[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Apr 14 21:10:31 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dbedb49a by security tracker role at 2021-04-14T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,109 @@
+CVE-2021-3499
+ RESERVED
+CVE-2021-31214
+ RESERVED
+CVE-2021-31213
+ RESERVED
+CVE-2021-31212
+ RESERVED
+CVE-2021-31211
+ RESERVED
+CVE-2021-31210
+ RESERVED
+CVE-2021-31209
+ RESERVED
+CVE-2021-31208
+ RESERVED
+CVE-2021-31207
+ RESERVED
+CVE-2021-31206
+ RESERVED
+CVE-2021-31205
+ RESERVED
+CVE-2021-31204
+ RESERVED
+CVE-2021-31203
+ RESERVED
+CVE-2021-31202
+ RESERVED
+CVE-2021-31201
+ RESERVED
+CVE-2021-31200
+ RESERVED
+CVE-2021-31199
+ RESERVED
+CVE-2021-31198
+ RESERVED
+CVE-2021-31197
+ RESERVED
+CVE-2021-31196
+ RESERVED
+CVE-2021-31195
+ RESERVED
+CVE-2021-31194
+ RESERVED
+CVE-2021-31193
+ RESERVED
+CVE-2021-31192
+ RESERVED
+CVE-2021-31191
+ RESERVED
+CVE-2021-31190
+ RESERVED
+CVE-2021-31189
+ RESERVED
+CVE-2021-31188
+ RESERVED
+CVE-2021-31187
+ RESERVED
+CVE-2021-31186
+ RESERVED
+CVE-2021-31185
+ RESERVED
+CVE-2021-31184
+ RESERVED
+CVE-2021-31183
+ RESERVED
+CVE-2021-31182
+ RESERVED
+CVE-2021-31181
+ RESERVED
+CVE-2021-31180
+ RESERVED
+CVE-2021-31179
+ RESERVED
+CVE-2021-31178
+ RESERVED
+CVE-2021-31177
+ RESERVED
+CVE-2021-31176
+ RESERVED
+CVE-2021-31175
+ RESERVED
+CVE-2021-31174
+ RESERVED
+CVE-2021-31173
+ RESERVED
+CVE-2021-31172
+ RESERVED
+CVE-2021-31171
+ RESERVED
+CVE-2021-31170
+ RESERVED
+CVE-2021-31169
+ RESERVED
+CVE-2021-31168
+ RESERVED
+CVE-2021-31167
+ RESERVED
+CVE-2021-31166
+ RESERVED
+CVE-2021-31165
+ RESERVED
+CVE-2021-31164
+ RESERVED
+CVE-2021-31163
+ RESERVED
CVE-2021-31162 (In the standard library in Rust before 1.53.0, a double free can occur ...)
- rustc <unfixed>
NOTE: https://github.com/rust-lang/rust/issues/83618
@@ -20,8 +126,8 @@ CVE-2021-31154
RESERVED
CVE-2021-31153
RESERVED
-CVE-2021-31152
- RESERVED
+CVE-2021-31152 (Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request ...)
+ TODO: check
CVE-2021-31151
RESERVED
CVE-2021-31150
@@ -1402,10 +1508,10 @@ CVE-2021-30496
RESERVED
CVE-2021-30495
RESERVED
-CVE-2021-30494
- RESERVED
-CVE-2021-30493
- RESERVED
+CVE-2021-30494 (Multiple system services installed alongside the Razer Synapse 3 softw ...)
+ TODO: check
+CVE-2021-30493 (Multiple system services installed alongside the Razer Synapse 3 softw ...)
+ TODO: check
CVE-2021-30492
RESERVED
CVE-2021-30491
@@ -1518,8 +1624,8 @@ CVE-2021-30461
RESERVED
CVE-2021-30460
RESERVED
-CVE-2021-30459
- RESERVED
+CVE-2021-30459 (A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolba ...)
+ TODO: check
CVE-2021-30458 (An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x ...)
- mediawiki 1:1.35.2-1
[buster] - mediawiki <not-affected> (Only applies to 1.35 and later)
@@ -3302,8 +3408,8 @@ CVE-2021-29656
RESERVED
CVE-2021-29655
RESERVED
-CVE-2021-29654
- RESERVED
+CVE-2021-29654 (AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data ( ...)
+ TODO: check
CVE-2021-29653
RESERVED
CVE-2021-29652 (Pomerium from version 0.10.0-0.13.3 has an Open Redirect in the user s ...)
@@ -4021,8 +4127,8 @@ CVE-2021-29340
RESERVED
CVE-2021-29339
RESERVED
-CVE-2021-29338
- RESERVED
+CVE-2021-29338 (Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash t ...)
+ TODO: check
CVE-2021-29337
RESERVED
CVE-2021-29336
@@ -5103,10 +5209,10 @@ CVE-2021-28858
RESERVED
CVE-2021-28857
RESERVED
-CVE-2021-28856
- RESERVED
-CVE-2021-28855
- RESERVED
+CVE-2021-28856 (In Deark before v1.5.8, a specially crafted input file can cause a div ...)
+ TODO: check
+CVE-2021-28855 (In Deark before 1.5.8, a specially crafted input file can cause a NULL ...)
+ TODO: check
CVE-2021-28854
RESERVED
CVE-2021-28853
@@ -5176,10 +5282,10 @@ CVE-2021-28828
RESERVED
CVE-2021-28827
RESERVED
-CVE-2021-28826
- RESERVED
-CVE-2021-28825
- RESERVED
+CVE-2021-28826 (The Windows Installation component of TIBCO Software Inc.'s TIBCO Mess ...)
+ TODO: check
+CVE-2021-28825 (The Windows Installation component of TIBCO Software Inc.'s TIBCO Mess ...)
+ TODO: check
CVE-2021-28824 (The Windows Installation component of TIBCO Software Inc.'s TIBCO Acti ...)
NOT-FOR-US: TIBCO
CVE-2021-28823 (The Windows Installation component of TIBCO Software Inc.'s TIBCO eFTL ...)
@@ -5234,8 +5340,8 @@ CVE-2021-28799
RESERVED
CVE-2021-28798
RESERVED
-CVE-2021-28797
- RESERVED
+CVE-2021-28797 (A stack-based buffer overflow vulnerability has been reported to affec ...)
+ TODO: check
CVE-2021-28796 (Increments Qiita::Markdown before 0.33.0 allows XSS in transformers. ...)
NOT-FOR-US: Increments Qiita::Markdown
CVE-2021-28795
@@ -5929,8 +6035,8 @@ CVE-2021-28486
RESERVED
CVE-2021-28485
RESERVED
-CVE-2021-28484
- RESERVED
+CVE-2021-28484 (An issue was discovered in the /api/connector endpoint handler in Yubi ...)
+ TODO: check
CVE-2021-3443 (A NULL pointer dereference flaw was found in the way Jasper versions b ...)
- jasper <removed>
NOTE: https://github.com/jasper-software/jasper/issues/269
@@ -6314,8 +6420,8 @@ CVE-2021-28302 (A stack overflow in pupnp 1.16.1 can cause the denial of service
NOTE: https://github.com/pupnp/pupnp/issues/249
CVE-2021-28301
RESERVED
-CVE-2021-28300
- RESERVED
+CVE-2021-28300 (NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrac ...)
+ TODO: check
CVE-2021-28299
RESERVED
CVE-2021-28298
@@ -6879,8 +6985,8 @@ CVE-2020-36258
RESERVED
CVE-2020-36257
RESERVED
-CVE-2021-28098
- RESERVED
+CVE-2021-28098 (An issue was discovered in Forescout CounterACT before 8.1.4. A local ...)
+ TODO: check
CVE-2021-28097
RESERVED
CVE-2021-28096
@@ -6974,8 +7080,8 @@ CVE-2021-28062
RESERVED
CVE-2021-28061
RESERVED
-CVE-2021-28060
- RESERVED
+CVE-2021-28060 (A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4 ...)
+ TODO: check
CVE-2021-28059
RESERVED
CVE-2021-28058
@@ -7119,10 +7225,10 @@ CVE-2021-27992
RESERVED
CVE-2021-27991
RESERVED
-CVE-2021-27990
- RESERVED
-CVE-2021-27989
- RESERVED
+CVE-2021-27990 (Appspace 6.2.4 is vulnerable to a broken authentication mechanism wher ...)
+ TODO: check
+CVE-2021-27989 (Appspace 6.2.4 is vulnerable to stored cross-site scripting (XSS) in m ...)
+ TODO: check
CVE-2021-27988
RESERVED
CVE-2021-27987
@@ -7546,8 +7652,8 @@ CVE-2021-27817 (A remote command execution vulnerability in shopxo 1.9.3 allows
NOT-FOR-US: shopxo
CVE-2021-27816
RESERVED
-CVE-2021-27815
- RESERVED
+CVE-2021-27815 (NULL Pointer Deference in the "actions.c" library of libexif exif v0.6 ...)
+ TODO: check
CVE-2021-27814
RESERVED
CVE-2021-27813
@@ -7790,18 +7896,18 @@ CVE-2021-27712
RESERVED
CVE-2021-27711
RESERVED
-CVE-2021-27710
- RESERVED
+CVE-2021-27710 (Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118 ...)
+ TODO: check
CVE-2021-27709
RESERVED
-CVE-2021-27708
- RESERVED
-CVE-2021-27707
- RESERVED
-CVE-2021-27706
- RESERVED
-CVE-2021-27705
- RESERVED
+CVE-2021-27708 (Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118 ...)
+ TODO: check
+CVE-2021-27707 (Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9 ...)
+ TODO: check
+CVE-2021-27706 (Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.1 ...)
+ TODO: check
+CVE-2021-27705 (Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9 ...)
+ TODO: check
CVE-2021-27704
RESERVED
CVE-2021-27703
@@ -8003,16 +8109,16 @@ CVE-2021-27610
RESERVED
CVE-2021-27609 (SAP Focused RUN versions 200, 300, does not perform necessary authoriz ...)
NOT-FOR-US: SAP
-CVE-2021-27608
- RESERVED
+CVE-2021-27608 (An unquoted service path in SAPSetup, version - 9.0, could lead to pri ...)
+ TODO: check
CVE-2021-27607
RESERVED
CVE-2021-27606
RESERVED
CVE-2021-27605 (SAP's HCM Travel Management Fiori Apps V2, version - 608, does not per ...)
NOT-FOR-US: SAP
-CVE-2021-27604
- RESERVED
+CVE-2021-27604 (In order to prevent XML External Entity vulnerability in SAP NetWeaver ...)
+ TODO: check
CVE-2021-27603 (An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABA ...)
NOT-FOR-US: SAP
CVE-2021-27602 (SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice appl ...)
@@ -8021,8 +8127,8 @@ CVE-2021-27601 (SAP NetWeaver AS Java (Applications based on HTMLB for Java) all
NOT-FOR-US: SAP
CVE-2021-27600 (SAP Manufacturing Execution (System Rules), versions - 15.1, 15.2, 15. ...)
NOT-FOR-US: SAP
-CVE-2021-27599
- RESERVED
+CVE-2021-27599 (SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Int ...)
+ TODO: check
CVE-2021-27598 (SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions ...)
NOT-FOR-US: SAP
CVE-2021-27597
@@ -8719,8 +8825,8 @@ CVE-2021-27290 (ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular
NOTE: https://github.com/npm/ssri/commit/76e223317d971f19e4db8191865bdad5edee40d2 (v8.0.1)
CVE-2021-27289
RESERVED
-CVE-2021-27288
- RESERVED
+CVE-2021-27288 (Cross Site Scripting (XSS) in X2Engine X2CRM v7.1 allows remote attack ...)
+ TODO: check
CVE-2021-27287
RESERVED
CVE-2021-27286
@@ -8775,12 +8881,12 @@ CVE-2021-27262 (This vulnerability allows remote attackers to disclose sensitive
NOT-FOR-US: Foxit PhantomPDF
CVE-2021-27261 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: Foxit PhantomPDF
-CVE-2021-27260
- RESERVED
-CVE-2021-27259
- RESERVED
-CVE-2021-27258
- RESERVED
+CVE-2021-27260 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ TODO: check
+CVE-2021-27259 (This vulnerability allows local attackers to escalate privileges on af ...)
+ TODO: check
+CVE-2021-27258 (This vulnerability allows remote attackers to execute escalate privile ...)
+ TODO: check
CVE-2021-27257 (This vulnerability allows network-adjacent attackers to compromise the ...)
NOT-FOR-US: Netgear
CVE-2021-27256 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
@@ -8789,22 +8895,22 @@ CVE-2021-27255 (This vulnerability allows remote attackers to execute arbitrary
NOT-FOR-US: Netgear
CVE-2021-27254 (This vulnerability allows network-adjacent attackers to bypass authent ...)
NOT-FOR-US: Netgear
-CVE-2021-27253
- RESERVED
-CVE-2021-27252
- RESERVED
-CVE-2021-27251
- RESERVED
-CVE-2021-27250
- RESERVED
-CVE-2021-27249
- RESERVED
-CVE-2021-27248
- RESERVED
-CVE-2021-27247
- RESERVED
-CVE-2021-27246
- RESERVED
+CVE-2021-27253 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ TODO: check
+CVE-2021-27252 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ TODO: check
+CVE-2021-27251 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ TODO: check
+CVE-2021-27250 (This vulnerability allows network-adjacent attackers to disclose sensi ...)
+ TODO: check
+CVE-2021-27249 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ TODO: check
+CVE-2021-27248 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ TODO: check
+CVE-2021-27247 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
+CVE-2021-27246 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ TODO: check
CVE-2021-27245 (This vulnerability allows a firewall bypass on affected installations ...)
NOT-FOR-US: TP-Link
CVE-2021-27244 (This vulnerability allows local attackers to disclose sensitive inform ...)
@@ -9070,8 +9176,8 @@ CVE-2021-27132 (SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection
NOT-FOR-US: SerComm AG Combo VD625 AGSOT_2.1.0 devices
CVE-2021-27131
RESERVED
-CVE-2021-27130
- RESERVED
+CVE-2021-27130 (Online Reviewer System 1.0 contains a SQL injection vulnerability thro ...)
+ TODO: check
CVE-2021-27129
RESERVED
CVE-2021-27128
@@ -9102,10 +9208,10 @@ CVE-2021-27116
RESERVED
CVE-2021-27115
RESERVED
-CVE-2021-27114
- RESERVED
-CVE-2021-27113
- RESERVED
+CVE-2021-27114 (An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within ...)
+ TODO: check
+CVE-2021-27113 (An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP ...)
+ TODO: check
CVE-2021-27112
RESERVED
CVE-2021-27111
@@ -9794,8 +9900,8 @@ CVE-2021-26834
RESERVED
CVE-2021-26833 (Code Execution vulnerability in Profile Picture upload in TimelyBills ...)
NOT-FOR-US: TimelyBills App Budget, Expense tracker & Bills
-CVE-2021-26832
- RESERVED
+CVE-2021-26832 (Cross Site Scripting (XSS) in the "Reset Password" page form of Priori ...)
+ TODO: check
CVE-2021-26831
RESERVED
CVE-2021-26830
@@ -9804,8 +9910,8 @@ CVE-2021-26829
RESERVED
CVE-2021-26828
RESERVED
-CVE-2021-26827
- RESERVED
+CVE-2021-26827 (Buffer Overflow in TP-Link WR2041 v1 firmware for the TL-WR2041+ route ...)
+ TODO: check
CVE-2021-26826 (A stack overflow issue exists in Godot Engine up to v3.2 and is caused ...)
- godot <unfixed> (bug #982593)
[buster] - godot <no-dsa> (Minor issue)
@@ -9842,8 +9948,8 @@ CVE-2021-26813 (markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regula
- python-markdown2 <unfixed> (bug #984668)
[buster] - python-markdown2 <no-dsa> (Minor issue)
NOTE: https://github.com/trentm/python-markdown2/pull/387
-CVE-2021-26812
- RESERVED
+CVE-2021-26812 (Cross Site Scripting (XSS) in the Jitsi Meet 2.7 through 2.8.3 plugin ...)
+ TODO: check
CVE-2021-26811
RESERVED
CVE-2021-26810 (D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnera ...)
@@ -9856,8 +9962,8 @@ CVE-2021-26807
RESERVED
CVE-2021-26806
RESERVED
-CVE-2021-26805
- RESERVED
+CVE-2021-26805 (Buffer Overflow in tsMuxer 2.6.16 allows attackers to cause a Denial o ...)
+ TODO: check
CVE-2021-26804
RESERVED
CVE-2021-26803
@@ -11755,10 +11861,10 @@ CVE-2021-26033
RESERVED
CVE-2021-26032
RESERVED
-CVE-2021-26031
- RESERVED
-CVE-2021-26030
- RESERVED
+CVE-2021-26031 (An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate fi ...)
+ TODO: check
+CVE-2021-26030 (An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate es ...)
+ TODO: check
CVE-2021-26029 (An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate fi ...)
NOT-FOR-US: Joomla!
CVE-2021-26028 (An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an ...)
@@ -13562,13 +13668,13 @@ CVE-2021-25318
RESERVED
CVE-2021-25317
RESERVED
-CVE-2021-25316
- RESERVED
+CVE-2021-25316 (A Insecure Temporary File vulnerability in s390-tools of SUSE Linux En ...)
+ TODO: check
CVE-2021-25315 (A Incorrect Implementation of Authentication Algorithm vulnerability i ...)
- salt <not-affected> (SuSE specific issue, cf #985085)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1182382
-CVE-2021-25314
- RESERVED
+CVE-2021-25314 (A Creation of Temporary File With Insecure Permissions vulnerability i ...)
+ TODO: check
CVE-2021-25313 (A Improper Neutralization of Input During Web Page Generation ('Cross- ...)
NOT-FOR-US: Rancher
CVE-2021-3179
@@ -18872,8 +18978,8 @@ CVE-2021-22880 (The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5,
NOTE: https://hackerone.com/reports/1023899
NOTE: https://github.com/rails/rails/commit/eddda4d8fb6b6508e11196b14494ceac37b57339 (main)
NOTE: https://github.com/rails/rails/commit/879d02107b5b3eb7aeaad1cd1f259bb41f17286b (v6.0.3.5)
-CVE-2021-22879
- RESERVED
+CVE-2021-22879 (Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource inje ...)
+ TODO: check
CVE-2021-22878 (Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site ...)
- nextcloud-server <itp> (bug #941708)
CVE-2021-22877 (A missing user check in Nextcloud prior to 20.0.6 inadvertently popula ...)
@@ -20502,8 +20608,8 @@ CVE-2021-3019 (ffay lanproxy 0.1 allows Directory Traversal to read /../conf/con
NOT-FOR-US: ffay lanproxy
CVE-2021-3018 (ipeak Infosystems ibexwebCMS (aka IPeakCMS) 3.5 is vulnerable to an un ...)
NOT-FOR-US: ipeak Infosystems ibexwebCMS (aka IPeakCMS)
-CVE-2021-3017
- RESERVED
+CVE-2021-3017 (The web interface on Intelbras WIN 300 and WRN 342 devices through 202 ...)
+ TODO: check
CVE-2021-3016
RESERVED
CVE-2021-3015
@@ -21958,8 +22064,8 @@ CVE-2020-36122
RESERVED
CVE-2020-36121
RESERVED
-CVE-2020-36120
- RESERVED
+CVE-2020-36120 (Buffer Overflow in the "sixel_encoder_encode_bytes" function of Libsix ...)
+ TODO: check
CVE-2020-36119
RESERVED
CVE-2020-36118
@@ -23154,8 +23260,8 @@ CVE-2020-35662 (In SaltStack Salt before 3002.5, when authenticating to services
NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
CVE-2020-35661
RESERVED
-CVE-2020-35660
- RESERVED
+CVE-2020-35660 (Cross Site Scripting (XSS) in Monica before 2.19.1 via the journal pag ...)
+ TODO: check
CVE-2020-35659 (The DNS query log in Pi-hole before 5.2.2 is vulnerable to stored XSS. ...)
NOT-FOR-US: Pi-hole
CVE-2020-35658 (SpamTitan before 7.09 allows attackers to tamper with backups, because ...)
@@ -27428,10 +27534,10 @@ CVE-2020-35421
RESERVED
CVE-2020-35420
RESERVED
-CVE-2020-35419
- RESERVED
-CVE-2020-35418
- RESERVED
+CVE-2020-35419 (Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LAN ...)
+ TODO: check
+CVE-2020-35418 (Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4 ...)
+ TODO: check
CVE-2020-35417
RESERVED
CVE-2020-35416 (Multiple cross-site scripting (XSS) vulnerabilities exist in PHPJabber ...)
@@ -29871,10 +29977,10 @@ CVE-2020-29595 (PlugIns\IDE_ACDStd.apl in ACDSee Photo Studio Studio Professiona
NOT-FOR-US: ACDSee Photo Studio Studio Professional
CVE-2020-29594 (Rocket.Chat before 0.74.4, 1.x before 1.3.4, 2.x before 2.4.13, 3.x be ...)
NOT-FOR-US: Rocket.Chat
-CVE-2020-29593
- RESERVED
-CVE-2020-29592
- RESERVED
+CVE-2020-29593 (An issue was discovered in Orchard before 1.10. The Media Settings All ...)
+ TODO: check
+CVE-2020-29592 (An issue was discovered in Orchard before 1.10. A broken access contro ...)
+ TODO: check
CVE-2020-29591 (Versions of the Official registry Docker images through 2.7.0 contain ...)
NOT-FOR-US: registry Docker image
CVE-2020-29590
@@ -32729,6 +32835,7 @@ CVE-2021-1407 (Multiple vulnerabilities in the web-based management interface of
CVE-2021-1406 (A vulnerability in Cisco Unified Communications Manager (Unified CM) a ...)
NOT-FOR-US: Cisco
CVE-2021-1405 (A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) ...)
+ {DLA-2626-1}
- clamav 0.103.2+dfsg-1 (bug #986622; bug #986790)
[buster] - clamav <no-dsa> (clamav is updated via -updates)
NOTE: https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html
@@ -36145,8 +36252,8 @@ CVE-2020-28126
RESERVED
CVE-2020-28125
RESERVED
-CVE-2020-28124
- RESERVED
+CVE-2020-28124 (Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field. ...)
+ TODO: check
CVE-2020-28123
RESERVED
CVE-2020-28122
@@ -52406,10 +52513,10 @@ CVE-2020-21090
RESERVED
CVE-2020-21089
RESERVED
-CVE-2020-21088
- RESERVED
-CVE-2020-21087
- RESERVED
+CVE-2020-21088 (Cross Site Scripting (XSS) in X2engine X2CRM v7.1 and older allows rem ...)
+ TODO: check
+CVE-2020-21087 (Cross Site Scripting (XSS) in X2Engine X2CRM v6.9 and older allows rem ...)
+ TODO: check
CVE-2020-21086
RESERVED
CVE-2020-21085
@@ -55034,8 +55141,8 @@ CVE-2020-19780
RESERVED
CVE-2020-19779
RESERVED
-CVE-2020-19778
- RESERVED
+CVE-2020-19778 (Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote att ...)
+ TODO: check
CVE-2020-19777
RESERVED
CVE-2020-19776
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dbedb49a8064ce6e5ddc6f1ecc3aad8cb1fdffc4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dbedb49a8064ce6e5ddc6f1ecc3aad8cb1fdffc4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210414/ff9ffefc/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list