[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Aug 30 21:10:31 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e3e6977d by security tracker role at 2021-08-30T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2021-40328
+ RESERVED
+CVE-2021-40327
+ RESERVED
+CVE-2021-40326
+ RESERVED
+CVE-2021-40325
+ RESERVED
+CVE-2021-40324
+ RESERVED
+CVE-2021-40323
+ RESERVED
+CVE-2021-40322
+ RESERVED
+CVE-2021-40321
+ RESERVED
+CVE-2021-40320
+ RESERVED
+CVE-2021-3750
+ RESERVED
+CVE-2021-3749
+ RESERVED
+CVE-2021-3748
+ RESERVED
CVE-2021-40319
RESERVED
CVE-2021-40318
@@ -4156,14 +4180,14 @@ CVE-2021-38395
RESERVED
CVE-2021-38394
RESERVED
-CVE-2021-38393
- RESERVED
+CVE-2021-38393 (A Blind SQL injection vulnerability exists in the /DataHandler/Handler ...)
+ TODO: check
CVE-2021-38392
RESERVED
-CVE-2021-38391
- RESERVED
-CVE-2021-38390
- RESERVED
+CVE-2021-38391 (A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_H ...)
+ TODO: check
+CVE-2021-38390 (A Blind SQL injection vulnerability exists in the /DataHandler/Handler ...)
+ TODO: check
CVE-2021-38389
RESERVED
CVE-2021-38388
@@ -4289,10 +4313,10 @@ CVE-2021-38345
RESERVED
CVE-2021-38344
RESERVED
-CVE-2021-38343
- RESERVED
-CVE-2021-38342
- RESERVED
+CVE-2021-38343 (The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to an Op ...)
+ TODO: check
+CVE-2021-38342 (The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to Cross ...)
+ TODO: check
CVE-2021-38341
RESERVED
CVE-2021-38340
@@ -5343,8 +5367,8 @@ CVE-2021-37913
RESERVED
CVE-2021-37912
RESERVED
-CVE-2021-37911
- RESERVED
+CVE-2021-37911 (The management interface of BenQ smart wireless conference projector d ...)
+ TODO: check
CVE-2021-37910
RESERVED
CVE-2021-37909
@@ -6420,18 +6444,18 @@ CVE-2021-37423
RESERVED
CVE-2021-37422
RESERVED
-CVE-2021-37421
- RESERVED
+CVE-2021-37421 (Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to a ...)
+ TODO: check
CVE-2021-37420
RESERVED
CVE-2021-37419
RESERVED
CVE-2021-37418
RESERVED
-CVE-2021-37417
- RESERVED
-CVE-2021-37416
- RESERVED
+CVE-2021-37417 (Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAP ...)
+ TODO: check
+CVE-2021-37416 (Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnera ...)
+ TODO: check
CVE-2021-37415
RESERVED
CVE-2021-37414
@@ -7358,7 +7382,7 @@ CVE-2021-36982 (AIMANAGER before B115 on MONITORAPP Application Insight Web Appl
NOT-FOR-US: MONITORAPP Application Insight Web Application Firewall (AIWAF) devices
CVE-2021-36981
RESERVED
-CVE-2021-3655 (A vulnerability was found in the Linux kernel in versions before v5.14 ...)
+CVE-2021-3655 (A vulnerability was found in the Linux kernel in versions prior to v5. ...)
- linux 5.10.46-3
CVE-2021-3654 [novnc allows open redirection]
RESERVED
@@ -8665,7 +8689,7 @@ CVE-2021-36421
RESERVED
CVE-2021-36420
RESERVED
-CVE-2021-3642 (A flaw was found in Wildfly Elytron where ScramServer may be susceptib ...)
+CVE-2021-3642 (A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final ...)
NOT-FOR-US: WildFly Elytron
CVE-2021-36419
RESERVED
@@ -8778,8 +8802,8 @@ CVE-2021-36372
RESERVED
CVE-2021-36371 (Emissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allo ...)
NOT-FOR-US: Emissary-Ingress (formerly Ambassador API Gateway)
-CVE-2021-36370
- RESERVED
+CVE-2021-36370 (An issue was discovered in Midnight Commander through 4.8.26. When est ...)
+ TODO: check
CVE-2021-36369
RESERVED
CVE-2021-36368
@@ -9870,8 +9894,8 @@ CVE-2021-3629
RESERVED
- undertow <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1977362
-CVE-2021-3628
- RESERVED
+CVE-2021-3628 (OpenKM Community Edition in its 6.3.10 version is vulnerable to authen ...)
+ TODO: check
CVE-2021-3627
RESERVED
CVE-2021-35940 (An out-of-bounds array read in the apr_time_exp*() functions was fixed ...)
@@ -11794,10 +11818,10 @@ CVE-2021-35063 (Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasi
[buster] - suricata <no-dsa> (Minor issue)
[stretch] - suricata <no-dsa> (Minor issue)
NOTE: https://forum.suricata.io/t/suricata-6-0-3-and-5-0-7-released/1489
-CVE-2021-35062
- RESERVED
-CVE-2021-35061
- RESERVED
+CVE-2021-35062 (A Shell Metacharacter Injection vulnerability in result.php in DRK Ode ...)
+ TODO: check
+CVE-2021-35061 (Multiple cross-site scripting (XSS) vulnerabilities in DRK Odenwaldkre ...)
+ TODO: check
CVE-2021-35060
RESERVED
CVE-2021-35059
@@ -12707,8 +12731,8 @@ CVE-2021-34670
RESERVED
CVE-2021-34669
RESERVED
-CVE-2021-34668
- RESERVED
+CVE-2021-34668 (The WordPress Real Media Library WordPress plugin is vulnerable to Sto ...)
+ TODO: check
CVE-2021-34667 (The Calendar_plugin WordPress plugin is vulnerable to Reflected Cross- ...)
NOT-FOR-US: WordPress plugin
CVE-2021-34666 (The Add Sidebar WordPress plugin is vulnerable to Reflected Cross-Site ...)
@@ -12751,8 +12775,8 @@ CVE-2021-34648
RESERVED
CVE-2021-34647
RESERVED
-CVE-2021-34646
- RESERVED
+CVE-2021-34646 (Versions up to, and including, 5.4.3, of the Booster for WooCommerce W ...)
+ TODO: check
CVE-2021-34645 (The Shopping Cart & eCommerce Store WordPress plugin is vulnerable ...)
NOT-FOR-US: WordPress plugin
CVE-2021-34644 (The Multiplayer Games WordPress plugin is vulnerable to Reflected Cros ...)
@@ -14053,8 +14077,8 @@ CVE-2021-34068 (Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to
NOT-FOR-US: tsMuxer
CVE-2021-34067 (Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause ...)
NOT-FOR-US: tsMuxer
-CVE-2021-34066
- RESERVED
+CVE-2021-34066 (An issue was discovered in EdgeGallery/developer before v1.0. There is ...)
+ TODO: check
CVE-2021-34065
RESERVED
CVE-2021-34064
@@ -16464,8 +16488,8 @@ CVE-2021-33057
RESERVED
CVE-2021-33056 (Belledonne Belle-sip before 4.5.20, as used in Linphone and other prod ...)
NOT-FOR-US: Belledonne Belle-sip
-CVE-2021-33055
- RESERVED
+CVE-2021-33055 (Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticat ...)
+ TODO: check
CVE-2021-33054 (SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not valida ...)
{DLA-2707-1}
- sogo 5.1.1-1 (bug #989479)
@@ -16572,8 +16596,8 @@ CVE-2021-33021
RESERVED
CVE-2021-33020
RESERVED
-CVE-2021-33019
- RESERVED
+CVE-2021-33019 (A stack-based buffer overflow vulnerability in Delta Electronics DOPSo ...)
+ TODO: check
CVE-2021-33018
RESERVED
CVE-2021-33017
@@ -16596,16 +16620,16 @@ CVE-2021-33009
RESERVED
CVE-2021-33008
RESERVED
-CVE-2021-33007
- RESERVED
+CVE-2021-33007 (A heap-based buffer overflow in Delta Electronics TPEditor: v1.98.06 a ...)
+ TODO: check
CVE-2021-33006
RESERVED
CVE-2021-33005
RESERVED
CVE-2021-33004 (The affected product is vulnerable to memory corruption condition due ...)
NOT-FOR-US: WebAccess HMI Designer
-CVE-2021-33003
- RESERVED
+CVE-2021-33003 (Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an atta ...)
+ TODO: check
CVE-2021-33002 (Opening a maliciously crafted project file may cause an out-of-bounds ...)
NOT-FOR-US: WebAccess HMI Designer
CVE-2021-33001
@@ -16628,8 +16652,8 @@ CVE-2021-32993
RESERVED
CVE-2021-32992 (FATEK Automation WinProladder Versions 3.30 and prior do not properly ...)
NOT-FOR-US: FATEK Automation WinProladder
-CVE-2021-32991
- RESERVED
+CVE-2021-32991 (Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to ...)
+ TODO: check
CVE-2021-32990 (FATEK Automation WinProladder Versions 3.30 and prior are vulnerable t ...)
NOT-FOR-US: FATEK Automation WinProladder
CVE-2021-32989
@@ -16644,8 +16668,8 @@ CVE-2021-32985
RESERVED
CVE-2021-32984
RESERVED
-CVE-2021-32983
- RESERVED
+CVE-2021-32983 (A Blind SQL injection vulnerability exists in the /DataHandler/Handler ...)
+ TODO: check
CVE-2021-32982
RESERVED
CVE-2021-32981
@@ -16676,8 +16700,8 @@ CVE-2021-32969
RESERVED
CVE-2021-32968
RESERVED
-CVE-2021-32967
- RESERVED
+CVE-2021-32967 (Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an atta ...)
+ TODO: check
CVE-2021-32966
RESERVED
CVE-2021-32965
@@ -16700,8 +16724,8 @@ CVE-2021-32957
RESERVED
CVE-2021-32956 (Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to re ...)
NOT-FOR-US: Advantech WebAccess/SCADA
-CVE-2021-32955
- RESERVED
+CVE-2021-32955 (Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestrict ...)
+ TODO: check
CVE-2021-32954 (Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a ...)
NOT-FOR-US: Advantech WebAccess/SCADA
CVE-2021-32953
@@ -25012,8 +25036,8 @@ CVE-2021-29745
RESERVED
CVE-2021-29744 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-sit ...)
NOT-FOR-US: IBM
-CVE-2021-29743
- RESERVED
+CVE-2021-29743 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cr ...)
+ TODO: check
CVE-2021-29742 (IBM Security Verify Access Docker 10.0.0 could allow a user to imperso ...)
NOT-FOR-US: IBM
CVE-2021-29741 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a v ...)
@@ -25042,8 +25066,8 @@ CVE-2021-29730 (IBM InfoSphere Information Server 11.7 is vulnerable to SQL inje
NOT-FOR-US: IBM
CVE-2021-29729
RESERVED
-CVE-2021-29728
- RESERVED
+CVE-2021-29728 (IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains ...)
+ TODO: check
CVE-2021-29727 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a v ...)
NOT-FOR-US: IBM
CVE-2021-29726
@@ -25052,10 +25076,10 @@ CVE-2021-29725 (IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2
NOT-FOR-US: IBM
CVE-2021-29724
RESERVED
-CVE-2021-29723
- RESERVED
-CVE-2021-29722
- RESERVED
+CVE-2021-29723 (IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weak ...)
+ TODO: check
+CVE-2021-29722 (IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weak ...)
+ TODO: check
CVE-2021-29721
RESERVED
CVE-2021-29720
@@ -25326,10 +25350,10 @@ CVE-2021-29633
RESERVED
CVE-2021-29632
RESERVED
-CVE-2021-29631
- RESERVED
-CVE-2021-29630
- RESERVED
+CVE-2021-29631 (In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before ...)
+ TODO: check
+CVE-2021-29630 (In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 12.2-STABLE before ...)
+ TODO: check
CVE-2021-29629 (In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before ...)
- dacs <unfixed> (bug #989288; unimportant)
[stretch] - dacs <not-affected> (Vulnerable module first bundled in 1.4.40)
@@ -29607,16 +29631,16 @@ CVE-2021-27915
RESERVED
CVE-2021-27914
RESERVED
-CVE-2021-27913
- RESERVED
-CVE-2021-27912
- RESERVED
-CVE-2021-27911
- RESERVED
-CVE-2021-27910
- RESERVED
-CVE-2021-27909
- RESERVED
+CVE-2021-27913 (The function mt_rand is used to generate session tokens, this function ...)
+ TODO: check
+CVE-2021-27912 (Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS ...)
+ TODO: check
+CVE-2021-27911 (Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS ...)
+ TODO: check
+CVE-2021-27910 (Insufficient sanitization / filtering allows for arbitrary JavaScript ...)
+ TODO: check
+CVE-2021-27909 (For Mautic versions prior to 3.3.4/4.0.0, there is an XSS vulnerabilit ...)
+ TODO: check
CVE-2021-27908 (In all versions prior to Mautic 3.3.2, secret parameters such as datab ...)
NOT-FOR-US: Mautic
CVE-2021-27907 (Apache Superset up to and including 0.38.0 allowed the creation of a M ...)
@@ -30158,8 +30182,8 @@ CVE-2021-27665
RESERVED
CVE-2021-27664
RESERVED
-CVE-2021-27663
- RESERVED
+CVE-2021-27663 (A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM ...)
+ TODO: check
CVE-2021-27662
RESERVED
CVE-2021-27661 (Successful exploitation of this vulnerability could give an authentica ...)
@@ -31604,12 +31628,12 @@ CVE-2021-27021 (A flaw was discovered in Puppet DB, this flaw results in an esca
NOTE: https://github.com/puppetlabs/puppetdb/commit/f8dc81678cf347739838e42cc1c426d96406c266
NOTE: https://github.com/puppetlabs/puppetdb/commit/72bd137511487643a3a6236ad9e72a5dd4a6fadb
NOTE: https://puppet.com/docs/puppetdb/6/release_notes/release_notes_latest.html#puppetdb-6170
-CVE-2021-27020
- RESERVED
-CVE-2021-27019
- RESERVED
-CVE-2021-27018
- RESERVED
+CVE-2021-27020 (Puppet Enterprise presented a security risk by not sanitizing user inp ...)
+ TODO: check
+CVE-2021-27019 (PuppetDB logging included potentially sensitive system information. ...)
+ TODO: check
+CVE-2021-27018 (The mechanism which performs certificate validation was discovered to ...)
+ TODO: check
CVE-2021-27017
RESERVED
- puppet <not-affected> (Specific to the Puppet 7.x stack)
@@ -34307,8 +34331,8 @@ CVE-2021-25960
RESERVED
CVE-2021-25959
RESERVED
-CVE-2021-25958
- RESERVED
+CVE-2021-25958 (In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch ...)
+ TODO: check
CVE-2021-25957 (In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerabl ...)
- dolibarr <removed>
NOTE: https://github.com/Dolibarr/dolibarr/commit/87f9530272925f0d651f59337a35661faeb6f377
@@ -37461,12 +37485,12 @@ CVE-2021-24669
RESERVED
CVE-2021-24668
RESERVED
-CVE-2021-24667
- RESERVED
+CVE-2021-24667 (A stored cross-site scripting vulnerability has been discovered in : S ...)
+ TODO: check
CVE-2021-24666
RESERVED
-CVE-2021-24665
- RESERVED
+CVE-2021-24665 (The WP Video Lightbox WordPress plugin before 1.9.3 does not escape th ...)
+ TODO: check
CVE-2021-24664
RESERVED
CVE-2021-24663
@@ -37609,10 +37633,10 @@ CVE-2021-24595
RESERVED
CVE-2021-24594
RESERVED
-CVE-2021-24593
- RESERVED
-CVE-2021-24592
- RESERVED
+CVE-2021-24593 (The Business Hours Indicator WordPress plugin before 2.3.5 does not sa ...)
+ TODO: check
+CVE-2021-24592 (The Sitewide Notice WP WordPress plugin before 2.3 does not sanitise s ...)
+ TODO: check
CVE-2021-24591
RESERVED
CVE-2021-24590
@@ -37633,12 +37657,12 @@ CVE-2021-24583
RESERVED
CVE-2021-24582
RESERVED
-CVE-2021-24581
- RESERVED
-CVE-2021-24580
- RESERVED
-CVE-2021-24579
- RESERVED
+CVE-2021-24581 (The Blue Admin WordPress plugin through 21.06.01 does not sanitise or ...)
+ TODO: check
+CVE-2021-24580 (The Side Menu Lite WordPress plugin before 2.2.6 does not sanitise use ...)
+ TODO: check
+CVE-2021-24579 (The bt_bb_get_grid AJAX action of the Bold Page Builder WordPress plug ...)
+ TODO: check
CVE-2021-24578
RESERVED
CVE-2021-24577
@@ -37739,8 +37763,8 @@ CVE-2021-24530
RESERVED
CVE-2021-24529 (The Grid Gallery – Photo Image Grid Gallery WordPress plugin bef ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24528
- RESERVED
+CVE-2021-24528 (The FluentSMTP WordPress plugin before 2.0.1 does not sanitize paramet ...)
+ TODO: check
CVE-2021-24527 (The User Registration & User Profile – Profile Builder WordP ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24526 (The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contac ...)
@@ -37919,10 +37943,10 @@ CVE-2021-24440 (The Sign-up Sheets WordPress plugin before 1.0.14 did not saniti
NOT-FOR-US: Wordpress plugin
CVE-2021-24439 (The Browser Screenshots WordPress plugin before 1.7.6 allowed authenti ...)
NOT-FOR-US: Wordpress plugin
-CVE-2021-24438
- RESERVED
-CVE-2021-24437
- RESERVED
+CVE-2021-24438 (The ShareThis Dashboard for Google Analytics WordPress plugin before 2 ...)
+ TODO: check
+CVE-2021-24437 (The Favicon by RealFaviconGenerator WordPress plugin through 1.3.20 do ...)
+ TODO: check
CVE-2021-24436 (The W3 Total Cache WordPress plugin before 2.1.4 was vulnerable to a r ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24435
@@ -43441,20 +43465,20 @@ CVE-2021-22029
RESERVED
CVE-2021-22028
RESERVED
-CVE-2021-22027
- RESERVED
-CVE-2021-22026
- RESERVED
-CVE-2021-22025
- RESERVED
-CVE-2021-22024
- RESERVED
-CVE-2021-22023
- RESERVED
-CVE-2021-22022
- RESERVED
-CVE-2021-22021
- RESERVED
+CVE-2021-22027 (The vRealize Operations Manager API (8.x prior to 8.5) contains a Serv ...)
+ TODO: check
+CVE-2021-22026 (The vRealize Operations Manager API (8.x prior to 8.5) contains a Serv ...)
+ TODO: check
+CVE-2021-22025 (The vRealize Operations Manager API (8.x prior to 8.5) contains a brok ...)
+ TODO: check
+CVE-2021-22024 (The vRealize Operations Manager API (8.x prior to 8.5) contains an arb ...)
+ TODO: check
+CVE-2021-22023 (The vRealize Operations Manager API (8.x prior to 8.5) has insecure ob ...)
+ TODO: check
+CVE-2021-22022 (The vRealize Operations Manager API (8.x prior to 8.5) contains an arb ...)
+ TODO: check
+CVE-2021-22021 (VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site S ...)
+ TODO: check
CVE-2021-22020
RESERVED
CVE-2021-22019
@@ -44130,7 +44154,7 @@ CVE-2021-21775 (A use-after-free vulnerability exists in the way certain events
[bullseye] - wpewebkit <postponed> (Minor issue, fix along with next update)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1229
CVE-2021-21774
- RESERVED
+ REJECTED
CVE-2021-21773 (An out-of-bounds write vulnerability exists in the TIFF header count-p ...)
NOT-FOR-US: ImageGear
CVE-2021-21772 (A use-after-free vulnerability exists in the NMR::COpcPackageReader::r ...)
@@ -44197,8 +44221,8 @@ CVE-2021-21743
RESERVED
CVE-2021-21742
RESERVED
-CVE-2021-21741
- RESERVED
+CVE-2021-21741 (A conference management system of ZTE is impacted by a command executi ...)
+ TODO: check
CVE-2021-21740 (There is an information leak vulnerability in the digital media player ...)
NOT-FOR-US: ZTE
CVE-2021-21739 (A ZTE's product of the transport network access layer has a security v ...)
@@ -46120,12 +46144,12 @@ CVE-2020-35636 (A code execution vulnerability exists in the Nef polygon-parsing
- cgal 5.2-3 (bug #985671)
[buster] - cgal <no-dsa> (Minor issue)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225
-CVE-2020-35635
- RESERVED
-CVE-2020-35634
- RESERVED
-CVE-2020-35633
- RESERVED
+CVE-2020-35635 (A code execution vulnerability exists in the Nef polygon-parsing funct ...)
+ TODO: check
+CVE-2020-35634 (A code execution vulnerability exists in the Nef polygon-parsing funct ...)
+ TODO: check
+CVE-2020-35633 (A code execution vulnerability exists in the Nef polygon-parsing funct ...)
+ TODO: check
CVE-2020-35632
RESERVED
CVE-2020-35631
@@ -82211,20 +82235,20 @@ CVE-2020-18129 (A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add
NOT-FOR-US: Eyoucms
CVE-2020-18128
RESERVED
-CVE-2020-18127
- RESERVED
-CVE-2020-18126
- RESERVED
-CVE-2020-18125
- RESERVED
-CVE-2020-18124
- RESERVED
-CVE-2020-18123
- RESERVED
+CVE-2020-18127 (An issue in the /config/config.php component of Indexhibit 2.1.5 allow ...)
+ TODO: check
+CVE-2020-18126 (Multiple stored cross-site scripting (XSS) vulnerabilities in the Sect ...)
+ TODO: check
+CVE-2020-18125 (A reflected cross-site scripting (XSS) vulnerability in the /plugin/aj ...)
+ TODO: check
+CVE-2020-18124 (A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 ...)
+ TODO: check
+CVE-2020-18123 (A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 ...)
+ TODO: check
CVE-2020-18122
RESERVED
-CVE-2020-18121
- RESERVED
+CVE-2020-18121 (A configuration issue in Indexhibit 2.1.5 allows authenticated attacke ...)
+ TODO: check
CVE-2020-18120
RESERVED
CVE-2020-18119
@@ -87576,8 +87600,8 @@ CVE-2020-15746
REJECTED
CVE-2020-15745
REJECTED
-CVE-2020-15744
- RESERVED
+CVE-2020-15744 (Stack-based Buffer Overflow vulnerability in the ONVIF server componen ...)
+ TODO: check
CVE-2020-15743
REJECTED
CVE-2020-15742
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3e6977d67858f9fd154c822d08a9b33b5c556f1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3e6977d67858f9fd154c822d08a9b33b5c556f1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210830/d48b8bc9/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list