[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Apr 22 21:10:31 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f231eb77 by security tracker role at 2021-04-22T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,93 @@
+CVE-2021-3512
+ RESERVED
+CVE-2021-3511
+ RESERVED
+CVE-2021-31572 (The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an intege ...)
+ TODO: check
+CVE-2021-31571 (The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an intege ...)
+ TODO: check
+CVE-2021-31570
+ RESERVED
+CVE-2021-31569
+ RESERVED
+CVE-2021-31568
+ RESERVED
+CVE-2021-31557
+ RESERVED
+CVE-2021-31556
+ RESERVED
+CVE-2021-31555 (An issue was discovered in the Oauth extension for MediaWiki through 1 ...)
+ TODO: check
+CVE-2021-31554 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...)
+ TODO: check
+CVE-2021-31553 (An issue was discovered in the CheckUser extension for MediaWiki throu ...)
+ TODO: check
+CVE-2021-31552 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...)
+ TODO: check
+CVE-2021-31551 (An issue was discovered in the PageForms extension for MediaWiki throu ...)
+ TODO: check
+CVE-2021-31550 (An issue was discovered in the CommentBox extension for MediaWiki thro ...)
+ TODO: check
+CVE-2021-31549 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...)
+ TODO: check
+CVE-2021-31548 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...)
+ TODO: check
+CVE-2021-31547 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...)
+ TODO: check
+CVE-2021-31546 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...)
+ TODO: check
+CVE-2021-31545 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...)
+ TODO: check
+CVE-2021-31544
+ RESERVED
+CVE-2021-31543
+ RESERVED
+CVE-2021-31542
+ RESERVED
+CVE-2021-31541
+ RESERVED
+CVE-2021-31540
+ RESERVED
+CVE-2021-31539
+ RESERVED
+CVE-2021-31538
+ RESERVED
+CVE-2021-31537
+ RESERVED
+CVE-2021-31536
+ RESERVED
+CVE-2021-31535
+ RESERVED
+CVE-2021-31534
+ RESERVED
+CVE-2021-31533
+ RESERVED
+CVE-2021-31532
+ RESERVED
+CVE-2021-31531
+ RESERVED
+CVE-2021-31530
+ RESERVED
+CVE-2021-31529
+ RESERVED
+CVE-2021-31528
+ RESERVED
+CVE-2021-31527
+ RESERVED
+CVE-2021-31526
+ RESERVED
+CVE-2021-31525
+ RESERVED
+CVE-2021-26945
+ RESERVED
+CVE-2021-26260
+ RESERVED
+CVE-2021-23215
+ RESERVED
+CVE-2021-23169
+ RESERVED
+CVE-2020-36324 (Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows Reflect ...)
+ TODO: check
CVE-2021-31524
RESERVED
CVE-2021-31522
@@ -1860,8 +1950,7 @@ CVE-2021-3497 (GStreamer before 1.18.4 might access already-freed memory in erro
- gst-plugins-good1.0 1.18.4-2 (bug #986910)
NOTE: https://gstreamer.freedesktop.org/security/sa-2021-0002.html
NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/9181191511f9c0be6a89c98b311f49d66bd46dc3?merge_request_iid=903
-CVE-2021-3496 [heap-based buffer overflow in Get16u() in exif.c]
- RESERVED
+CVE-2021-3496 (A heap-based buffer overflow was found in jhead in version 3.06 in Get ...)
- jhead <unfixed> (bug #986923; unimportant)
NOTE: https://github.com/Matthias-Wandel/jhead/issues/33
NOTE: Fixed by: https://github.com/Matthias-Wandel/jhead/commit/ca2973f4ce79279c15a09cf400648a757c1721b0
@@ -2255,8 +2344,8 @@ CVE-2021-30478 (An issue was discovered in Zulip Server before 3.4. A bug in the
- zulip-server <itp> (bug #800052)
CVE-2021-30477 (An issue was discovered in Zulip Server before 3.4. A bug in the imple ...)
- zulip-server <itp> (bug #800052)
-CVE-2021-30476
- RESERVED
+CVE-2021-30476 (HashiCorp Terraform’s Vault Provider (terraform-provider-vault) ...)
+ TODO: check
CVE-2021-3487 (There's a flaw in the BFD library of binutils in versions before 2.36. ...)
- binutils <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26946
@@ -2523,8 +2612,8 @@ CVE-2021-30358
RESERVED
CVE-2021-30357
RESERVED
-CVE-2021-30356
- RESERVED
+CVE-2021-30356 (A denial of service vulnerability was reported in Check Point Identity ...)
+ TODO: check
CVE-2021-30355
RESERVED
CVE-2021-30354
@@ -3462,10 +3551,12 @@ CVE-2021-29950
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-17/#CVE-2021-29950
CVE-2021-29949
RESERVED
+ {DSA-4897-1 DLA-2632-1}
- thunderbird 1:78.10.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/#CVE-2021-29949
CVE-2021-29948
RESERVED
+ {DSA-4897-1 DLA-2632-1}
- thunderbird 1:78.10.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-29948
CVE-2021-29947
@@ -3474,7 +3565,7 @@ CVE-2021-29947
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-29947
CVE-2021-29946
RESERVED
- {DSA-4895-1}
+ {DSA-4897-1 DSA-4895-1 DLA-2632-1}
- firefox 88.0-1
- firefox-esr 78.10.0esr-1
- thunderbird 1:78.10.0-1
@@ -3483,7 +3574,7 @@ CVE-2021-29946
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-29946
CVE-2021-29945
RESERVED
- {DSA-4895-1}
+ {DSA-4897-1 DSA-4895-1 DLA-2632-1}
- firefox 88.0-1
- firefox-esr 78.10.0esr-1
- thunderbird 1:78.10.0-1
@@ -4141,8 +4232,8 @@ CVE-2021-29655
RESERVED
CVE-2021-29654 (AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data ( ...)
NOT-FOR-US: AjaxSearchPro
-CVE-2021-29653
- RESERVED
+CVE-2021-29653 (HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain ci ...)
+ TODO: check
CVE-2021-29652 (Pomerium from version 0.10.0-0.13.3 has an Open Redirect in the user s ...)
NOT-FOR-US: Pomerium
CVE-2021-29651 (Pomerium before 0.13.4 has an Open Redirect (issue 1 of 2). ...)
@@ -4549,12 +4640,12 @@ CVE-2021-29469
RESERVED
CVE-2021-29468
RESERVED
-CVE-2021-29467
- RESERVED
-CVE-2021-29466
- RESERVED
-CVE-2021-29465
- RESERVED
+CVE-2021-29467 (Wrongthink is an encrypted peer-to-peer chat program. A user could che ...)
+ TODO: check
+CVE-2021-29466 (Discord-Recon is a bot for the Discord chat service. In versions of Di ...)
+ TODO: check
+CVE-2021-29465 (Discord-Recon is a bot for the Discord chat service. Versions of Disco ...)
+ TODO: check
CVE-2021-29464
RESERVED
CVE-2021-29463
@@ -4598,7 +4689,7 @@ CVE-2021-29452 (a12n-server is an npm package which aims to provide a simple aut
CVE-2021-29451 (Portofino is an open source web development framework. Portofino befor ...)
NOT-FOR-US: Portofino
CVE-2021-29450 (Wordpress is an open source CMS. One of the blocks in the WordPress ed ...)
- {DLA-2630-1}
+ {DSA-4896-1 DLA-2630-1}
- wordpress 5.7.1+dfsg1-1 (bug #987065)
NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pmmh-2f36-wvhq
CVE-2021-29449 (Pi-hole is a Linux network-level advertisement and Internet tracker bl ...)
@@ -4606,7 +4697,7 @@ CVE-2021-29449 (Pi-hole is a Linux network-level advertisement and Internet trac
CVE-2021-29448 (Pi-hole is a Linux network-level advertisement and Internet tracker bl ...)
NOT-FOR-US: Pi-hole
CVE-2021-29447 (Wordpress is an open source CMS. A user with the ability to upload fil ...)
- {DLA-2630-1}
+ {DSA-4896-1 DLA-2630-1}
- wordpress 5.7.1+dfsg1-1 (unimportant)
NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-rv47-pc52-qrhh
NOTE: Only an issue when installation runs under PHP8.
@@ -7479,8 +7570,8 @@ CVE-2021-28170
RESERVED
CVE-2021-28169
RESERVED
-CVE-2021-28168
- RESERVED
+CVE-2021-28168 (Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains ...)
+ TODO: check
CVE-2021-28167 (In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect ...)
NOT-FOR-US: Eclipse OpenJ9
CVE-2021-28166 (In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated clien ...)
@@ -8606,7 +8697,7 @@ CVE-2021-27737
CVE-2020-35358 (DomainMOD domainmod-v4.15.0 is affected by an insufficient session exp ...)
NOT-FOR-US: DomainMOD
CVE-2021-27803 (A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant b ...)
- {DLA-2581-1}
+ {DSA-4898-1 DLA-2581-1}
- wpa 2:2.9.0-21
NOTE: https://www.openwall.com/lists/oss-security/2021/02/25/3
NOTE: https://w1.fi/security/2021-1/wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt
@@ -8629,8 +8720,8 @@ CVE-2021-3416 (A potential stack overflow via infinite loop issue was found in v
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=5311fb805a4403bba024e83886fa0e7572265de4
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=8c92060d3c0248bd4d515719a35922cd2391b9b4
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=8c552542b81e56ff532dd27ec6e5328954bdda73
-CVE-2021-27736
- RESERVED
+CVE-2021-27736 (FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a for ...)
+ TODO: check
CVE-2021-27735
RESERVED
CVE-2021-27734
@@ -9324,8 +9415,8 @@ CVE-2021-27402
RESERVED
CVE-2021-27401
RESERVED
-CVE-2021-27400
- RESERVED
+CVE-2021-27400 (HashiCorp Vault and Vault Enterprise Cassandra integrations (storage b ...)
+ TODO: check
CVE-2020-36252 (ownCloud Server 10.x before 10.3.1 allows an attacker, who has one out ...)
- owncloud <removed>
CVE-2020-36251 (ownCloud Server before 10.3.0 allows an attacker, who has received non ...)
@@ -9631,10 +9722,10 @@ CVE-2021-27280
RESERVED
CVE-2021-27279 (MyBB before 1.8.25 allows stored XSS via nested [email] tags with MyCo ...)
NOT-FOR-US: MyBB
-CVE-2021-27278
- RESERVED
-CVE-2021-27277
- RESERVED
+CVE-2021-27278 (This vulnerability allows local attackers to escalate privileges on af ...)
+ TODO: check
+CVE-2021-27277 (This vulnerability allows local attackers to escalate privileges on af ...)
+ TODO: check
CVE-2021-27276 (This vulnerability allows remote attackers to delete arbitrary files o ...)
NOT-FOR-US: Netgear
CVE-2021-27275 (This vulnerability allows remote attackers to disclose sensitive infor ...)
@@ -12659,8 +12750,8 @@ CVE-2021-26028 (An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extract
NOT-FOR-US: Joomla!
CVE-2021-26027 (An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL ...)
NOT-FOR-US: Joomla!
-CVE-2021-3287
- RESERVED
+CVE-2021-3287 (Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Rem ...)
+ TODO: check
CVE-2021-26026 (PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a Use ...)
NOT-FOR-US: ACDSee Professional 2021
CVE-2021-26025 (PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a Use ...)
@@ -17287,7 +17378,7 @@ CVE-2021-3139 (In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2,
NOTE: https://github.com/open-iscsi/tcmu-runner/commit/01685b2ab8c430c0fb9ce397e7e76b60fe6cbde5
CVE-2021-24002
RESERVED
- {DSA-4895-1}
+ {DSA-4897-1 DSA-4895-1 DLA-2632-1}
- firefox 88.0-1
- firefox-esr 78.10.0esr-1
- thunderbird 1:78.10.0-1
@@ -17304,7 +17395,7 @@ CVE-2021-24000
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-24000
CVE-2021-23999
RESERVED
- {DSA-4895-1}
+ {DSA-4897-1 DSA-4895-1 DLA-2632-1}
- firefox 88.0-1
- firefox-esr 78.10.0esr-1
- thunderbird 1:78.10.0-1
@@ -17313,7 +17404,7 @@ CVE-2021-23999
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23999
CVE-2021-23998
RESERVED
- {DSA-4895-1}
+ {DSA-4897-1 DSA-4895-1 DLA-2632-1}
- firefox 88.0-1
- firefox-esr 78.10.0esr-1
- thunderbird 1:78.10.0-1
@@ -17330,7 +17421,7 @@ CVE-2021-23996
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23996
CVE-2021-23995
RESERVED
- {DSA-4895-1}
+ {DSA-4897-1 DSA-4895-1 DLA-2632-1}
- firefox 88.0-1
- firefox-esr 78.10.0esr-1
- thunderbird 1:78.10.0-1
@@ -17339,7 +17430,7 @@ CVE-2021-23995
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23995
CVE-2021-23994
RESERVED
- {DSA-4895-1}
+ {DSA-4897-1 DSA-4895-1 DLA-2632-1}
- firefox 88.0-1
- firefox-esr 78.10.0esr-1
- thunderbird 1:78.10.0-1
@@ -17348,16 +17439,19 @@ CVE-2021-23994
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23994
CVE-2021-23993
RESERVED
+ {DSA-4897-1 DLA-2632-1}
- thunderbird 1:78.10.0-1
[stretch] - thunderbird <postponed> (Minor issue; can be fixed in next update)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/#CVE-2021-23993
CVE-2021-23992
RESERVED
+ {DSA-4897-1 DLA-2632-1}
- thunderbird 1:78.10.0-1
[stretch] - thunderbird <postponed> (Minor issue; can be fixed in next update)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/#CVE-2021-23992
CVE-2021-23991
RESERVED
+ {DSA-4897-1 DLA-2632-1}
- thunderbird 1:78.10.0-1
[stretch] - thunderbird <postponed> (Minor issue; can be fixed in next update)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/#CVE-2021-23991
@@ -17495,7 +17589,7 @@ CVE-2021-23962 (Incorrect use of the '<RowCountChanged>' method could have
- firefox 85.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23962
CVE-2021-23961 (Further techniques that built on the slipstream research combined with ...)
- {DSA-4895-1}
+ {DSA-4897-1 DSA-4895-1 DLA-2632-1}
- firefox 85.0-1
- firefox-esr 78.10.0esr-1
- thunderbird 1:78.10.0-1
@@ -19293,8 +19387,7 @@ CVE-2021-23135
RESERVED
CVE-2021-23134
RESERVED
-CVE-2021-23133 [net/sctp: fix race condition in sctp_destroy_sock]
- RESERVED
+CVE-2021-23133 (A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) befo ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/b166a20b07382b8bc1dcee2a448715c9c2c81b5b
NOTE: https://www.openwall.com/lists/oss-security/2021/04/18/2
@@ -20662,8 +20755,8 @@ CVE-2021-22542
RESERVED
CVE-2021-22541
RESERVED
-CVE-2021-22540
- RESERVED
+CVE-2021-22540 (Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an ...)
+ TODO: check
CVE-2021-22539 (An attacker can place a crafted JSON config file into the project fold ...)
NOT-FOR-US: VScode-bazel
CVE-2021-22538 (A privilege escalation vulnerability impacting the Google Exposure Not ...)
@@ -24226,10 +24319,10 @@ CVE-2021-21429
RESERVED
CVE-2021-21428
RESERVED
-CVE-2021-21427
- RESERVED
-CVE-2021-21426
- RESERVED
+CVE-2021-21427 (Magento-lts is a long-term support alternative to Magento Community Ed ...)
+ TODO: check
+CVE-2021-21426 (Magento-lts is a long-term support alternative to Magento Community Ed ...)
+ TODO: check
CVE-2021-21425 (Grav Admin Plugin is an HTML user interface that provides a way to con ...)
NOT-FOR-US: Grav Admin Plugin
CVE-2021-21424
@@ -26453,8 +26546,8 @@ CVE-2021-20592
RESERVED
CVE-2021-20591
RESERVED
-CVE-2021-20590
- RESERVED
+CVE-2021-20590 (Improper authentication vulnerability in GOT2000 series GT27 model all ...)
+ TODO: check
CVE-2021-20589
RESERVED
CVE-2021-20588 (Improper handling of length parameter inconsistency vulnerability in M ...)
@@ -34655,17 +34748,15 @@ CVE-2021-1080
RESERVED
CVE-2021-1079 (NVIDIA GeForce Experience, all versions prior to 3.22, contains a vuln ...)
NOT-FOR-US: NVIDIA
-CVE-2021-1078
- RESERVED
-CVE-2021-1077
- RESERVED
+CVE-2021-1078 (NVIDIA Windows GPU Display Driver for Windows, all versions, contains ...)
+ TODO: check
+CVE-2021-1077 (NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver ...)
- nvidia-graphics-drivers <unfixed> (bug #987216)
[buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[stretch] - nvidia-graphics-drivers <no-dsa> (no upstream patch available)
- nvidia-graphics-drivers-tesla-450 <unfixed> (bug #987221)
- nvidia-graphics-drivers-tesla-460 <unfixed> (bug #987222)
-CVE-2021-1076
- RESERVED
+CVE-2021-1076 (NVIDIA GPU Display Driver for Windows and Linux, all versions, contain ...)
- nvidia-graphics-drivers <unfixed> (bug #987216)
[buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #987217)
@@ -34677,10 +34768,10 @@ CVE-2021-1076
- nvidia-graphics-drivers-tesla-440 <unfixed> (bug #987220)
- nvidia-graphics-drivers-tesla-450 <unfixed> (bug #987221)
- nvidia-graphics-drivers-tesla-460 <unfixed> (bug #987222)
-CVE-2021-1075
- RESERVED
-CVE-2021-1074
- RESERVED
+CVE-2021-1075 (NVIDIA Windows GPU Display Driver for Windows, all versions, contains ...)
+ TODO: check
+CVE-2021-1074 (NVIDIA Windows GPU Display Driver for Windows, R390 driver branch, con ...)
+ TODO: check
CVE-2021-1073
RESERVED
CVE-2021-1072 (NVIDIA GeForce Experience, all versions prior to 3.21, contains a vuln ...)
@@ -36772,7 +36863,7 @@ CVE-2021-0328 (In onBatchScanReports and deliverBatchScan of GattService.java, t
CVE-2021-0327 (In getContentProviderImpl of ActivityManagerService.java, there is a p ...)
NOT-FOR-US: Android
CVE-2021-0326 (In p2p_copy_client_info of p2p.c, there is a possible out of bounds wr ...)
- {DLA-2572-1}
+ {DSA-4898-1 DLA-2572-1}
- wpa 2:2.9.0-17 (bug #981971)
NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/4
NOTE: https://w1.fi/security/2020-2/wpa_supplicant-p2p-group-info-processing-vulnerability.txt
@@ -39469,10 +39560,10 @@ CVE-2020-27571
RESERVED
CVE-2020-27570
RESERVED
-CVE-2020-27569
- RESERVED
-CVE-2020-27568
- RESERVED
+CVE-2020-27569 (Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. ...)
+ TODO: check
+CVE-2020-27568 (Insecure File Permissions exist in Aviatrix Controller 5.3.1516. Sever ...)
+ TODO: check
CVE-2020-27567
RESERVED
CVE-2020-27566
@@ -73226,7 +73317,7 @@ CVE-2020-12697 (The direct_mail extension through 5.2.3 for TYPO3 allows Denial
CVE-2020-12696 (The iframe plugin before 4.5 for WordPress does not sanitize a URL. ...)
NOT-FOR-US: iframe plugin for WordPress
CVE-2020-12695 (The Open Connectivity Foundation UPnP specification before 2020-04-17 ...)
- {DSA-4806-1 DLA-2489-1 DLA-2318-1 DLA-2315-1}
+ {DSA-4898-1 DSA-4806-1 DLA-2489-1 DLA-2318-1 DLA-2315-1}
- wpa 2:2.9.0-16 (bug #976106)
- gupnp 1.2.3-1
[buster] - gupnp 1.0.5-0+deb10u1
@@ -87273,14 +87364,14 @@ CVE-2020-7863
RESERVED
CVE-2020-7862
RESERVED
-CVE-2020-7861
- RESERVED
+CVE-2020-7861 (AnySupport (Remote support solution) before 2019.3.21.0 allows directo ...)
+ TODO: check
CVE-2020-7860
RESERVED
CVE-2020-7859
RESERVED
-CVE-2020-7858
- RESERVED
+CVE-2020-7858 (There is a directory traversing vulnerability in the download page url ...)
+ TODO: check
CVE-2020-7857 (A vulnerability of XPlatform could allow an unauthenticated attacker t ...)
TODO: check
CVE-2020-7856 (A vulnerability of Helpcom could allow an unauthenticated attacker to ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f231eb77f1a70d6897f837eab4f189f9becb388a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f231eb77f1a70d6897f837eab4f189f9becb388a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210422/8bea9ab5/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list