[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Aug 4 21:10:35 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7e123170 by security tracker role at 2021-08-04T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2021-38113 (In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) t ...)
+ TODO: check
+CVE-2021-38112
+ RESERVED
+CVE-2021-38111 (The DEF CON 27 badge allows remote attackers to exploit a buffer overf ...)
+ TODO: check
+CVE-2021-38110
+ RESERVED
+CVE-2021-38109
+ RESERVED
+CVE-2021-38108
+ RESERVED
+CVE-2021-38107
+ RESERVED
+CVE-2021-38106
+ RESERVED
+CVE-2021-38105
+ RESERVED
+CVE-2021-38104
+ RESERVED
+CVE-2021-38103
+ RESERVED
+CVE-2021-38102
+ RESERVED
+CVE-2021-38101
+ RESERVED
+CVE-2021-38100
+ RESERVED
+CVE-2021-38099
+ RESERVED
+CVE-2021-38098
+ RESERVED
+CVE-2021-38097
+ RESERVED
+CVE-2021-38096
+ RESERVED
+CVE-2021-38095
+ RESERVED
+CVE-2021-38094
+ RESERVED
+CVE-2021-38093
+ RESERVED
+CVE-2021-38092
+ RESERVED
+CVE-2021-38091
+ RESERVED
+CVE-2021-38090
+ RESERVED
+CVE-2021-38089
+ RESERVED
+CVE-2021-3682
+ RESERVED
CVE-2021-38088
RESERVED
CVE-2021-38087
@@ -316,14 +368,14 @@ CVE-2021-37932
RESERVED
CVE-2021-3681
RESERVED
-CVE-2021-3680
- RESERVED
+CVE-2021-3680 (showdoc is vulnerable to Missing Cryptographic Step ...)
+ TODO: check
CVE-2021-3679
RESERVED
- linux <unfixed>
NOTE: https://git.kernel.org/linus/67f0d6d9883c13174669f88adac4f0ee656cc16a
-CVE-2021-3678
- RESERVED
+CVE-2021-3678 (showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random N ...)
+ TODO: check
CVE-2021-37931
RESERVED
CVE-2021-37930
@@ -1789,10 +1841,10 @@ CVE-2021-37234
RESERVED
CVE-2021-37233
RESERVED
-CVE-2021-37232
- RESERVED
-CVE-2021-37231
- RESERVED
+CVE-2021-37232 (A stack overflow vulnerability occurs in Atomicparsley 20210124.204813 ...)
+ TODO: check
+CVE-2021-37231 (A stack-buffer-overflow occurs in Atomicparsley 20210124.204813.840499 ...)
+ TODO: check
CVE-2021-37230
RESERVED
CVE-2021-37229
@@ -2868,10 +2920,10 @@ CVE-2021-36767
RESERVED
CVE-2021-36766 (Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable co ...)
NOT-FOR-US: Concrete5
-CVE-2021-36765
- RESERVED
-CVE-2021-36764
- RESERVED
+CVE-2021-36765 (In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests ma ...)
+ TODO: check
+CVE-2021-36764 (In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Derefe ...)
+ TODO: check
CVE-2021-36763 (In CODESYS V3 web server before 3.5.17.10, files or directories are ac ...)
NOT-FOR-US: CODESYS V3 web server
CVE-2021-36762
@@ -3472,8 +3524,8 @@ CVE-2021-36485
RESERVED
CVE-2021-36484
RESERVED
-CVE-2021-36483
- RESERVED
+CVE-2021-36483 (DevExpress.XtraReports.UI through v21.1 allows attackers to execute ar ...)
+ TODO: check
CVE-2021-36482
RESERVED
CVE-2021-36481
@@ -4154,8 +4206,8 @@ CVE-2021-36170
RESERVED
CVE-2021-36169
RESERVED
-CVE-2021-36168
- RESERVED
+CVE-2021-36168 (A Improper Limitation of a Pathname to a Restricted Directory ('Path T ...)
+ TODO: check
CVE-2021-36167
RESERVED
CVE-2021-36166
@@ -5860,8 +5912,8 @@ CVE-2021-35465
RESERVED
CVE-2021-35464 (ForgeRock AM server before 7.0 has a Java deserialization vulnerabilit ...)
NOT-FOR-US: ForgeRock
-CVE-2021-35463
- RESERVED
+CVE-2021-35463 (Cross-site scripting (XSS) vulnerability in the Frontend Taglib module ...)
+ TODO: check
CVE-2021-35462
RESERVED
CVE-2021-35461
@@ -5993,8 +6045,8 @@ CVE-2021-35399
RESERVED
CVE-2021-35398
RESERVED
-CVE-2021-35397
- RESERVED
+CVE-2021-35397 (A path traversal vulnerability in the static router for Drogon from 1. ...)
+ TODO: check
CVE-2021-35396
RESERVED
CVE-2021-35395
@@ -7143,52 +7195,52 @@ CVE-2021-34855
RESERVED
CVE-2021-34854
RESERVED
-CVE-2021-34853
- RESERVED
-CVE-2021-34852
- RESERVED
-CVE-2021-34851
- RESERVED
-CVE-2021-34850
- RESERVED
-CVE-2021-34849
- RESERVED
-CVE-2021-34848
- RESERVED
-CVE-2021-34847
- RESERVED
-CVE-2021-34846
- RESERVED
-CVE-2021-34845
- RESERVED
-CVE-2021-34844
- RESERVED
-CVE-2021-34843
- RESERVED
-CVE-2021-34842
- RESERVED
-CVE-2021-34841
- RESERVED
-CVE-2021-34840
- RESERVED
-CVE-2021-34839
- RESERVED
-CVE-2021-34838
- RESERVED
-CVE-2021-34837
- RESERVED
-CVE-2021-34836
- RESERVED
-CVE-2021-34835
- RESERVED
-CVE-2021-34834
- RESERVED
-CVE-2021-34833
- RESERVED
-CVE-2021-34832
- RESERVED
-CVE-2021-34831
- RESERVED
+CVE-2021-34853 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2021-34852 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2021-34851 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2021-34850 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2021-34849 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2021-34848 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2021-34847 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2021-34846 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2021-34845 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2021-34844 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2021-34843 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2021-34842 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2021-34841 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2021-34840 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2021-34839 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2021-34838 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2021-34837 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2021-34836 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2021-34835 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2021-34834 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2021-34833 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2021-34832 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2021-34831 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
CVE-2021-34830 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
NOT-FOR-US: D-Link
CVE-2021-34829 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
@@ -7471,8 +7523,8 @@ CVE-2021-34709
RESERVED
CVE-2021-34708
RESERVED
-CVE-2021-34707
- RESERVED
+CVE-2021-34707 (A vulnerability in the REST API of Cisco Evolved Programmable Network ...)
+ TODO: check
CVE-2021-34706
RESERVED
CVE-2021-34705
@@ -7497,6 +7549,7 @@ CVE-2021-34696
RESERVED
CVE-2021-3605 [Heap buffer overflow in the rleUncompress function]
RESERVED
+ {DLA-2732-1}
- openexr <unfixed> (bug #990899)
[buster] - openexr <no-dsa> (Minor issue)
NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1036
@@ -10669,14 +10722,14 @@ CVE-2021-33341
RESERVED
CVE-2021-33340
RESERVED
-CVE-2021-33339
- RESERVED
-CVE-2021-33338
- RESERVED
-CVE-2021-33337
- RESERVED
-CVE-2021-33336
- RESERVED
+CVE-2021-33339 (Cross-site scripting (XSS) vulnerability in the Fragment module in Lif ...)
+ TODO: check
+CVE-2021-33338 (The Layout module in Liferay Portal 7.1.0 through 7.3.2, and Liferay D ...)
+ TODO: check
+CVE-2021-33337 (Cross-site scripting (XSS) vulnerability in the Document Library modul ...)
+ TODO: check
+CVE-2021-33336 (Cross-site scripting (XSS) vulnerability in the Journal module's add a ...)
+ TODO: check
CVE-2021-33335 (Privilege escalation vulnerability in Liferay Portal 7.0.3 through 7.3 ...)
NOT-FOR-US: Liferay
CVE-2021-33334 (The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, ...)
@@ -11950,8 +12003,8 @@ CVE-2021-32795 (ArchiSteamFarm is a C# application with primary purpose of idlin
NOT-FOR-US: ArchiSteamFarm
CVE-2021-32794 (ArchiSteamFarm is a C# application with primary purpose of idling Stea ...)
NOT-FOR-US: ArchiSteamFarm
-CVE-2021-32793
- RESERVED
+CVE-2021-32793 (Pi-hole's Web interface provides a central location to manage a Pi-hol ...)
+ TODO: check
CVE-2021-32792 (mod_auth_openidc is an authentication/authorization module for the Apa ...)
- libapache2-mod-auth-openidc 2.4.9-1 (bug #991580)
[buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
@@ -12190,8 +12243,8 @@ CVE-2021-32708 (Flysystem is an open source file storage library for PHP. The wh
NOT-FOR-US: Flysystem
CVE-2021-32707 (Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6 ...)
NOT-FOR-US: Nextcloud Mail
-CVE-2021-32706
- RESERVED
+CVE-2021-32706 (Pi-hole's Web interface provides a central location to manage a Pi-hol ...)
+ TODO: check
CVE-2021-32705 (Nextcloud Server is a Nextcloud package that handles data storage. In ...)
- nextcloud-server <itp> (bug #941708)
CVE-2021-32704 (DHIS 2 is an information system for data capture, management, validati ...)
@@ -12454,20 +12507,20 @@ CVE-2021-32598
RESERVED
CVE-2021-32597
RESERVED
-CVE-2021-32596
- RESERVED
+CVE-2021-32596 (A use of one-way hash with a predictable salt vulnerability in the pas ...)
+ TODO: check
CVE-2021-32595
RESERVED
-CVE-2021-32594
- RESERVED
+CVE-2021-32594 (An unrestricted file upload vulnerability in the web interface of Fort ...)
+ TODO: check
CVE-2021-32593
RESERVED
CVE-2021-32592
RESERVED
CVE-2021-32591
RESERVED
-CVE-2021-32590
- RESERVED
+CVE-2021-32590 (Multiple improper neutralization of special elements used in an SQL co ...)
+ TODO: check
CVE-2021-32589
RESERVED
CVE-2021-32588
@@ -12583,6 +12636,7 @@ CVE-2021-32560 (The Logging subsystem in OctoPrint before 1.6.0 has incorrect ac
CVE-2021-32559 (An integer overflow exists in pywin32 prior to version b301 when addin ...)
NOT-FOR-US: pywin32
CVE-2021-32558 (An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x ...)
+ {DLA-2729-1}
- asterisk <unfixed> (bug #991710)
NOTE: https://downloads.asterisk.org/pub/security/AST-2021-008.html
CVE-2021-32557 (It was discovered that the process_report() function in data/whoopsie- ...)
@@ -12811,10 +12865,10 @@ CVE-2021-32467
RESERVED
CVE-2021-32466
RESERVED
-CVE-2021-32465
- RESERVED
-CVE-2021-32464
- RESERVED
+CVE-2021-32465 (An incorrect permission preservation vulnerability in Trend Micro Apex ...)
+ TODO: check
+CVE-2021-32464 (An incorrect permission assignment privilege escalation vulnerability ...)
+ TODO: check
CVE-2021-32463 (An incorrect permission assignment denial-of-service vulnerability in ...)
NOT-FOR-US: Trend Micro
CVE-2021-32462 (Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below i ...)
@@ -19708,8 +19762,8 @@ CVE-2021-29767 (IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 could
NOT-FOR-US: IBM
CVE-2021-29766 (IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4. ...)
NOT-FOR-US: IBM
-CVE-2021-29765
- RESERVED
+CVE-2021-29765 (IBM PowerVM Hypervisor FW940 and FW950 could allow an attacker to obta ...)
+ TODO: check
CVE-2021-29764
RESERVED
CVE-2021-29763
@@ -28727,12 +28781,12 @@ CVE-2021-26100 (A missing cryptographic step in the Identity-Based Encryption se
NOT-FOR-US: Fortiguard
CVE-2021-26099 (Missing cryptographic steps in the Identity-Based Encryption service o ...)
NOT-FOR-US: FortiMail
-CVE-2021-26098
- RESERVED
-CVE-2021-26097
- RESERVED
-CVE-2021-26096
- RESERVED
+CVE-2021-26098 (An instance of small space of random values in the RPC API of FortiSan ...)
+ TODO: check
+CVE-2021-26097 (An improper neutralization of special elements used in an OS Command v ...)
+ TODO: check
+CVE-2021-26096 (Multiple instances of heap-based buffer overflow in the command shell ...)
+ TODO: check
CVE-2021-26095 (The combination of various cryptographic issues in the session managem ...)
NOT-FOR-US: FortiMail
CVE-2021-26094
@@ -33516,24 +33570,24 @@ CVE-2021-24020 (A missing cryptographic step in the implementation of the hash d
NOT-FOR-US: Fortiguard
CVE-2021-24019
RESERVED
-CVE-2021-24018
- RESERVED
+CVE-2021-24018 (A buffer underwrite vulnerability in the firmware verification routine ...)
+ TODO: check
CVE-2021-24017
RESERVED
CVE-2021-24016
RESERVED
CVE-2021-24015 (An improper neutralization of special elements used in an OS Command v ...)
NOT-FOR-US: Fortinet
-CVE-2021-24014
- RESERVED
+CVE-2021-24014 (Multiple instances of improper neutralization of input during web page ...)
+ TODO: check
CVE-2021-24013 (Multiple Path traversal vulnerabilities in the Webmail of FortiMail be ...)
NOT-FOR-US: Fortinet
CVE-2021-24012 (An improper following of a certificate's chain of trust vulnerability ...)
NOT-FOR-US: FortiGate
CVE-2021-24011 (A privilege escalation vulnerability in FortiNAC version below 8.8.2 m ...)
NOT-FOR-US: Fortiguard
-CVE-2021-24010
- RESERVED
+CVE-2021-24010 (Improper limitation of a pathname to a restricted directory vulnerabil ...)
+ TODO: check
CVE-2021-24009
RESERVED
CVE-2021-24008
@@ -37948,8 +38002,8 @@ CVE-2021-22126
RESERVED
CVE-2021-22125 (An instance of improper neutralization of special elements in the snif ...)
NOT-FOR-US: FortiSandbox
-CVE-2021-22124
- RESERVED
+CVE-2021-22124 (An uncontrolled resource consumption (denial of service) vulnerability ...)
+ TODO: check
CVE-2021-22123 (An OS command injection vulnerability in FortiWeb's management interfa ...)
NOT-FOR-US: FortiGuard
CVE-2021-22122 (An improper neutralization of input during web page generation in Fort ...)
@@ -43615,11 +43669,13 @@ CVE-2021-20304 [Undefined-shift in Imf_2_5::hufDecode]
NOTE: Negligible security impact
CVE-2021-20303 [Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer]
RESERVED
+ {DLA-2732-1}
- openexr 2.5.4-1
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25505
NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/831
CVE-2021-20302 [Floating-point-exception in Imf_2_5::precalculateTileInfot]
RESERVED
+ {DLA-2732-1}
- openexr 2.5.4-1
[buster] - openexr <ignored> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25894
@@ -43628,12 +43684,14 @@ CVE-2021-20301
RESERVED
CVE-2021-20300 [Integer-overflow in Imf_2_5::hufUncompress]
RESERVED
+ {DLA-2732-1}
- openexr 2.5.4-1
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25562
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/ed560b8a932c78d5e8e5990ce36fe7808b35d9f0 (master)
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d (2.5.x)
CVE-2021-20299 [Null-dereference READ in Imf_2_5::Header::operator]
RESERVED
+ {DLA-2732-1}
- openexr 2.5.4-1
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25740
NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/840
@@ -45593,7 +45651,7 @@ CVE-2020-35140
RESERVED
CVE-2020-35139
RESERVED
-CVE-2020-35138 (The MobileIron agents through 2021-03-22 for Android and iOS contain a ...)
+CVE-2020-35138 (** DISPUTED ** The MobileIron agents through 2021-03-22 for Android an ...)
NOT-FOR-US: MobileIron
CVE-2020-35137
REJECTED
@@ -49113,8 +49171,8 @@ CVE-2020-29013
RESERVED
CVE-2020-29012
RESERVED
-CVE-2020-29011
- RESERVED
+CVE-2020-29011 (Instances of SQL Injection vulnerabilities in the checksum search and ...)
+ TODO: check
CVE-2020-29010
RESERVED
CVE-2020-29009
@@ -50010,10 +50068,10 @@ CVE-2021-1612
RESERVED
CVE-2021-1611
RESERVED
-CVE-2021-1610
- RESERVED
-CVE-2021-1609
- RESERVED
+CVE-2021-1610 (Multiple vulnerabilities in the web-based management interface of the ...)
+ TODO: check
+CVE-2021-1609 (Multiple vulnerabilities in the web-based management interface of the ...)
+ TODO: check
CVE-2021-1608
RESERVED
CVE-2021-1607 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
@@ -50026,8 +50084,8 @@ CVE-2021-1604 (Multiple vulnerabilities in the web-based management interface of
NOT-FOR-US: Cisco
CVE-2021-1603 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
-CVE-2021-1602
- RESERVED
+CVE-2021-1602 (A vulnerability in the web-based management interface of Cisco Small B ...)
+ TODO: check
CVE-2021-1601 (Multiple vulnerabilities in Cisco Intersight Virtual Appliance could a ...)
NOT-FOR-US: Cisco
CVE-2021-1600 (Multiple vulnerabilities in Cisco Intersight Virtual Appliance could a ...)
@@ -50044,8 +50102,8 @@ CVE-2021-1595 (Multiple vulnerabilities in the Link Layer Discovery Protocol (LL
NOT-FOR-US: Cisco
CVE-2021-1594
RESERVED
-CVE-2021-1593
- RESERVED
+CVE-2021-1593 (A vulnerability in Cisco Packet Tracer for Windows could allow an auth ...)
+ TODO: check
CVE-2021-1592
RESERVED
CVE-2021-1591
@@ -50086,8 +50144,8 @@ CVE-2021-1574 (Multiple vulnerabilities in the web-based management interface of
NOT-FOR-US: Cisco
CVE-2021-1573
RESERVED
-CVE-2021-1572
- RESERVED
+CVE-2021-1572 (A vulnerability in ConfD could allow an authenticated, local attacker ...)
+ TODO: check
CVE-2021-1571 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
CVE-2021-1570 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...)
@@ -50186,8 +50244,8 @@ CVE-2021-1524 (A vulnerability in the API of Cisco Meeting Server could allow an
NOT-FOR-US: Cisco
CVE-2021-1523
RESERVED
-CVE-2021-1522
- RESERVED
+CVE-2021-1522 (A vulnerability in the change password API of Cisco Connected Mobile E ...)
+ TODO: check
CVE-2021-1521 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...)
NOT-FOR-US: Cisco
CVE-2021-1520 (A vulnerability in the internal message processing of Cisco RV340, RV3 ...)
@@ -62684,20 +62742,20 @@ CVE-2020-24829
RESERVED
CVE-2020-24828
RESERVED
-CVE-2020-24827
- RESERVED
-CVE-2020-24826
- RESERVED
-CVE-2020-24825
- RESERVED
-CVE-2020-24824
- RESERVED
-CVE-2020-24823
- RESERVED
-CVE-2020-24822
- RESERVED
-CVE-2020-24821
- RESERVED
+CVE-2020-24827 (A vulnerability in the dwarf::cursor::skip_form function of Libelfin v ...)
+ TODO: check
+CVE-2020-24826 (A vulnerability in the elf::section::as_strtab function of Libelfin v0 ...)
+ TODO: check
+CVE-2020-24825 (A vulnerability in the line_table::line_table function of Libelfin v0. ...)
+ TODO: check
+CVE-2020-24824 (A global buffer overflow issue in the dwarf::line_table::line_table fu ...)
+ TODO: check
+CVE-2020-24823 (A vulnerability in the dwarf::to_string function of Libelfin v0.3 allo ...)
+ TODO: check
+CVE-2020-24822 (A vulnerability in the dwarf::cursor::uleb function of Libelfin v0.3 a ...)
+ TODO: check
+CVE-2020-24821 (A vulnerability in the dwarf::cursor::skip_form function of Libelfin v ...)
+ TODO: check
CVE-2020-24820
RESERVED
CVE-2020-24819
@@ -74440,7 +74498,7 @@ CVE-2020-19205
RESERVED
CVE-2020-19204 (An authenticated Stored Cross-Site Scriptiong (XSS) vulnerability exis ...)
NOT-FOR-US: IPFire
-CVE-2020-19203 (Netgate pfSense Community Edition 2.4.4 - p2 (arm64) is affected by: C ...)
+CVE-2020-19203 (An authenticated Cross-Site Scripting (XSS) vulnerability was found in ...)
NOT-FOR-US: Netgate pfSense Community Edition
CVE-2020-19202 (An authenticated Stored XSS (Cross-site Scripting) exists in the "capt ...)
NOT-FOR-US: IPFire
@@ -87254,7 +87312,7 @@ CVE-2020-13882 (CISOfy Lynis before 3.0.0 has Incorrect Access Control because o
NOTE: https://github.com/CISOfy/lynis/pull/594
NOTE: https://github.com/CISOfy/lynis/commit/5b09da0d9878096d45f04b858c4f65e674369ab4
CVE-2020-13881 (In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared se ...)
- {DLA-2239-1}
+ {DLA-2730-1 DLA-2239-1}
- libpam-tacplus 1.3.8-2.1 (low; bug #962830)
[buster] - libpam-tacplus <no-dsa> (Minor issue)
[stretch] - libpam-tacplus <no-dsa> (Minor issue)
@@ -112595,8 +112653,8 @@ CVE-2020-4709
RESERVED
CVE-2020-4708 (IBM Security Trusteer Pinpoint Detect 11.6.5 could disclose some infor ...)
NOT-FOR-US: IBM
-CVE-2020-4707
- RESERVED
+CVE-2020-4707 (IBM API Connect 5.0.0.0 through 5.0.8.11 is vulnerable to cross-site s ...)
+ TODO: check
CVE-2020-4706
RESERVED
CVE-2020-4705 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 a ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e123170531c901150247354264398baf59c0054
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e123170531c901150247354264398baf59c0054
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210804/bf869e20/attachment.htm>
More information about the debian-security-tracker-commits
mailing list