[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Aug 3 21:10:30 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f569e757 by security tracker role at 2021-08-03T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2021-3680
+ RESERVED
+CVE-2021-3679
+ RESERVED
+CVE-2021-3678
+ RESERVED
CVE-2021-37931
RESERVED
CVE-2021-37930
@@ -207,10 +213,10 @@ CVE-2021-37835
RESERVED
CVE-2021-37834
RESERVED
-CVE-2021-37833
- RESERVED
-CVE-2021-37832
- RESERVED
+CVE-2021-37833 (A reflected cross-site scripting (XSS) vulnerability exists in multipl ...)
+ TODO: check
+CVE-2021-37832 (A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid w ...)
+ TODO: check
CVE-2021-37831
RESERVED
CVE-2021-37830
@@ -783,12 +789,12 @@ CVE-2021-37560
RESERVED
CVE-2021-37559
RESERVED
-CVE-2021-37558
- RESERVED
-CVE-2021-37557
- RESERVED
-CVE-2021-37556
- RESERVED
+CVE-2021-37558 (A SQL injection vulnerability in a MediaWiki script in Centreon before ...)
+ TODO: check
+CVE-2021-37557 (A SQL injection vulnerability in image generation in Centreon before 2 ...)
+ TODO: check
+CVE-2021-37556 (A SQL injection vulnerability in reporting export in Centreon before 2 ...)
+ TODO: check
CVE-2021-37555 (TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell a ...)
NOT-FOR-US: TX9 Automatic Food Dispenser
CVE-2021-37554
@@ -2535,8 +2541,8 @@ CVE-2021-36765
RESERVED
CVE-2021-36764
RESERVED
-CVE-2021-36763
- RESERVED
+CVE-2021-36763 (In CODESYS V3 web server before 3.5.17.10, files or directories are ac ...)
+ TODO: check
CVE-2021-36762
RESERVED
CVE-2021-36761
@@ -2695,12 +2701,12 @@ CVE-2021-36705
RESERVED
CVE-2021-36704
RESERVED
-CVE-2021-36703
- RESERVED
-CVE-2021-36702
- RESERVED
-CVE-2021-36701
- RESERVED
+CVE-2021-36703 (The "blog title" field in the "Settings" menu "config" page of "dashbo ...)
+ TODO: check
+CVE-2021-36702 (The "content" field in the "regular post" page of the "add content" me ...)
+ TODO: check
+CVE-2021-36701 (In htmly version 2.8.1, is vulnerable to an Arbitrary File Deletion on ...)
+ TODO: check
CVE-2021-36700
RESERVED
CVE-2021-36699
@@ -2793,8 +2799,8 @@ CVE-2021-36656
RESERVED
CVE-2021-36655
RESERVED
-CVE-2021-36654
- RESERVED
+CVE-2021-36654 (CMSuno 1.7 is vulnerable to an authenticated stored cross site scripti ...)
+ TODO: check
CVE-2021-36653
RESERVED
CVE-2021-36652
@@ -2855,10 +2861,10 @@ CVE-2021-36625
RESERVED
CVE-2021-36624 (Sourcecodester Phone Shop Sales Managements System version 1.0 suffers ...)
NOT-FOR-US: Sourcecodester
-CVE-2021-36623
- RESERVED
-CVE-2021-36622
- RESERVED
+CVE-2021-36623 (Arbitrary File Upload in Sourcecodester Phone Shop Sales Management Sy ...)
+ TODO: check
+CVE-2021-36622 (Sourcecodester Online Covid Vaccination Scheduler System 1.0 is affect ...)
+ TODO: check
CVE-2021-36621 (Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulner ...)
NOT-FOR-US: Sourcecodester
CVE-2021-36620
@@ -3015,10 +3021,10 @@ CVE-2021-36545
RESERVED
CVE-2021-36544
RESERVED
-CVE-2021-36543
- RESERVED
-CVE-2021-36542
- RESERVED
+CVE-2021-36543 (Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.UnlockDo ...)
+ TODO: check
+CVE-2021-36542 (Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.LockDocu ...)
+ TODO: check
CVE-2021-36541
RESERVED
CVE-2021-36540
@@ -3352,7 +3358,7 @@ CVE-2021-36381 (In Edifecs Transaction Management through 2021-07-12, an unauthe
CVE-2021-36380
RESERVED
CVE-2021-36379
- RESERVED
+ REJECTED
CVE-2021-36378
RESERVED
CVE-2021-36377 (Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname ...)
@@ -3835,14 +3841,14 @@ CVE-2021-36161
RESERVED
CVE-2021-36160
RESERVED
-CVE-2021-36159
- RESERVED
+CVE-2021-36159 (libfetch before 2021-07-26, as used in apk-tools, xbps, and other prod ...)
+ TODO: check
CVE-2021-36158 (In the xrdp package (in branches through 3.14) for Alpine Linux, RDP s ...)
- xrdp <not-affected> (xrdp as packaged in Alpine)
-CVE-2021-36157
- RESERVED
-CVE-2021-36156
- RESERVED
+CVE-2021-36157 (An issue was discovered in Grafana Cortex through 1.9.0. The header va ...)
+ TODO: check
+CVE-2021-36156 (An issue was discovered in Grafana Loki through 2.2.1. The header valu ...)
+ TODO: check
CVE-2021-36155 (LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier allocates ...)
NOT-FOR-US: gRPC Swift
CVE-2021-36154 (HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows remot ...)
@@ -5764,8 +5770,8 @@ CVE-2021-35345
RESERVED
CVE-2021-35344
RESERVED
-CVE-2021-35343
- RESERVED
+CVE-2021-35343 (Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.Ajax.php ...)
+ TODO: check
CVE-2021-35342
RESERVED
CVE-2021-35341
@@ -5926,8 +5932,8 @@ CVE-2021-35267
RESERVED
CVE-2021-35266
RESERVED
-CVE-2021-35265
- RESERVED
+CVE-2021-35265 (A reflected cross-site scripting (XSS) vulnerability in MaxSite CMS be ...)
+ TODO: check
CVE-2021-35264
RESERVED
CVE-2021-35263
@@ -10026,10 +10032,10 @@ CVE-2021-33488
RESERVED
CVE-2021-33487
RESERVED
-CVE-2021-33486
- RESERVED
-CVE-2021-33485
- RESERVED
+CVE-2021-33486 (All versions of the CODESYS V3 Runtime Toolkit for VxWorks from versio ...)
+ TODO: check
+CVE-2021-33485 (CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffe ...)
+ TODO: check
CVE-2021-3562
RESERVED
CVE-2021-33484
@@ -10351,28 +10357,28 @@ CVE-2021-33332
RESERVED
CVE-2021-33331
RESERVED
-CVE-2021-33330
- RESERVED
+CVE-2021-33330 (Liferay Portal 7.2.0 through 7.3.2, and Liferay DXP 7.2 before fix pac ...)
+ TODO: check
CVE-2021-33329
RESERVED
-CVE-2021-33328
- RESERVED
-CVE-2021-33327
- RESERVED
-CVE-2021-33326
- RESERVED
-CVE-2021-33325
- RESERVED
-CVE-2021-33324
- RESERVED
-CVE-2021-33323
- RESERVED
-CVE-2021-33322
- RESERVED
-CVE-2021-33321
- RESERVED
-CVE-2021-33320
- RESERVED
+CVE-2021-33328 (Cross-site scripting (XSS) vulnerability in the Asset module's edit vo ...)
+ TODO: check
+CVE-2021-33327 (The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3 ...)
+ TODO: check
+CVE-2021-33326 (Cross-site scripting (XSS) vulnerability in the Frontend JS module in ...)
+ TODO: check
+CVE-2021-33325 (The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Li ...)
+ TODO: check
+CVE-2021-33324 (The Layout module in Liferay Portal 7.1.0 through 7.3.1, and Liferay D ...)
+ TODO: check
+CVE-2021-33323 (The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, ...)
+ TODO: check
+CVE-2021-33322 (In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.0 before fix pa ...)
+ TODO: check
+CVE-2021-33321 (Insecure default configuration in Liferay Portal 6.2.3 through 7.3.2, ...)
+ TODO: check
+CVE-2021-33320 (The Flags module in Liferay Portal 7.3.1 and earlier, and Liferay DXP ...)
+ TODO: check
CVE-2021-33319
RESERVED
CVE-2021-33318
@@ -11567,8 +11573,8 @@ CVE-2021-32816 (ProtonMail Web Client is the official AngularJS web client for t
NOT-FOR-US: ProtonMail Web Client
CVE-2021-32815
RESERVED
-CVE-2021-32814
- RESERVED
+CVE-2021-32814 (Skytable is a NoSQL database with automated snapshots and TLS. Version ...)
+ TODO: check
CVE-2021-32813
RESERVED
CVE-2021-32812 (Monkshu is an enterprise application server for mobile apps (iOS and A ...)
@@ -11589,8 +11595,8 @@ CVE-2021-32805
RESERVED
CVE-2021-32804
RESERVED
-CVE-2021-32803
- RESERVED
+CVE-2021-32803 (The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4 ...)
+ TODO: check
CVE-2021-32802
RESERVED
CVE-2021-32801
@@ -11672,8 +11678,8 @@ CVE-2021-32773 (Racket is a general-purpose programming language and an ecosyste
[buster] - racket <no-dsa> (Minor issue)
[stretch] - racket <no-dsa> (Minor issue)
NOTE: https://github.com/racket/racket/security/advisories/GHSA-cgrw-p7p7-937c
-CVE-2021-32772
- RESERVED
+CVE-2021-32772 (Poddycast is a podcast app made with Electron. Prior to version 0.8.1, ...)
+ TODO: check
CVE-2021-32771
RESERVED
CVE-2021-32770 (Gatsby is a framework for building websites. The gatsby-source-wordpre ...)
@@ -13516,12 +13522,12 @@ CVE-2021-32020 (The kernel in Amazon Web Services FreeRTOS before 10.4.3 has ins
NOT-FOR-US: kernel in Amazon Web Services FreeRTOS
CVE-2021-32019 (There is missing input validation of host names displayed in OpenWrt b ...)
TODO: check
-CVE-2021-32018
- RESERVED
-CVE-2021-32017
- RESERVED
-CVE-2021-32016
- RESERVED
+CVE-2021-32018 (An issue was discovered in JUMP AMS 3.6.0.04.009-2487. The JUMP SOAP A ...)
+ TODO: check
+CVE-2021-32017 (An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP end ...)
+ TODO: check
+CVE-2021-32016 (An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP end ...)
+ TODO: check
CVE-2021-32015 (In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local authenticated mal ...)
NOT-FOR-US: Nuvoton NPCT75x TPM 1.2 firmware
CVE-2021-32014 (SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a den ...)
@@ -14610,8 +14616,8 @@ CVE-2021-31632
RESERVED
CVE-2021-31631
RESERVED
-CVE-2021-31630
- RESERVED
+CVE-2021-31630 (Command Injection in Open PLC Webserver v3 allows remote attackers to ...)
+ TODO: check
CVE-2021-31629
RESERVED
CVE-2021-31628
@@ -14990,10 +14996,10 @@ CVE-2021-31506 (This vulnerability allows remote attackers to disclose sensitive
NOT-FOR-US: OpenText Brava! Desktop
CVE-2021-31505 (This vulnerability allows attackers with physical access to escalate p ...)
NOT-FOR-US: Arlo Q Plus
-CVE-2021-31504
- RESERVED
-CVE-2021-31503
- RESERVED
+CVE-2021-31504 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2021-31503 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
CVE-2021-31502 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: OpenText Brava! Desktop
CVE-2021-31501 (This vulnerability allows remote attackers to disclose sensitive infor ...)
@@ -17275,28 +17281,22 @@ CVE-2021-30565
RESERVED
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30564
- RESERVED
+CVE-2021-30564 (Heap buffer overflow in WebXR in Google Chrome prior to 91.0.4472.164 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30563
- RESERVED
+CVE-2021-30563 (Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30562
- RESERVED
+CVE-2021-30562 (Use after free in WebSerial in Google Chrome prior to 91.0.4472.164 al ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30561
- RESERVED
+CVE-2021-30561 (Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30560
- RESERVED
+CVE-2021-30560 (Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 a ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30559
- RESERVED
+CVE-2021-30559 (Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.164 a ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30558
@@ -17356,8 +17356,7 @@ CVE-2021-30543 (Use after free in Tab Strip in Google Chrome prior to 91.0.4472.
CVE-2021-30542 (Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 all ...)
- chromium <unfixed> (bug #990079)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30541
- RESERVED
+CVE-2021-30541 (Use after free in V8 in Google Chrome prior to 91.0.4472.164 allowed a ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30540 (Incorrect security UI in payments in Google Chrome on Android prior to ...)
@@ -23874,12 +23873,12 @@ CVE-2019-25025 (The activerecord-session_store (aka Active Record Session Store)
NOTE: https://github.com/rails/activerecord-session_store/pull/151
CVE-2021-27955
RESERVED
-CVE-2021-27954
- RESERVED
-CVE-2021-27953
- RESERVED
-CVE-2021-27952
- RESERVED
+CVE-2021-27954 (A heap-based buffer overflow vulnerability exists on the ecobee3 lite ...)
+ TODO: check
+CVE-2021-27953 (A NULL pointer dereference vulnerability exists on the ecobee3 lite 4. ...)
+ TODO: check
+CVE-2021-27952 (Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.20 ...)
+ TODO: check
CVE-2021-27951
RESERVED
CVE-2021-27950 (A SQL injection vulnerability in azurWebEngine in Sita AzurCMS through ...)
@@ -23915,8 +23914,8 @@ CVE-2021-27944
RESERVED
CVE-2021-27943 (The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and E50x-E1 ...)
TODO: check
-CVE-2021-27942
- RESERVED
+CVE-2021-27942 (Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs allow a thre ...)
+ TODO: check
CVE-2021-27941 (Unconstrained Web access to the device's private encryption key in the ...)
NOT-FOR-US: eWeLink mobile application
CVE-2021-27940 (resources/public/js/orchestrator.js in openark orchestrator before 3.2 ...)
@@ -29303,19 +29302,19 @@ CVE-2021-25806
CVE-2021-25805
RESERVED
CVE-2021-25804 (A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Pl ...)
- {DSA-4834-1}
+ {DSA-4834-1 DLA-2728-1}
- vlc 3.0.12-1
NOTE: https://code.videolan.org/videolan/vlc-3.0/-/commit/a7f577ec26d35bbd7b2a3cda89d1b41bde69de9c (v3.0.12)
CVE-2021-25803 (A buffer overflow vulnerability in the vlc_input_attachment_New compon ...)
- {DSA-4834-1}
+ {DSA-4834-1 DLA-2728-1}
- vlc 3.0.12-1
NOTE: https://code.videolan.org/videolan/vlc-3.0/-/commit/56cbe9c4b59edbdc5e1bb2687992f3bbf492eccb (v3.0.12)
CVE-2021-25802 (A buffer overflow vulnerability in the AVI_ExtractSubtitle component o ...)
- {DSA-4834-1}
+ {DSA-4834-1 DLA-2728-1}
- vlc 3.0.12-1
NOTE: https://code.videolan.org/videolan/vlc-3.0/-/commit/0660acc3ab64d2c3ad99cae887a438f0648faa72 (v3.0.12)
CVE-2021-25801 (A buffer overflow vulnerability in the __Parse_indx component of Video ...)
- {DSA-4834-1}
+ {DSA-4834-1 DLA-2728-1}
- vlc 3.0.12-1
NOTE: https://code.videolan.org/videolan/vlc-3.0/-/commit/f5f8cc3ab8825f178de3f6714bfbff8b3f293fd2 (v3.0.12)
CVE-2021-25800
@@ -34682,7 +34681,8 @@ CVE-2021-23412 (All versions of package gitlogplus are vulnerable to Command Inj
NOT-FOR-US: Node gitlogplus
CVE-2021-23411 (Affected versions of this package are vulnerable to Cross-site Scripti ...)
NOT-FOR-US: Node anchorme
-CVE-2021-23410 (All versions of package msgpack are vulnerable to Deserialization of U ...)
+CVE-2021-23410
+ REJECTED
NOT-FOR-US: Node msgpack
CVE-2021-23409 (The package github.com/pires/go-proxyproto before 0.6.0 are vulnerable ...)
- golang-github-pires-go-proxyproto <unfixed> (bug #991498)
@@ -36958,26 +36958,26 @@ CVE-2021-22427 (There is a Heap-based Buffer Overflow Vulnerability in Huawei Sm
NOT-FOR-US: Huawei
CVE-2021-22426
RESERVED
-CVE-2021-22425
- RESERVED
-CVE-2021-22424
- RESERVED
-CVE-2021-22423
- RESERVED
-CVE-2021-22422
- RESERVED
-CVE-2021-22421
- RESERVED
-CVE-2021-22420
- RESERVED
-CVE-2021-22419
- RESERVED
-CVE-2021-22418
- RESERVED
-CVE-2021-22417
- RESERVED
-CVE-2021-22416
- RESERVED
+CVE-2021-22425 (A component of the HarmonyOS has a Double Free vulnerability. Local at ...)
+ TODO: check
+CVE-2021-22424 (A component of the HarmonyOS has a Kernel Memory Leakage Vulnerability ...)
+ TODO: check
+CVE-2021-22423 (A component of the HarmonyOS has a Out-of-bounds Write Vulnerability. ...)
+ TODO: check
+CVE-2021-22422 (A component of the HarmonyOS has a Integer Overflow or Wraparound vuln ...)
+ TODO: check
+CVE-2021-22421 (A component of the HarmonyOS has a Improper Privilege Management vulne ...)
+ TODO: check
+CVE-2021-22420 (A component of the HarmonyOS has a External Control of System or Confi ...)
+ TODO: check
+CVE-2021-22419 (A component of the HarmonyOS has a Insufficient Verification of Data A ...)
+ TODO: check
+CVE-2021-22418 (A component of the HarmonyOS has a Integer Overflow or Wraparound vuln ...)
+ TODO: check
+CVE-2021-22417 (A component of the HarmonyOS has a Data Processing Errors vulnerabilit ...)
+ TODO: check
+CVE-2021-22416 (A component of the HarmonyOS has a Data Processing Errors vulnerabilit ...)
+ TODO: check
CVE-2021-22415 (There is an Incorrect Calculation of Buffer Size Vulnerability in Huaw ...)
NOT-FOR-US: Huawei
CVE-2021-22414 (There is a Memory Buffer Errors Vulnerability in Huawei Smartphone.Suc ...)
@@ -37008,8 +37008,8 @@ CVE-2021-22402
RESERVED
CVE-2021-22401
RESERVED
-CVE-2021-22400
- RESERVED
+CVE-2021-22400 (Some Huawei Smartphones has an insufficient input validation vulnerabi ...)
+ TODO: check
CVE-2021-22399 (The Bluetooth function of some Huawei smartphones has a DoS vulnerabil ...)
NOT-FOR-US: Huawei
CVE-2021-22398 (There is a logic error vulnerability in several smartphones. The softw ...)
@@ -38786,18 +38786,18 @@ CVE-2021-21583
RESERVED
CVE-2021-21582
RESERVED
-CVE-2021-21581
- RESERVED
-CVE-2021-21580
- RESERVED
-CVE-2021-21579
- RESERVED
-CVE-2021-21578
- RESERVED
-CVE-2021-21577
- RESERVED
-CVE-2021-21576
- RESERVED
+CVE-2021-21581 (Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a cross-site scri ...)
+ TODO: check
+CVE-2021-21580 (Dell EMC iDRAC8 versions prior to 2.80.80.80 & Dell EMC iDRAC9 ver ...)
+ TODO: check
+CVE-2021-21579 (Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect ...)
+ TODO: check
+CVE-2021-21578 (Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect ...)
+ TODO: check
+CVE-2021-21577 (Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross ...)
+ TODO: check
+CVE-2021-21576 (Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross ...)
+ TODO: check
CVE-2021-21575
RESERVED
CVE-2021-21574 (Dell BIOSConnect feature contains a buffer overflow vulnerability. An ...)
@@ -138803,8 +138803,8 @@ CVE-2013-7474 (Windu CMS 2.2 allows XSS via the name parameter to admin/content/
NOT-FOR-US: Windu CMS
CVE-2013-7473 (Windu CMS 2.2 allows CSRF via admin/users/?mn=admin.message.error to a ...)
NOT-FOR-US: Windu CMS
-CVE-2019-14453
- RESERVED
+CVE-2019-14453 (An issue was discovered in Comelit "App lejos de casa (web)" 2.8.0. It ...)
+ TODO: check
CVE-2018-20953 (cPanel before 68.0.27 allows self XSS in the WHM listips interface (SE ...)
NOT-FOR-US: cPanel
CVE-2018-20952 (cPanel before 68.0.27 creates world-readable files during use of WHM A ...)
@@ -145093,7 +145093,7 @@ CVE-2019-12763 (The Security Camera CZ application through 1.6.8 for Android sto
CVE-2019-12762 (Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anoma ...)
NOT-FOR-US: Xiaomi Mi 5s Plus devices
CVE-2019-12761 (A code injection issue was discovered in PyXDG before 0.26 via crafted ...)
- {DLA-1819-1}
+ {DLA-2727-1 DLA-1819-1}
- pyxdg 0.26-1 (low; bug #930099)
[buster] - pyxdg <no-dsa> (Minor issue)
NOTE: https://snyk.io/vuln/SNYK-PYTHON-PYXDG-174562
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f569e757f061f08867b9148e860266d489290de0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f569e757f061f08867b9148e860266d489290de0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210803/23194e41/attachment.htm>
More information about the debian-security-tracker-commits
mailing list