVE-2021-28647
- RESERVED
-CVE-2021-28646
- RESERVED
-CVE-2021-28645
- RESERVED
+CVE-2021-28647 (Trend Micro Password Manager version 5 (Consumer) is vulnerable to a D ...)
+ TODO: check
+CVE-2021-28646 (An insecure file permissions vulnerability in Trend Micro Apex One, Ap ...)
+ TODO: check
+CVE-2021-28645 (An incorrect permission assignment vulnerability in Trend Micro Apex O ...)
+ TODO: check
CVE-2017-20002 (The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists ...)
{DLA-2596-1}
- shadow 1:4.5-1 (bug #914957)
@@ -4955,8 +4977,8 @@ CVE-2021-28423
RESERVED
CVE-2021-28422
RESERVED
-CVE-2021-28421
- RESERVED
+CVE-2021-28421 (FluidSynth 2.1.7 contains a use after free vulnerability in sfloader/f ...)
+ TODO: check
CVE-2021-28420 (A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote at ...)
NOT-FOR-US: Seo Panel
CVE-2021-28419 (The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnera ...)
@@ -6892,30 +6914,30 @@ CVE-2021-27611
RESERVED
CVE-2021-27610
RESERVED
-CVE-2021-27609
- RESERVED
+CVE-2021-27609 (SAP Focused RUN versions 200, 300, does not perform necessary authoriz ...)
+ TODO: check
CVE-2021-27608
RESERVED
CVE-2021-27607
RESERVED
CVE-2021-27606
RESERVED
-CVE-2021-27605
- RESERVED
+CVE-2021-27605 (SAP's HCM Travel Management Fiori Apps V2, version - 608, does not per ...)
+ TODO: check
CVE-2021-27604
RESERVED
-CVE-2021-27603
- RESERVED
-CVE-2021-27602
- RESERVED
-CVE-2021-27601
- RESERVED
-CVE-2021-27600
- RESERVED
+CVE-2021-27603 (An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABA ...)
+ TODO: check
+CVE-2021-27602 (SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice appl ...)
+ TODO: check
+CVE-2021-27601 (SAP NetWeaver AS Java (Applications based on HTMLB for Java) allows a ...)
+ TODO: check
+CVE-2021-27600 (SAP Manufacturing Execution (System Rules), versions - 15.1, 15.2, 15. ...)
+ TODO: check
CVE-2021-27599
RESERVED
-CVE-2021-27598
- RESERVED
+CVE-2021-27598 (SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions ...)
+ TODO: check
CVE-2021-27597
RESERVED
CVE-2021-27596 (When a user opens manipulated Autodesk 3D Studio for MS-DOS (.3DS) fil ...)
@@ -12686,14 +12708,14 @@ CVE-2021-25255
RESERVED
CVE-2021-25254
RESERVED
-CVE-2021-25253
- RESERVED
+CVE-2021-25253 (An improper access control vulnerability in Trend Micro Apex One, Tren ...)
+ TODO: check
CVE-2021-25252 (Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine ( ...)
NOT-FOR-US: Trend Micro
CVE-2021-25251 (The Trend Micro Security 2020 and 2021 families of consumer products a ...)
NOT-FOR-US: Trend Micro
-CVE-2021-25250
- RESERVED
+CVE-2021-25250 (An improper access control vulnerability in Trend Micro Apex One, Tren ...)
+ TODO: check
CVE-2021-25249 (An out-of-bounds write information disclosure vulnerability in Trend M ...)
NOT-FOR-US: Trend Micro
CVE-2021-25248 (An out-of-bounds read information disclosure vulnerability in Trend Mi ...)
@@ -16736,8 +16758,8 @@ CVE-2021-23374
RESERVED
CVE-2021-23373
RESERVED
-CVE-2021-23372
- RESERVED
+CVE-2021-23372 (All versions of package mongo-express are vulnerable to Denial of Serv ...)
+ TODO: check
CVE-2021-23371 (This affects the package chrono-node before 2.2.4. It hangs on a date- ...)
NOT-FOR-US: Node chrono-node
CVE-2021-23370 (This affects the package swiper before 6.5.1. ...)
@@ -16959,18 +16981,18 @@ CVE-2021-23283
RESERVED
CVE-2021-23282
RESERVED
-CVE-2021-23281
- RESERVED
-CVE-2021-23280
- RESERVED
-CVE-2021-23279
- RESERVED
-CVE-2021-23278
- RESERVED
-CVE-2021-23277
- RESERVED
-CVE-2021-23276
- RESERVED
+CVE-2021-23281 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to u ...)
+ TODO: check
+CVE-2021-23280 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to a ...)
+ TODO: check
+CVE-2021-23279 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to u ...)
+ TODO: check
+CVE-2021-23278 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to a ...)
+ TODO: check
+CVE-2021-23277 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to u ...)
+ TODO: check
+CVE-2021-23276 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to a ...)
+ TODO: check
CVE-2021-23275
RESERVED
CVE-2021-23274 (The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Ga ...)
@@ -18080,16 +18102,16 @@ CVE-2021-22722
RESERVED
CVE-2021-22721
RESERVED
-CVE-2021-22720
- RESERVED
-CVE-2021-22719
- RESERVED
-CVE-2021-22718
- RESERVED
-CVE-2021-22717
- RESERVED
-CVE-2021-22716
- RESERVED
+CVE-2021-22720 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ TODO: check
+CVE-2021-22719 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ TODO: check
+CVE-2021-22718 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ TODO: check
+CVE-2021-22717 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ TODO: check
+CVE-2021-22716 (A CWE-269: Improper Privilege Management vulnerability exists in C-Bus ...)
+ TODO: check
CVE-2021-22715
RESERVED
CVE-2021-22714 (A CWE-119:Improper restriction of operations within the bounds of a me ...)
@@ -18664,8 +18686,8 @@ CVE-2021-22507 (Authentication bypass vulnerability in Micro Focus Operations Br
NOT-FOR-US: Micro Focus
CVE-2021-22506 (Advance configuration exposing Information Leakage vulnerability in Mi ...)
NOT-FOR-US: Micro Focus
-CVE-2021-22505
- RESERVED
+CVE-2021-22505 (Escalation of privileges vulnerability in Micro Focus Operations Agent ...)
+ TODO: check
CVE-2021-22504 (Arbitrary code execution vulnerability on Micro Focus Operations Bridg ...)
NOT-FOR-US: Micro Focus
CVE-2021-22503
@@ -20163,8 +20185,8 @@ CVE-2021-21786
RESERVED
CVE-2021-21785
RESERVED
-CVE-2021-21784
- RESERVED
+CVE-2021-21784 (An out-of-bounds write vulnerability exists in the JPG format SOF mark ...)
+ TODO: check
CVE-2021-21783 (A code execution vulnerability exists in the WS-Addressing plugin func ...)
- gsoap <unfixed>
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1245
@@ -20272,12 +20294,12 @@ CVE-2021-21733
RESERVED
CVE-2021-21732
RESERVED
-CVE-2021-21731
- RESERVED
-CVE-2021-21730
- RESERVED
-CVE-2021-21729
- RESERVED
+CVE-2021-21731 (A CSRF vulnerability exists in the management page of a ZTE product.Th ...)
+ TODO: check
+CVE-2021-21730 (A ZTE product is impacted by improper access control vulnerability. Th ...)
+ TODO: check
+CVE-2021-21729 (Some ZTE products have CSRF vulnerability. Because some pages lack CSR ...)
+ TODO: check
CVE-2021-21728 (A ZTE product has a configuration error vulnerability. Because a certa ...)
NOT-FOR-US: ZTE
CVE-2021-21727 (A ZTE product has a DoS vulnerability. A remote attacker can amplify t ...)
@@ -21470,8 +21492,8 @@ CVE-2018-25001 (An issue was discovered in the libpulse-binding crate before 2.5
NOT-FOR-US: libpulse-binding rust crate
CVE-2021-21493 (When a user opens manipulated Graphics Interchange Format (.GIF) forma ...)
NOT-FOR-US: SAP
-CVE-2021-21492
- RESERVED
+CVE-2021-21492 (SAP NetWeaver Application Server Java(HTTP Service), versions - 7.10, ...)
+ TODO: check
CVE-2021-21491 (SAP Netweaver Application Server Java (Applications based on WebDynpro ...)
NOT-FOR-US: SAP
CVE-2021-21490
@@ -21484,14 +21506,14 @@ CVE-2021-21487 (SAP Payment Engine version 500, does not perform necessary autho
NOT-FOR-US: SAP
CVE-2021-21486 (SAP Enterprise Financial Services versions, 101, 102, 103, 104, 105, 6 ...)
NOT-FOR-US: SAP
-CVE-2021-21485
- RESERVED
+CVE-2021-21485 (An unauthorized attacker may be able to entice an administrator to inv ...)
+ TODO: check
CVE-2021-21484 (LDAP authentication in SAP HANA Database version 2.0 can be bypassed i ...)
NOT-FOR-US: SAP
-CVE-2021-21483
- RESERVED
-CVE-2021-21482
- RESERVED
+CVE-2021-21483 (Under certain conditions SAP Solution Manager, version - 720, allows a ...)
+ TODO: check
+CVE-2021-21482 (SAP NetWeaver Master Data Management, versions - 710, 710.750, allows ...)
+ TODO: check
CVE-2021-21481 (The MigrationService, which is part of SAP NetWeaver versions 7.10, 7. ...)
NOT-FOR-US: SAP
CVE-2021-21480 (SAP MII allows users to create dashboards and save them as JSP through ...)
@@ -22215,8 +22237,8 @@ CVE-2021-21401 (Nanopb is a small code-size Protocol Buffers implementation in a
NOTE: https://github.com/nanopb/nanopb/commit/e2f0ccf939d9f82931d085acb6df8e9a182a4261
CVE-2021-21400 (wire-webapp is an open-source front end for Wire, a secure collaborati ...)
NOT-FOR-US: wire-webapp
-CVE-2021-21399
- RESERVED
+CVE-2021-21399 (Ampache is a web based audio/video streaming application and file mana ...)
+ TODO: check
CVE-2021-21398 (PrestaShop is a fully scalable open source e-commerce solution. In Pre ...)
NOT-FOR-US: PrestaShop
CVE-2021-21397
@@ -31606,11 +31628,11 @@ CVE-2021-1407 (Multiple vulnerabilities in the web-based management interface of
NOT-FOR-US: Cisco
CVE-2021-1406 (A vulnerability in Cisco Unified Communications Manager (Unified CM) a ...)
NOT-FOR-US: Cisco
-CVE-2021-1405 (A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) S ...)
+CVE-2021-1405 (A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) ...)
- clamav 0.103.2+dfsg-1 (bug #986622; bug #986790)
[buster] - clamav <no-dsa> (clamav is updated via -updates)
NOTE: https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html
-CVE-2021-1404 (A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) ...)
+CVE-2021-1404 (A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) S ...)
- clamav 0.103.2+dfsg-1 (bug #986622; bug #986790)
[buster] - clamav <not-affected> (Affects only 0.103.0 and 0.103.1)
[stretch] - clamav <not-affected> (Affects only 0.103.0 and 0.103.1)
@@ -32289,8 +32311,8 @@ CVE-2020-28591 (An out-of-bounds read vulnerability exists in the AMF File AMFPa
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1215
NOTE: https://github.com/slic3r/Slic3r/issues/5061
NOTE: https://github.com/slic3r/Slic3r/pull/5063
-CVE-2020-28590
- RESERVED
+CVE-2020-28590 (An out-of-bounds read vulnerability exists in the Obj File TriangleMes ...)
+ TODO: check
CVE-2020-28589
RESERVED
CVE-2020-28588 [lib/syscall: fix syscall registers retrieval on 32-bit platforms]
@@ -34218,14 +34240,14 @@ CVE-2021-0473
RESERVED
CVE-2021-0472
RESERVED
-CVE-2021-0471
- RESERVED
+CVE-2021-0471 (In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds ...)
+ TODO: check
CVE-2021-0470
RESERVED
CVE-2021-0469
RESERVED
-CVE-2021-0468
- RESERVED
+CVE-2021-0468 (In LK, there is a possible escalation of privilege due to an insecure ...)
+ TODO: check
CVE-2021-0467
RESERVED
CVE-2021-0466
@@ -34270,48 +34292,48 @@ CVE-2021-0447
RESERVED
- linux 4.15.4-1
[stretch] - linux 4.9.228-1
-CVE-2021-0446
- RESERVED
-CVE-2021-0445
- RESERVED
-CVE-2021-0444
- RESERVED
-CVE-2021-0443
- RESERVED
-CVE-2021-0442
- RESERVED
+CVE-2021-0446 (In ImportVCardActivity, there is a possible way to bypass user consent ...)
+ TODO: check
+CVE-2021-0445 (In start of WelcomeActivity.java, there is a possible residual profile ...)
+ TODO: check
+CVE-2021-0444 (In onActivityResult of QuickContactActivity.java, there is an unnecess ...)
+ TODO: check
+CVE-2021-0443 (In several functions of ScreenshotHelper.java and related files, there ...)
+ TODO: check
+CVE-2021-0442 (In updateInfo of android_hardware_input_InputApplicationHandle.cpp, th ...)
+ TODO: check
CVE-2021-0441
RESERVED
CVE-2021-0440
RESERVED
-CVE-2021-0439
- RESERVED
-CVE-2021-0438
- RESERVED
-CVE-2021-0437
- RESERVED
-CVE-2021-0436
- RESERVED
-CVE-2021-0435
- RESERVED
+CVE-2021-0439 (In setPowerModeWithHandle of com_android_server_power_PowerManagerServ ...)
+ TODO: check
+CVE-2021-0438 (In several functions of InputDispatcher.cpp, WindowManagerService.java ...)
+ TODO: check
+CVE-2021-0437 (In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. Th ...)
+ TODO: check
+CVE-2021-0436 (In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out ...)
+ TODO: check
+CVE-2021-0435 (In avrc_proc_vendor_command of avrc_api.cc, there is a possible leak o ...)
+ TODO: check
CVE-2021-0434
RESERVED
-CVE-2021-0433
- RESERVED
-CVE-2021-0432
- RESERVED
-CVE-2021-0431
- RESERVED
-CVE-2021-0430
- RESERVED
-CVE-2021-0429
- RESERVED
-CVE-2021-0428
- RESERVED
-CVE-2021-0427
- RESERVED
-CVE-2021-0426
- RESERVED
+CVE-2021-0433 (In onCreate of DeviceChooserActivity.java, there is a possible way to ...)
+ TODO: check
+CVE-2021-0432 (In ClearPullerCacheIfNecessary and ForceClearPullerCache of StatsPulle ...)
+ TODO: check
+CVE-2021-0431 (In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds re ...)
+ TODO: check
+CVE-2021-0430 (In rw_mfc_handle_read_op of rw_mfc.cc, there is a possible out of boun ...)
+ TODO: check
+CVE-2021-0429 (In pollOnce of ALooper.cpp, there is possible memory corruption due to ...)
+ TODO: check
+CVE-2021-0428 (In getSimSerialNumber of TelephonyManager.java, there is a possible wa ...)
+ TODO: check
+CVE-2021-0427 (In parseExclusiveStateAnnotation of LogEvent.cpp, there is a possible ...)
+ TODO: check
+CVE-2021-0426 (In parsePrimaryFieldFirstUidAnnotation of LogEvent.cpp, there is a pos ...)
+ TODO: check
CVE-2021-0425
RESERVED
CVE-2021-0424
@@ -34362,8 +34384,8 @@ CVE-2021-0402 (In jpeg, there is a possible out of bounds write due to improper
NOT-FOR-US: MediaTek
CVE-2021-0401 (In vow, there is a possible memory corruption due to a race condition. ...)
NOT-FOR-US: MediaTek
-CVE-2021-0400
- RESERVED
+CVE-2021-0400 (In injectBestLocation and handleUpdateLocation of GnssLocationProvider ...)
+ TODO: check
CVE-2021-0399 (In qtaguid_untag of xt_qtaguid.c, there is a possible memory corruptio ...)
- linux <not-affected> (Android-specific xt_qtaguid code)
NOTE: https://source.android.com/security/bulletin/2021-03-01
@@ -37840,14 +37862,14 @@ CVE-2020-27238
RESERVED
CVE-2020-27237
RESERVED
-CVE-2020-27236
- RESERVED
-CVE-2020-27235
- RESERVED
-CVE-2020-27234
- RESERVED
-CVE-2020-27233
- RESERVED
+CVE-2020-27236 (An exploitable SQL injection vulnerability exists in ‘getAssets. ...)
+ TODO: check
+CVE-2020-27235 (An exploitable SQL injection vulnerability exists in ‘getAssets. ...)
+ TODO: check
+CVE-2020-27234 (An exploitable SQL injection vulnerability exists in ‘getAssets. ...)
+ TODO: check
+CVE-2020-27233 (An exploitable SQL injection vulnerability exists in ‘getAssets. ...)
+ TODO: check
CVE-2020-27232
RESERVED
CVE-2020-27231
@@ -37856,10 +37878,10 @@ CVE-2020-27230
RESERVED
CVE-2020-27229
RESERVED
-CVE-2020-27228
- RESERVED
-CVE-2020-27227
- RESERVED
+CVE-2020-27228 (An incorrect default permissions vulnerability exists in the installat ...)
+ TODO: check
+CVE-2020-27227 (An exploitable unatuhenticated command injection exists in the OpenCli ...)
+ TODO: check
CVE-2020-27226
RESERVED
CVE-2020-27225 (In versions 4.18 and earlier of the Eclipse Platform, the Help Subsyst ...)
@@ -68737,12 +68759,12 @@ CVE-2020-13570 (A use-after-free vulnerability exists in the JavaScript engine o
NOT-FOR-US: Foxit
CVE-2020-13569 (A cross-site request forgery vulnerability exists in the GACL function ...)
NOT-FOR-US: OpenEMR
-CVE-2020-13568
- RESERVED
+CVE-2020-13568 (SQL injection vulnerability exists in phpGACL 3.3.7. A specially craft ...)
+ TODO: check
CVE-2020-13567
RESERVED
-CVE-2020-13566
- RESERVED
+CVE-2020-13566 (SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially craf ...)
+ TODO: check
CVE-2020-13565 (An open redirect vulnerability exists in the return_page redirection f ...)
NOT-FOR-US: OpenEMR
CVE-2020-13564 (A cross-site scripting vulnerability exists in the template functional ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a59b672c7c5e5da1c8f5a310ff4795c556a58eb5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a59b672c7c5e5da1c8f5a310ff4795c556a58eb5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210413/10b124f1/attachment.htm>
More information about the debian-security-tracker-commits
mailing list