[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Aug 12 21:10:31 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0e982159 by security tracker role at 2021-08-12T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2021-38610
+ RESERVED
+CVE-2021-38609
+ RESERVED
+CVE-2021-38608
+ RESERVED
+CVE-2021-38607
+ RESERVED
+CVE-2021-38606 (reNgine through 0.5 relies on a predictable directory name. ...)
+ TODO: check
+CVE-2021-38605
+ RESERVED
+CVE-2021-38604 (In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/s ...)
+ TODO: check
+CVE-2021-38603
+ RESERVED
+CVE-2021-38602
+ RESERVED
+CVE-2021-38601
+ RESERVED
+CVE-2021-38600
+ RESERVED
+CVE-2021-38599 (WAL-G before 1.1, when a non-libsodium build (e.g., one of the officia ...)
+ TODO: check
+CVE-2021-38598
+ RESERVED
+CVE-2021-38597 (wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain si ...)
+ TODO: check
+CVE-2021-38596
+ RESERVED
+CVE-2021-38595
+ RESERVED
+CVE-2021-38594
+ RESERVED
CVE-2021-38593 (Qt 5.0.0 through 6.1.2 has an out-of-bounds write in QOutlineMapper::c ...)
- qtbase-opensource-src <unfixed>
- qtbase-opensource-src-gles <unfixed>
@@ -657,8 +691,8 @@ CVE-2021-38293
RESERVED
CVE-2021-38292
RESERVED
-CVE-2021-38291
- RESERVED
+CVE-2021-38291 (FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) s ...)
+ TODO: check
CVE-2021-38290 (A host header attack vulnerability exists in FUEL CMS 1.5.0 through fu ...)
NOT-FOR-US: FUEL CMS
CVE-2021-38289
@@ -1214,12 +1248,12 @@ CVE-2021-3682 (A flaw was found in the USB redirector device emulation of QEMU i
NOTE: https://gitlab.com/qemu-project/qemu/-/issues/491
NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/b2d1fe67d09d2b6c7da647fbcea6ca0148c206d3 (v1.4.0-rc0)
NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/5e796671e6b8d5de4b0b423dce1b3eba144a92c9 (v6.1.0-rc2)
-CVE-2021-38088
- RESERVED
-CVE-2021-38087
- RESERVED
-CVE-2021-38086
- RESERVED
+CVE-2021-38088 (Acronis Cyber Protect 15 for Windows prior to build 27009 allowed loca ...)
+ TODO: check
+CVE-2021-38087 (Reflected cross-site scripting (XSS) was possible on the login page in ...)
+ TODO: check
+CVE-2021-38086 (Acronis Cyber Protect 15 for Windows prior to build 27009 and Acronis ...)
+ TODO: check
CVE-2021-38085 (The Canon TR150 print driver through 3.71.2.10 is vulnerable to a priv ...)
NOT-FOR-US: Canon
CVE-2021-38084 (An issue was discovered in the POP3 component of Courier Mail Server b ...)
@@ -1730,8 +1764,8 @@ CVE-2021-37843 (The resolution SAML SSO apps for Atlassian products allow a remo
NOT-FOR-US: resolution SAML SSO apps for Atlassian products
CVE-2021-37842
RESERVED
-CVE-2021-37841
- RESERVED
+CVE-2021-37841 (Docker Desktop before 3.6.0 suffers from incorrect access control. If ...)
+ TODO: check
CVE-2021-37840 (aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking (CSWH) in ...)
NOT-FOR-US: aaPanel
CVE-2021-37839
@@ -2126,8 +2160,8 @@ CVE-2021-37662
RESERVED
CVE-2021-37661
RESERVED
-CVE-2021-37660
- RESERVED
+CVE-2021-37660 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
CVE-2021-37659
RESERVED
CVE-2021-37658
@@ -2140,42 +2174,42 @@ CVE-2021-37655
RESERVED
CVE-2021-37654
RESERVED
-CVE-2021-37653
- RESERVED
+CVE-2021-37653 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
CVE-2021-37652
RESERVED
CVE-2021-37651
RESERVED
CVE-2021-37650
RESERVED
-CVE-2021-37649
- RESERVED
+CVE-2021-37649 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
CVE-2021-37648
RESERVED
-CVE-2021-37647
- RESERVED
+CVE-2021-37647 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
CVE-2021-37646
RESERVED
CVE-2021-37645
RESERVED
CVE-2021-37644
RESERVED
-CVE-2021-37643
- RESERVED
-CVE-2021-37642
- RESERVED
+CVE-2021-37643 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37642 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
CVE-2021-37641
RESERVED
-CVE-2021-37640
- RESERVED
-CVE-2021-37639
- RESERVED
-CVE-2021-37638
- RESERVED
-CVE-2021-37637
- RESERVED
-CVE-2021-37636
- RESERVED
+CVE-2021-37640 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37639 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37638 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37637 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37636 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
CVE-2021-37635
RESERVED
CVE-2021-37634 (Leafkit is a templating language with Swift-inspired syntax. Versions ...)
@@ -3064,8 +3098,8 @@ CVE-2021-37224
RESERVED
CVE-2021-37223
RESERVED
-CVE-2021-37222
- RESERVED
+CVE-2021-37222 (Parsers in the open source project RCDCAP before 1.0.5 allow remote at ...)
+ TODO: check
CVE-2021-37221
RESERVED
CVE-2021-37220 (MuPDF through 1.18.1 has an out-of-bounds write because the cached col ...)
@@ -3572,8 +3606,8 @@ CVE-2021-36984
RESERVED
CVE-2021-36983 (replay-sorcery-kms in Replay Sorcery 0.6.0 allows a local attacker to ...)
NOT-FOR-US: ReplaySorcery
-CVE-2021-36982
- RESERVED
+CVE-2021-36982 (AIMANAGER before B115 on MONITORAPP Application Insight Web Applicatio ...)
+ TODO: check
CVE-2021-36981
RESERVED
CVE-2021-3655 (A vulnerability was found in the Linux kernel in versions before v5.14 ...)
@@ -3658,8 +3692,8 @@ CVE-2021-36960
RESERVED
CVE-2021-36959
RESERVED
-CVE-2021-36958
- RESERVED
+CVE-2021-36958 (Windows Print Spooler Remote Code Execution Vulnerability This CVE ID ...)
+ TODO: check
CVE-2021-36957
RESERVED
CVE-2021-36956
@@ -3674,44 +3708,44 @@ CVE-2021-36952
RESERVED
CVE-2021-36951
RESERVED
-CVE-2021-36950
- RESERVED
-CVE-2021-36949
- RESERVED
-CVE-2021-36948
- RESERVED
-CVE-2021-36947
- RESERVED
-CVE-2021-36946
- RESERVED
-CVE-2021-36945
- RESERVED
+CVE-2021-36950 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
+ TODO: check
+CVE-2021-36949 (Microsoft Azure Active Directory Connect Authentication Bypass Vulnera ...)
+ TODO: check
+CVE-2021-36948 (Windows Update Medic Service Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-36947 (Windows Print Spooler Remote Code Execution Vulnerability This CVE ID ...)
+ TODO: check
+CVE-2021-36946 (Microsoft Dynamics Business Central Cross-site Scripting Vulnerability ...)
+ TODO: check
+CVE-2021-36945 (Windows 10 Update Assistant Elevation of Privilege Vulnerability ...)
+ TODO: check
CVE-2021-36944
RESERVED
-CVE-2021-36943
- RESERVED
-CVE-2021-36942
- RESERVED
-CVE-2021-36941
- RESERVED
-CVE-2021-36940
- RESERVED
+CVE-2021-36943 (Azure CycleCloud Elevation of Privilege Vulnerability This CVE ID is u ...)
+ TODO: check
+CVE-2021-36942 (Windows LSA Spoofing Vulnerability ...)
+ TODO: check
+CVE-2021-36941 (Microsoft Word Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-36940 (Microsoft SharePoint Server Spoofing Vulnerability ...)
+ TODO: check
CVE-2021-36939
RESERVED
-CVE-2021-36938
- RESERVED
-CVE-2021-36937
- RESERVED
-CVE-2021-36936
- RESERVED
+CVE-2021-36938 (Windows Cryptographic Primitives Library Information Disclosure Vulner ...)
+ TODO: check
+CVE-2021-36937 (Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-36936 (Windows Print Spooler Remote Code Execution Vulnerability This CVE ID ...)
+ TODO: check
CVE-2021-36935
RESERVED
CVE-2021-36934 (Windows Elevation of Privilege Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2021-36933
- RESERVED
-CVE-2021-36932
- RESERVED
+CVE-2021-36933 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...)
+ TODO: check
+CVE-2021-36932 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...)
+ TODO: check
CVE-2021-36931
RESERVED
CVE-2021-36930
@@ -3720,10 +3754,10 @@ CVE-2021-36929
RESERVED
CVE-2021-36928
RESERVED
-CVE-2021-36927
- RESERVED
-CVE-2021-36926
- RESERVED
+CVE-2021-36927 (Windows Digital TV Tuner device registration application Elevation of ...)
+ TODO: check
+CVE-2021-36926 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...)
+ TODO: check
CVE-2021-36925
RESERVED
CVE-2021-36924
@@ -3732,8 +3766,8 @@ CVE-2021-36923
RESERVED
CVE-2021-36922
RESERVED
-CVE-2021-36921
- RESERVED
+CVE-2021-36921 (AIMANAGER before B115 on MONITORAPP Application Insight Web Applicatio ...)
+ TODO: check
CVE-2021-36920
RESERVED
CVE-2021-36919
@@ -6033,8 +6067,8 @@ CVE-2021-35957 (Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does
NOT-FOR-US: Stormshield Endpoint Security Evolution
CVE-2021-35956 (Stored cross-site scripting (XSS) in the embedded webserver of AKCP se ...)
NOT-FOR-US: AKCP sensorProbe
-CVE-2021-35955
- RESERVED
+CVE-2021-35955 (Contao >=4.0.0 allows backend XSS via HTML attributes to an HTML fi ...)
+ TODO: check
CVE-2021-35954
RESERVED
CVE-2021-35953
@@ -9228,22 +9262,22 @@ CVE-2021-34538
RESERVED
CVE-2019-25046 (The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11 ...)
NOT-FOR-US: Cerberus FTP Server Enterprise
-CVE-2021-34537
- RESERVED
-CVE-2021-34536
- RESERVED
-CVE-2021-34535
- RESERVED
-CVE-2021-34534
- RESERVED
-CVE-2021-34533
- RESERVED
-CVE-2021-34532
- RESERVED
+CVE-2021-34537 (Windows Bluetooth Driver Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-34536 (Storage Spaces Controller Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-34535 (Remote Desktop Client Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-34534 (Windows MSHTML Platform Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-34533 (Windows Graphics Component Font Parsing Remote Code Execution Vulnerab ...)
+ TODO: check
+CVE-2021-34532 (ASP.NET Core and Visual Studio Information Disclosure Vulnerability ...)
+ TODO: check
CVE-2021-34531
RESERVED
-CVE-2021-34530
- RESERVED
+CVE-2021-34530 (Windows Graphics Component Remote Code Execution Vulnerability ...)
+ TODO: check
CVE-2021-34529 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...)
NOT-FOR-US: Microsoft
CVE-2021-34528 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...)
@@ -9254,8 +9288,8 @@ CVE-2021-34526
RESERVED
CVE-2021-34525 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...)
NOT-FOR-US: Microsoft
-CVE-2021-34524
- RESERVED
+CVE-2021-34524 (Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerabili ...)
+ TODO: check
CVE-2021-34523 (Microsoft Exchange Server Elevation of Privilege Vulnerability This CV ...)
NOT-FOR-US: Microsoft
CVE-2021-34522 (Microsoft Defender Remote Code Execution Vulnerability This CVE ID is ...)
@@ -9328,26 +9362,26 @@ CVE-2021-34489 (DirectWrite Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-34488 (Windows Console Driver Elevation of Privilege Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2021-34487
- RESERVED
-CVE-2021-34486
- RESERVED
-CVE-2021-34485
- RESERVED
-CVE-2021-34484
- RESERVED
-CVE-2021-34483
- RESERVED
+CVE-2021-34487 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
+ TODO: check
+CVE-2021-34486 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
+ TODO: check
+CVE-2021-34485 (.NET Core and Visual Studio Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2021-34484 (Windows User Profile Service Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-34483 (Windows Print Spooler Elevation of Privilege Vulnerability ...)
+ TODO: check
CVE-2021-34482
RESERVED
CVE-2021-34481 (Windows Print Spooler Elevation of Privilege Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2021-34480
- RESERVED
+CVE-2021-34480 (Scripting Engine Memory Corruption Vulnerability ...)
+ TODO: check
CVE-2021-34479 (Microsoft Visual Studio Spoofing Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2021-34478
- RESERVED
+CVE-2021-34478 (Microsoft Office Remote Code Execution Vulnerability ...)
+ TODO: check
CVE-2021-34477 (Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-34476 (Bowser.sys Denial of Service Vulnerability ...)
@@ -9360,8 +9394,8 @@ CVE-2021-34473 (Microsoft Exchange Server Remote Code Execution Vulnerability Th
NOT-FOR-US: Microsoft
CVE-2021-34472
RESERVED
-CVE-2021-34471
- RESERVED
+CVE-2021-34471 (Microsoft Windows Defender Elevation of Privilege Vulnerability ...)
+ TODO: check
CVE-2021-34470 (Microsoft Exchange Server Elevation of Privilege Vulnerability This CV ...)
NOT-FOR-US: Microsoft
CVE-2021-34469 (Microsoft Office Security Feature Bypass Vulnerability ...)
@@ -10992,8 +11026,8 @@ CVE-2021-33764 (Windows Key Distribution Center Information Disclosure Vulnerabi
NOT-FOR-US: Microsoft
CVE-2021-33763 (Windows Remote Access Connection Manager Information Disclosure Vulner ...)
NOT-FOR-US: Microsoft
-CVE-2021-33762
- RESERVED
+CVE-2021-33762 (Azure CycleCloud Elevation of Privilege Vulnerability This CVE ID is u ...)
+ TODO: check
CVE-2021-33761 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...)
NOT-FOR-US: Microsoft
CVE-2021-33760 (Media Foundation Information Disclosure Vulnerability ...)
@@ -13227,10 +13261,10 @@ CVE-2021-32811 (Zope is an open-source web application server. Zope versions pri
NOTE: only affects specific versions using Python3 with options enabled.
CVE-2021-32810 (crossbeam-deque is a package of work-stealing deques for building task ...)
TODO: check
-CVE-2021-32809
- RESERVED
-CVE-2021-32808
- RESERVED
+CVE-2021-32809 (ckeditor is an open source WYSIWYG HTML editor with rich content suppo ...)
+ TODO: check
+CVE-2021-32808 (ckeditor is an open source WYSIWYG HTML editor with rich content suppo ...)
+ TODO: check
CVE-2021-32807 (The module `AccessControl` defines security policies for Python code u ...)
NOT-FOR-US: Zope AccessControl
CVE-2021-32806 (Products.isurlinportal is a replacement for isURLInPortal method in Pl ...)
@@ -20486,7 +20520,7 @@ CVE-2021-29990
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29990
CVE-2021-29989
RESERVED
- {DSA-4956-1}
+ {DSA-4956-1 DLA-2740-1}
- firefox 91.0-1
- firefox-esr 78.13.0esr-1
- thunderbird <unfixed>
@@ -20495,7 +20529,7 @@ CVE-2021-29989
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29989
CVE-2021-29988
RESERVED
- {DSA-4956-1}
+ {DSA-4956-1 DLA-2740-1}
- firefox 91.0-1
- firefox-esr 78.13.0esr-1
- thunderbird <unfixed>
@@ -20510,7 +20544,7 @@ CVE-2021-29987
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29987
CVE-2021-29986
RESERVED
- {DSA-4956-1}
+ {DSA-4956-1 DLA-2740-1}
- firefox 91.0-1
- firefox-esr 78.13.0esr-1
- thunderbird <unfixed>
@@ -20519,7 +20553,7 @@ CVE-2021-29986
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29986
CVE-2021-29985
RESERVED
- {DSA-4956-1}
+ {DSA-4956-1 DLA-2740-1}
- firefox 91.0-1
- firefox-esr 78.13.0esr-1
- thunderbird <unfixed>
@@ -20528,7 +20562,7 @@ CVE-2021-29985
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29985
CVE-2021-29984
RESERVED
- {DSA-4956-1}
+ {DSA-4956-1 DLA-2740-1}
- firefox 91.0-1
- firefox-esr 78.13.0esr-1
- thunderbird <unfixed>
@@ -20553,7 +20587,7 @@ CVE-2021-29981
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29981
CVE-2021-29980
RESERVED
- {DSA-4956-1}
+ {DSA-4956-1 DLA-2740-1}
- firefox 91.0-1
- firefox-esr 78.13.0esr-1
- thunderbird <unfixed>
@@ -22008,6 +22042,7 @@ CVE-2021-29427 (In Gradle from version 5.1 and before version 7.0 there is a vul
CVE-2021-29426
RESERVED
CVE-2021-29425 (In Apache Commons IO before 2.7, When invoking the method FileNameUtil ...)
+ {DLA-2741-1}
- commons-io 2.8.0-1
NOTE: https://www.openwall.com/lists/oss-security/2021/04/12/1
NOTE: https://issues.apache.org/jira/browse/IO-556
@@ -25989,16 +26024,16 @@ CVE-2021-27796
RESERVED
CVE-2021-27795
RESERVED
-CVE-2021-27794
- RESERVED
-CVE-2021-27793
- RESERVED
-CVE-2021-27792
- RESERVED
-CVE-2021-27791
- RESERVED
-CVE-2021-27790
- RESERVED
+CVE-2021-27794 (A vulnerability in the authentication mechanism of Brocade Fabric OS v ...)
+ TODO: check
+CVE-2021-27793 (ntermittent authorization failure in aaa tacacs+ with Brocade Fabric O ...)
+ TODO: check
+CVE-2021-27792 (The command “ipfilter” in Brocade Fabric OS before Brocade ...)
+ TODO: check
+CVE-2021-27791 (The function that is used to parse the Authentication header in Brocad ...)
+ TODO: check
+CVE-2021-27790 (The command “ipfilter” in Brocade Fabric OS before Brocade ...)
+ TODO: check
CVE-2021-27789
RESERVED
CVE-2021-27788
@@ -29193,28 +29228,28 @@ CVE-2021-26435
RESERVED
CVE-2021-26434
RESERVED
-CVE-2021-26433
- RESERVED
-CVE-2021-26432
- RESERVED
-CVE-2021-26431
- RESERVED
-CVE-2021-26430
- RESERVED
-CVE-2021-26429
- RESERVED
-CVE-2021-26428
- RESERVED
+CVE-2021-26433 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...)
+ TODO: check
+CVE-2021-26432 (Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulne ...)
+ TODO: check
+CVE-2021-26431 (Windows Recovery Environment Agent Elevation of Privilege Vulnerabilit ...)
+ TODO: check
+CVE-2021-26430 (Azure Sphere Denial of Service Vulnerability ...)
+ TODO: check
+CVE-2021-26429 (Azure Sphere Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-26428 (Azure Sphere Information Disclosure Vulnerability ...)
+ TODO: check
CVE-2021-26427
RESERVED
-CVE-2021-26426
- RESERVED
-CVE-2021-26425
- RESERVED
-CVE-2021-26424
- RESERVED
-CVE-2021-26423
- RESERVED
+CVE-2021-26426 (Windows User Account Profile Picture Elevation of Privilege Vulnerabil ...)
+ TODO: check
+CVE-2021-26425 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
+ TODO: check
+CVE-2021-26424 (Windows TCP/IP Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-26423 (.NET Core and Visual Studio Denial of Service Vulnerability ...)
+ TODO: check
CVE-2021-26422 (Skype for Business and Lync Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-26421 (Skype for Business and Lync Spoofing Vulnerability ...)
@@ -44548,8 +44583,8 @@ CVE-2021-20511 (IBM Security Verify Access Docker 10.0.0 could allow a remote at
NOT-FOR-US: IBM
CVE-2021-20510 (IBM Security Verify Access Docker 10.0.0 stores user credentials in pl ...)
NOT-FOR-US: IBM
-CVE-2021-20509
- RESERVED
+CVE-2021-20509 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable ...)
+ TODO: check
CVE-2021-20508
RESERVED
CVE-2021-20507 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...)
@@ -44947,8 +44982,7 @@ CVE-2021-20316
RESERVED
CVE-2021-20315
RESERVED
-CVE-2021-20314 [Remote stack buffer overflow in libspf2]
- RESERVED
+CVE-2021-20314 (Stack buffer overflow in libspf2 versions below 1.2.11 when processing ...)
{DSA-4955-1 DLA-2739-1}
- libspf2 1.2.10-7.1
[bullseye] - libspf2 1.2.10-7.1~deb11u1
@@ -53112,7 +53146,8 @@ CVE-2020-28432
REJECTED
CVE-2020-28431
REJECTED
-CVE-2020-28430 (All versions of package nuance-gulp-build-common are vulnerable to Com ...)
+CVE-2020-28430
+ REJECTED
NOT-FOR-US: Node nuance-gulp-build-common
CVE-2020-28429 (All versions of package geojson2kml are vulnerable to Command Injectio ...)
NOT-FOR-US: Node geojson2kml
@@ -55260,8 +55295,8 @@ CVE-2020-28167
RESERVED
CVE-2020-28166
RESERVED
-CVE-2020-28165
- RESERVED
+CVE-2020-28165 (The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary f ...)
+ TODO: check
CVE-2020-28164
RESERVED
CVE-2020-28163
@@ -64734,8 +64769,8 @@ CVE-2020-24578 (An issue was discovered on D-Link DSL-2888A devices with firmwar
NOT-FOR-US: D-Link
CVE-2020-24577 (An issue was discovered on D-Link DSL-2888A devices with firmware prio ...)
NOT-FOR-US: D-Link
-CVE-2020-24576
- RESERVED
+CVE-2020-24576 (Netskope Client through 77 allows low-privileged users to elevate thei ...)
+ TODO: check
CVE-2020-24575
RESERVED
CVE-2020-24574 (The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.20 ...)
@@ -72301,20 +72336,20 @@ CVE-2020-20983
RESERVED
CVE-2020-20982
RESERVED
-CVE-2020-20981
- RESERVED
+CVE-2020-20981 (A SQL injection in the /admin/?n=logs&c=index&a=dolist compone ...)
+ TODO: check
CVE-2020-20980
RESERVED
-CVE-2020-20979
- RESERVED
+CVE-2020-20979 (An arbitrary file upload vulnerability in the move_uploaded_file() fun ...)
+ TODO: check
CVE-2020-20978
RESERVED
-CVE-2020-20977
- RESERVED
+CVE-2020-20977 (A stored cross site scripting (XSS) vulnerability in index.php/legend/ ...)
+ TODO: check
CVE-2020-20976
RESERVED
-CVE-2020-20975
- RESERVED
+CVE-2020-20975 (In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injectio ...)
+ TODO: check
CVE-2020-20974
RESERVED
CVE-2020-20973
@@ -77425,46 +77460,46 @@ CVE-2020-18466
RESERVED
CVE-2020-18465
RESERVED
-CVE-2020-18464
- RESERVED
-CVE-2020-18463
- RESERVED
-CVE-2020-18462
- RESERVED
+CVE-2020-18464 (Cross Site Request Forgery (CSRF) vulnerability in AikCms 2.0.0 in vid ...)
+ TODO: check
+CVE-2020-18463 (Cross Site Request Forgery (CSRF) vulnerability exists in v2.0.0 in vi ...)
+ TODO: check
+CVE-2020-18462 (File Upload vulnerabilty in AikCms v2.0.0 in poster_edit.php because t ...)
+ TODO: check
CVE-2020-18461
RESERVED
-CVE-2020-18460
- RESERVED
+CVE-2020-18460 (Cross Site Request Forgery (CSRF) vulnerability exists in 711cms v1.0. ...)
+ TODO: check
CVE-2020-18459
RESERVED
-CVE-2020-18458
- RESERVED
-CVE-2020-18457
- RESERVED
-CVE-2020-18456
- RESERVED
-CVE-2020-18455
- RESERVED
-CVE-2020-18454
- RESERVED
+CVE-2020-18458 (Cross Site Request Forgery (CSRF) vulnerability exists in DamiCMS v6.0 ...)
+ TODO: check
+CVE-2020-18457 (Cross Site Request Forgery (CSRF) vulnerability exists in bycms v1.3.0 ...)
+ TODO: check
+CVE-2020-18456 (Cross Site Scripting (XSS) vulnerability exists in PbootCMS v1.3.7 via ...)
+ TODO: check
+CVE-2020-18455 (Cross Site Scripting (XSS) vulnerability exists in bycms v3.0.4 via th ...)
+ TODO: check
+CVE-2020-18454 (Cross Site Request Forgery (CSRF) vulnerability in bycms v1.3 via admi ...)
+ TODO: check
CVE-2020-18453
RESERVED
CVE-2020-18452
RESERVED
-CVE-2020-18451
- RESERVED
+CVE-2020-18451 (Cross Site Scripting (XSS) vulnerability exists in DamiCMS v6.0.6 via ...)
+ TODO: check
CVE-2020-18450
RESERVED
-CVE-2020-18449
- RESERVED
+CVE-2020-18449 (Cross Site Scripting (XSS) vulnerability exists in UKCMS v1.1.10 via d ...)
+ TODO: check
CVE-2020-18448
RESERVED
CVE-2020-18447
RESERVED
-CVE-2020-18446
- RESERVED
-CVE-2020-18445
- RESERVED
+CVE-2020-18446 (Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via t ...)
+ TODO: check
+CVE-2020-18445 (Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via t ...)
+ TODO: check
CVE-2020-18444
RESERVED
CVE-2020-18443
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e98215960aaab4b4a4e56a04eedde850b1d5110
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e98215960aaab4b4a4e56a04eedde850b1d5110
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210812/eaa903fe/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list