[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jul 6 21:10:30 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
739f3319 by security tracker role at 2021-07-06T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2021-36165
+ RESERVED
+CVE-2021-36164
+ RESERVED
+CVE-2021-36163
+ RESERVED
+CVE-2021-36162
+ RESERVED
+CVE-2021-36161
+ RESERVED
+CVE-2021-36160
+ RESERVED
CVE-2021-36159
RESERVED
CVE-2021-36158 (In the xrdp package (in branches through 3.14) for Alpine Linux, RDP s ...)
@@ -1660,8 +1672,8 @@ CVE-2021-35442
RESERVED
CVE-2021-35441
RESERVED
-CVE-2021-35440
- RESERVED
+CVE-2021-35440 (Smashing 1.3.4 is vulnerable to Cross Site Scripting (XSS). A URL for ...)
+ TODO: check
CVE-2021-35439
RESERVED
CVE-2021-35438 (phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-re ...)
@@ -3320,8 +3332,7 @@ CVE-2021-34676
RESERVED
CVE-2021-34675
RESERVED
-CVE-2021-3598
- RESERVED
+CVE-2021-3598 (There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in ...)
{DLA-2701-1}
- openexr <unfixed> (bug #990450)
[bullseye] - openexr <no-dsa> (Minor issue)
@@ -4404,8 +4415,8 @@ CVE-2021-34192
RESERVED
CVE-2021-34191
RESERVED
-CVE-2021-34190
- RESERVED
+CVE-2021-34190 (A stored cross site scripting (XSS) vulnerability in index.php?menu=bi ...)
+ TODO: check
CVE-2021-34189
RESERVED
CVE-2021-34188
@@ -7737,8 +7748,8 @@ CVE-2021-32742
RESERVED
CVE-2021-32741
RESERVED
-CVE-2021-32740
- RESERVED
+CVE-2021-32740 (Addressable is an alternative implementation to the URI implementation ...)
+ TODO: check
CVE-2021-32739
RESERVED
CVE-2021-32738 (js-stellar-sdk is a Javascript library for communicating with a Stella ...)
@@ -8187,8 +8198,8 @@ CVE-2021-32561 (OctoPrint before 1.6.0 allows XSS because API error messages inc
NOT-FOR-US: OctoPrint
CVE-2021-32560 (The Logging subsystem in OctoPrint before 1.6.0 has incorrect access c ...)
NOT-FOR-US: OctoPrint
-CVE-2021-32559
- RESERVED
+CVE-2021-32559 (An integer overflow exists in pywin32 prior to version b301 when addin ...)
+ TODO: check
CVE-2021-32558
RESERVED
CVE-2021-32557 (It was discovered that the process_report() function in data/whoopsie- ...)
@@ -10227,8 +10238,8 @@ CVE-2021-31773
RESERVED
CVE-2021-31772
RESERVED
-CVE-2021-31771
- RESERVED
+CVE-2021-31771 (Splinterware System Scheduler Professional version 5.30 is subject to ...)
+ TODO: check
CVE-2021-31770
RESERVED
CVE-2021-31769 (MyQ Server in MyQ X Smart before 8.2 allows remote code execution by u ...)
@@ -16842,7 +16853,7 @@ CVE-2021-29060 (A Regular Expression Denial of Service (ReDOS) vulnerability was
[buster] - node-color-string <no-dsa> (Minor issue)
NOTE: https://github.com/yetingli/PoCs/blob/main/CVE-2021-29060/Color-String.md
NOTE: https://github.com/Qix-/color-string/commit/0789e21284c33d89ebc4ab4ca6f759b9375ac9d3
-CVE-2021-29059 (A vulnerability was discovered in IS-SVG version 4.3.1 and below where ...)
+CVE-2021-29059 (A vulnerability was discovered in IS-SVG version 2.1.0 to 4.2.2 and be ...)
NOT-FOR-US: Node is-svg
CVE-2021-29058
RESERVED
@@ -19603,8 +19614,8 @@ CVE-2021-27932
RESERVED
CVE-2021-27931 (LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthent ...)
NOT-FOR-US: LumisXP (aka Lumis Experience Platform)
-CVE-2021-27930
- RESERVED
+CVE-2021-27930 (Multiple stored XSS vulnerabilities in IrisNext Edition 9.5.16, which ...)
+ TODO: check
CVE-2021-27929
RESERVED
CVE-2021-27928 (A remote code execution issue was discovered in MariaDB 10.2 before 10 ...)
@@ -27851,8 +27862,8 @@ CVE-2021-24496
RESERVED
CVE-2021-24495
RESERVED
-CVE-2021-24494
- RESERVED
+CVE-2021-24494 (The WP Offload SES Lite WordPress plugin before 1.4.5 did not escape s ...)
+ TODO: check
CVE-2021-24493
RESERVED
CVE-2021-24492
@@ -27937,8 +27948,8 @@ CVE-2021-24453
RESERVED
CVE-2021-24452
RESERVED
-CVE-2021-24451
- RESERVED
+CVE-2021-24451 (The Export Users With Meta WordPress plugin before 0.6.5 did not escap ...)
+ TODO: check
CVE-2021-24450
RESERVED
CVE-2021-24449
@@ -28025,12 +28036,12 @@ CVE-2021-24409
RESERVED
CVE-2021-24408
RESERVED
-CVE-2021-24407
- RESERVED
-CVE-2021-24406
- RESERVED
-CVE-2021-24405
- RESERVED
+CVE-2021-24407 (The Jannah WordPress theme before 5.4.5 did not properly sanitize the ...)
+ TODO: check
+CVE-2021-24406 (The wpForo Forum WordPress plugin before 1.9.7 did not validate the re ...)
+ TODO: check
+CVE-2021-24405 (The Easy Cookies Policy WordPress plugin through 1.6.2 is lacking any ...)
+ TODO: check
CVE-2021-24404
RESERVED
CVE-2021-24403
@@ -28061,18 +28072,18 @@ CVE-2021-24391
RESERVED
CVE-2021-24390
RESERVED
-CVE-2021-24389
- RESERVED
-CVE-2021-24388
- RESERVED
-CVE-2021-24387
- RESERVED
-CVE-2021-24386
- RESERVED
+CVE-2021-24389 (The WP Foodbakery WordPress plugin before 2.2, used in the FoodBakery ...)
+ TODO: check
+CVE-2021-24388 (In the VikRentCar Car Rental Management System WordPress plugin before ...)
+ TODO: check
+CVE-2021-24387 (The WP Pro Real Estate 7 WordPress theme before 3.1.1 did not properly ...)
+ TODO: check
+CVE-2021-24386 (The WP SVG images WordPress plugin before 3.4 did not sanitise the SVG ...)
+ TODO: check
CVE-2021-24385
RESERVED
-CVE-2021-24384
- RESERVED
+CVE-2021-24384 (The joomsport_md_load AJAX action of the JoomSport WordPress plugin be ...)
+ TODO: check
CVE-2021-24383 (The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, va ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24382 (The Smart Slider 3 Free and pro WordPress plugins before 3.5.0.9 did n ...)
@@ -28089,8 +28100,8 @@ CVE-2021-24377 (The Autoptimize WordPress plugin before 2.7.8 attempts to remove
NOT-FOR-US: WordPress plugin
CVE-2021-24376 (The Autoptimize WordPress plugin before 2.7.8 attempts to delete malic ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24375
- RESERVED
+CVE-2021-24375 (Lack of authentication or validation in motor_load_more, motor_gallery ...)
+ TODO: check
CVE-2021-24374 (The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24373 (The WP Hardening – Fix Your WordPress Security WordPress plugin ...)
@@ -28864,8 +28875,8 @@ CVE-2021-24007
RESERVED
CVE-2021-24006
RESERVED
-CVE-2021-24005
- RESERVED
+CVE-2021-24005 (Usage of hard-coded cryptographic keys to encrypt configuration files ...)
+ TODO: check
CVE-2021-24004
RESERVED
CVE-2021-24003
@@ -107777,7 +107788,7 @@ CVE-2020-4612 (IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated u
NOT-FOR-US: IBM
CVE-2020-4611 (IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user t ...)
NOT-FOR-US: IBM
-CVE-2020-4610 (IBM Security Sevret Server (IBM Security Verify Privilege Manager 10.8 ...)
+CVE-2020-4610 (IBM Security Secret Server (IBM Security Verify Privilege Manager 10.8 ...)
NOT-FOR-US: IBM
CVE-2020-4609 (IBM Security Sevret Server (IBM Security Verify Privilege Manager 10.8 ...)
NOT-FOR-US: IBM
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/739f33199d46119b8fe7dc76cebab9fb49ed048f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/739f33199d46119b8fe7dc76cebab9fb49ed048f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210706/14adc15d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list