[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jul 15 21:10:34 BST 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b1adf3bb by security tracker role at 2021-07-15T20:10:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2021-36753 (sharkdp BAT before 0.18.2 executes less.exe from the current working d ...)
+	TODO: check
+CVE-2021-36752
+	RESERVED
+CVE-2021-36751
+	RESERVED
+CVE-2021-36750
+	RESERVED
+CVE-2021-36749
+	RESERVED
+CVE-2021-3650
+	RESERVED
+CVE-2021-3649
+	RESERVED
 CVE-2021-36748
 	RESERVED
 CVE-2021-36747
@@ -3719,8 +3733,8 @@ CVE-2021-35058
 	RESERVED
 CVE-2021-35057
 	RESERVED
-CVE-2021-35056
-	RESERVED
+CVE-2021-35056 (Unisys Stealth 5.1 before 5.1.025.0 and 6.0 before 6.0.055.0 has an un ...)
+	TODO: check
 CVE-2021-35055
 	RESERVED
 CVE-2020-36393
@@ -4208,14 +4222,14 @@ CVE-2021-34832
 	RESERVED
 CVE-2021-34831
 	RESERVED
-CVE-2021-34830
-	RESERVED
-CVE-2021-34829
-	RESERVED
-CVE-2021-34828
-	RESERVED
-CVE-2021-34827
-	RESERVED
+CVE-2021-34830 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+	TODO: check
+CVE-2021-34829 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+	TODO: check
+CVE-2021-34828 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+	TODO: check
+CVE-2021-34827 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+	TODO: check
 CVE-2021-3608 [pvrdma: uninitialized memory unmap in pvrdma_ring_init()]
 	RESERVED
 	- qemu <unfixed> (bug #990563)
@@ -4538,18 +4552,18 @@ CVE-2021-34693 (net/can/bcm.c in the Linux kernel through 5.12.10 allows local u
 	NOTE: https://www.openwall.com/lists/oss-security/2021/06/15/1
 	NOTE: https://github.com/nrb547/kernel-exploitation/tree/main/cve-2021-34693
 	NOTE: https://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076@3c-app-gmx-bs04/T/
-CVE-2021-34692
-	RESERVED
-CVE-2021-34691
-	RESERVED
-CVE-2021-34690
-	RESERVED
-CVE-2021-34689
-	RESERVED
-CVE-2021-34688
-	RESERVED
-CVE-2021-34687
-	RESERVED
+CVE-2021-34692 (iDrive RemotePC before 7.6.48 on Windows allows privilege escalation.  ...)
+	TODO: check
+CVE-2021-34691 (iDrive RemotePC before 4.0.1 on Linux allows denial of service. A remo ...)
+	TODO: check
+CVE-2021-34690 (iDrive RemotePC before 7.6.48 on Windows allows authentication bypass. ...)
+	TODO: check
+CVE-2021-34689 (iDrive RemotePC before 7.6.48 on Windows allows information disclosure ...)
+	TODO: check
+CVE-2021-34688 (iDrive RemotePC before 7.6.48 on Windows allows information disclosure ...)
+	TODO: check
+CVE-2021-34687 (iDrive RemotePC before 7.6.48 on Windows allows information disclosure ...)
+	TODO: check
 CVE-2021-3601
 	RESERVED
 	- openssl1.0 <removed>
@@ -4870,8 +4884,7 @@ CVE-2021-3592 (An invalid pointer initialization issue was found in the SLiRP ne
 	NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/f13cad45b25d92760bb0ad67bec0300a4d7d5275 (v4.6.0)
 	NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2eca0838eee1da96204545e22cdaed860d9d7c6c (v4.6.0)
 	NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
-CVE-2021-34558
-	RESERVED
+CVE-2021-34558 (The crypto/tls package of Go through 1.16.5 does not properly assert t ...)
 	- golang-1.16 1.16.6-1
 	- golang-1.15 <unfixed>
 	- golang-1.11 <removed>
@@ -5160,8 +5173,8 @@ CVE-2021-34431
 	RESERVED
 CVE-2021-34430 (Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C  ...)
 	NOT-FOR-US: Eclipse TinyDTLS
-CVE-2021-34429
-	RESERVED
+CVE-2021-34429 (For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-1 ...)
+	TODO: check
 CVE-2021-34428 (For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, i ...)
 	- jetty9 9.4.39-2 (bug #990578)
 	[stretch] - jetty9 <not-affected> (vulnerable code is not present)
@@ -7288,8 +7301,8 @@ CVE-2021-33507 (Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthSer
 	NOT-FOR-US: Zope Products.CMFCore (as used in Plone)
 CVE-2021-33506 (jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure tha ...)
 	NOT-FOR-US: jitsi-meet-prosody
-CVE-2021-33505
-	RESERVED
+CVE-2021-33505 (Falco through 0.28.1 has a Time-of-check Time-of-use (TOCTOU) Race Con ...)
+	TODO: check
 CVE-2021-33504
 	RESERVED
 CVE-2021-33503 (An issue was discovered in urllib3 before 1.26.5. When provided with a ...)
@@ -8964,8 +8977,8 @@ CVE-2021-32772
 	RESERVED
 CVE-2021-32771
 	RESERVED
-CVE-2021-32770
-	RESERVED
+CVE-2021-32770 (Gatsby is a framework for building websites. The gatsby-source-wordpre ...)
+	TODO: check
 CVE-2021-32769
 	RESERVED
 CVE-2021-32768
@@ -9004,8 +9017,8 @@ CVE-2021-32752 (Ether Logs is a package that allows one to check one's logs in t
 	NOT-FOR-US: Ether Logs
 CVE-2021-32751
 	RESERVED
-CVE-2021-32750
-	RESERVED
+CVE-2021-32750 (MuWire is a file publishing and networking tool that protects the iden ...)
+	TODO: check
 CVE-2021-32749
 	RESERVED
 CVE-2021-32748
@@ -9026,8 +9039,7 @@ CVE-2021-32745
 	RESERVED
 CVE-2021-32744
 	RESERVED
-CVE-2021-32743 [Passwords used to access external services inadvertently exposed through API]
-	RESERVED
+CVE-2021-32743 (Icinga is a monitoring system which checks the availability of network ...)
 	- icinga2 <unfixed>
 	NOTE: https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/
 	NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7
@@ -9039,8 +9051,7 @@ CVE-2021-32740 (Addressable is an alternative implementation to the URI implemen
 	- ruby-addressable 2.7.0-2 (bug #990791)
 	NOTE: https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g
 	NOTE: https://github.com/sporkmonger/addressable/commit/b48ff03347a6d46e8dc674e242ce74c6381962a5#diff-fb36d3dc67e6565ffde17e666a98697f48e76dac38fabf1bb9e97cdf3b583d76
-CVE-2021-32739 [Results of queries for ApiListener objects include the ticket salt which allows in turn to steal (more privileged) identities]
-	RESERVED
+CVE-2021-32739 (Icinga is a monitoring system which checks the availability of network ...)
 	- icinga2 <unfixed>
 	NOTE: https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/
 	NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-98wp-jc6q-x5q5
@@ -10825,8 +10836,8 @@ CVE-2021-32001
 	RESERVED
 CVE-2021-32000
 	RESERVED
-CVE-2021-31999
-	RESERVED
+CVE-2021-31999 (A Reliance on Untrusted Inputs in a Security Decision vulnerability in ...)
+	TODO: check
 CVE-2021-31998 (A Incorrect Default Permissions vulnerability in the packaging of inn  ...)
 	- inn2 <not-affected> (SuSE-specific packaging issue)
 CVE-2021-31997 (a UNIX Symbolic Link (Symlink) Following vulnerability in python-posto ...)
@@ -14408,7 +14419,7 @@ CVE-2021-30548 (Use after free in Loader in Google Chrome prior to 91.0.4472.101
 	- chromium <unfixed> (bug #990079)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2021-30547 (Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 a ...)
-	{DSA-4939-1}
+	{DSA-4939-1 DLA-2709-1}
 	- chromium <unfixed> (bug #990079)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 	- firefox 90.0-1
@@ -15928,7 +15939,7 @@ CVE-2021-29977
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29977
 CVE-2021-29976
 	RESERVED
-	{DSA-4939-1}
+	{DSA-4939-1 DLA-2709-1}
 	- firefox 90.0-1
 	- firefox-esr 78.12.0esr-1
 	- thunderbird <unfixed>
@@ -15957,7 +15968,7 @@ CVE-2021-29971
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29971
 CVE-2021-29970
 	RESERVED
-	{DSA-4939-1}
+	{DSA-4939-1 DLA-2709-1}
 	- firefox 90.0-1
 	- firefox-esr 78.12.0esr-1
 	- thunderbird <unfixed>
@@ -16493,8 +16504,8 @@ CVE-2021-29751 (IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Bu
 	NOT-FOR-US: IBM
 CVE-2021-29750
 	RESERVED
-CVE-2021-29749
-	RESERVED
+CVE-2021-29749 (IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6 ...)
+	TODO: check
 CVE-2021-29748
 	RESERVED
 CVE-2021-29747 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...)
@@ -16507,8 +16518,8 @@ CVE-2021-29744
 	RESERVED
 CVE-2021-29743
 	RESERVED
-CVE-2021-29742
-	RESERVED
+CVE-2021-29742 (IBM Security Verify Access Docker 10.0.0 could allow a user to imperso ...)
+	TODO: check
 CVE-2021-29741
 	RESERVED
 CVE-2021-29740 (IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 sys ...)
@@ -16541,8 +16552,8 @@ CVE-2021-29727
 	RESERVED
 CVE-2021-29726
 	RESERVED
-CVE-2021-29725
-	RESERVED
+CVE-2021-29725 (IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IB ...)
+	TODO: check
 CVE-2021-29724
 	RESERVED
 CVE-2021-29723
@@ -16593,8 +16604,8 @@ CVE-2021-29701
 	RESERVED
 CVE-2021-29700
 	RESERVED
-CVE-2021-29699
-	RESERVED
+CVE-2021-29699 (IBM Security Verify Access Docker 10.0.0 could allow a remote priviled ...)
+	TODO: check
 CVE-2021-29698
 	RESERVED
 CVE-2021-29697
@@ -21222,12 +21233,12 @@ CVE-2021-27849
 	RESERVED
 CVE-2021-27848
 	RESERVED
-CVE-2021-27847
-	RESERVED
+CVE-2021-27847 (Division-By-Zero vulnerability in Libvips 8.10.5 in the function vips_ ...)
+	TODO: check
 CVE-2021-27846
 	RESERVED
-CVE-2021-27845
-	RESERVED
+CVE-2021-27845 (A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2 ...)
+	TODO: check
 CVE-2021-27844
 	RESERVED
 CVE-2021-27843
@@ -22678,7 +22689,7 @@ CVE-2021-27200 (In WoWonder 3.0.4, remote attackers can take over any account du
 	NOT-FOR-US: WoWonder
 CVE-2021-27199
 	RESERVED
-CVE-2021-27198 (An issue was discovered in Visualware MyConnection Server through 11.0 ...)
+CVE-2021-27198 (An issue was discovered in Visualware MyConnection Server before v11.1 ...)
 	NOT-FOR-US: Visualware MyConnection Server
 CVE-2021-27197 (DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arb ...)
 	NOT-FOR-US: Pelco Digital Sentry Server
@@ -27416,13 +27427,13 @@ CVE-2021-25321 (A UNIX Symbolic Link (Symlink) Following vulnerability in arpwat
 	- arpwatch <not-affected> (SuSE specific packaging issue)
 	NOTE: Debian does not ship arpwatch-2.1a11-drop-privs.dif and does apply permissions
 	NOTE: to /var/lib/arpwatch (to arpwatch:arpatch, 0750) on postinst time
-CVE-2021-25320
-	RESERVED
+CVE-2021-25320 (A Improper Access Control vulnerability in Rancher, allows users in th ...)
+	TODO: check
 CVE-2021-25319 (A Incorrect Default Permissions vulnerability in the packaging of virt ...)
 	- virtualbox <not-affected> (openSUSE specific security issue in the openSUSE packaging)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/04/26/2
-CVE-2021-25318
-	RESERVED
+CVE-2021-25318 (A Incorrect Permission Assignment for Critical Resource vulnerability  ...)
+	TODO: check
 CVE-2021-25317 (A Incorrect Default Permissions vulnerability in the packaging of cups ...)
 	- cups <not-affected> (In Debian /var/log/cups is owned by root:root)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1949119
@@ -32265,10 +32276,10 @@ CVE-2021-3045
 	RESERVED
 CVE-2021-3044 (An improper authorization vulnerability in Palo Alto Networks Cortex X ...)
 	NOT-FOR-US: Palo Alto Networks
-CVE-2021-3043
-	RESERVED
-CVE-2021-3042
-	RESERVED
+CVE-2021-3043 (A reflected cross-site scripting (XSS) vulnerability exists in the Pri ...)
+	TODO: check
+CVE-2021-3042 (A local privilege escalation (PE) vulnerability exists in the Palo Alt ...)
+	TODO: check
 CVE-2021-3041 (A local privilege escalation vulnerability exists in the Palo Alto Net ...)
 	NOT-FOR-US: Palo Alto Networks
 CVE-2021-3040 (An unsafe deserialization vulnerability in Bridgecrew Checkov by Prism ...)
@@ -35502,7 +35513,7 @@ CVE-2021-21706
 	RESERVED
 CVE-2021-21705 [PHP: SSRF bypass in FILTER_VALIDATE_URL]
 	RESERVED
-	{DSA-4935-1}
+	{DSA-4935-1 DLA-2708-1}
 	- php8.0 8.0.8-1 (bug #990575)
 	- php7.4 7.4.21-1+deb11u1
 	- php7.3 <removed>
@@ -35511,7 +35522,7 @@ CVE-2021-21705 [PHP: SSRF bypass in FILTER_VALIDATE_URL]
 	NOTE: PHP Bug: https://bugs.php.net/81122
 CVE-2021-21704 [PHP: firebird issues]
 	RESERVED
-	{DSA-4935-1}
+	{DSA-4935-1 DLA-2708-1}
 	- php8.0 8.0.8-1 (bug #990575)
 	- php7.4 7.4.21-1+deb11u1
 	- php7.3 <removed>
@@ -35524,7 +35535,7 @@ CVE-2021-21704 [PHP: firebird issues]
 CVE-2021-21703
 	RESERVED
 CVE-2021-21702 (In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below ...)
-	{DSA-4856-1}
+	{DSA-4856-1 DLA-2708-1}
 	- php8.0 8.0.2-1
 	- php7.4 7.4.15-1
 	- php7.3 <removed>
@@ -35759,10 +35770,10 @@ CVE-2021-21589 (Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0
 	NOT-FOR-US: EMC
 CVE-2021-21588 (Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vu ...)
 	NOT-FOR-US: EMC
-CVE-2021-21587
-	RESERVED
-CVE-2021-21586
-	RESERVED
+CVE-2021-21587 (Dell Wyse Management Suite versions 3.2 and earlier contain a full pat ...)
+	TODO: check
+CVE-2021-21586 (Wyse Management Suite versions 3.2 and earlier contain an absolute pat ...)
+	TODO: check
 CVE-2021-21585
 	RESERVED
 CVE-2021-21584
@@ -39742,16 +39753,16 @@ CVE-2021-20539
 	RESERVED
 CVE-2021-20538 (IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a us ...)
 	NOT-FOR-US: IBM
-CVE-2021-20537
-	RESERVED
+CVE-2021-20537 (IBM Security Verify Access Docker 10.0.0 contains hard-coded credentia ...)
+	TODO: check
 CVE-2021-20536 (IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores  ...)
 	NOT-FOR-US: IBM
 CVE-2021-20535 (IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerabl ...)
 	NOT-FOR-US: IBM
-CVE-2021-20534
-	RESERVED
-CVE-2021-20533
-	RESERVED
+CVE-2021-20534 (IBM Security Verify Access Docker 10.0.0 could allow a remote attacker ...)
+	TODO: check
+CVE-2021-20533 (IBM Security Verify Access Docker 10.0.0 could allow a remote authenti ...)
+	TODO: check
 CVE-2021-20532 (IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 could allow a loc ...)
 	NOT-FOR-US: IBM
 CVE-2021-20531
@@ -39768,10 +39779,10 @@ CVE-2021-20526
 	RESERVED
 CVE-2021-20525
 	RESERVED
-CVE-2021-20524
-	RESERVED
-CVE-2021-20523
-	RESERVED
+CVE-2021-20524 (IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site s ...)
+	TODO: check
+CVE-2021-20523 (IBM Security Verify Access Docker 10.0.0 could allow a remote attacker ...)
+	TODO: check
 CVE-2021-20522
 	RESERVED
 CVE-2021-20521
@@ -39794,10 +39805,10 @@ CVE-2021-20513
 	RESERVED
 CVE-2021-20512
 	RESERVED
-CVE-2021-20511
-	RESERVED
-CVE-2021-20510
-	RESERVED
+CVE-2021-20511 (IBM Security Verify Access Docker 10.0.0 could allow a remote attacker ...)
+	TODO: check
+CVE-2021-20510 (IBM Security Verify Access Docker 10.0.0 stores user credentials in pl ...)
+	TODO: check
 CVE-2021-20509
 	RESERVED
 CVE-2021-20508
@@ -39816,16 +39827,16 @@ CVE-2021-20502 (IBM Jazz Foundation Products are vulnerable to an XML External E
 	NOT-FOR-US: IBM
 CVE-2021-20501 (IBM i 7.1, 7.2, 7.3, and 7.4 SMTP allows a network attacker to send em ...)
 	NOT-FOR-US: IBM
-CVE-2021-20500
-	RESERVED
-CVE-2021-20499
-	RESERVED
-CVE-2021-20498
-	RESERVED
-CVE-2021-20497
-	RESERVED
-CVE-2021-20496
-	RESERVED
+CVE-2021-20500 (IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive ...)
+	TODO: check
+CVE-2021-20499 (IBM Security Verify Access Docker 10.0.0 could allow a remote attacker ...)
+	TODO: check
+CVE-2021-20498 (IBM Security Verify Access Docker 10.0.0 reveals version information i ...)
+	TODO: check
+CVE-2021-20497 (IBM Security Verify Access Docker 10.0.0 uses weaker than expected cry ...)
+	TODO: check
+CVE-2021-20496 (IBM Security Verify Access Docker 10.0.0 could allow an authenticated  ...)
+	TODO: check
 CVE-2021-20495
 	RESERVED
 CVE-2021-20494 (IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a ...)
@@ -39938,8 +39949,8 @@ CVE-2021-20441 (IBM Security Verify Bridge uses weaker than expected cryptograph
 	NOT-FOR-US: IBM
 CVE-2021-20440 (IBM API Connect 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13 does not  ...)
 	NOT-FOR-US: IBM
-CVE-2021-20439
-	RESERVED
+CVE-2021-20439 (IBM Security Access Manager 9.0 and IBM Security Verify Access Docker  ...)
+	TODO: check
 CVE-2021-20438
 	RESERVED
 CVE-2021-20437
@@ -56922,8 +56933,8 @@ CVE-2020-25738 (CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows atta
 	NOT-FOR-US: CyberArk Endpoint Privilege Manager (EPM)
 CVE-2020-25737 (An elevation of privilege vulnerability exists in Hackolade versions p ...)
 	NOT-FOR-US: Hackolade
-CVE-2020-25736
-	RESERVED
+CVE-2020-25736 (Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows ...)
+	TODO: check
 CVE-2020-25735 (webTareas through 2.1 allows XSS in clients/editclient.php, extensions ...)
 	NOT-FOR-US: webTareas
 CVE-2020-25734 (webTareas through 2.1 allows files/Default/ Directory Listing. ...)
@@ -57506,8 +57517,8 @@ CVE-2020-25595 (An issue was discovered in Xen through 4.14.x. The PCI passthrou
 	NOTE: https://xenbits.xen.org/xsa/advisory-337.html
 CVE-2020-25594 (HashiCorp Vault and Vault Enterprise allowed for enumeration of Secret ...)
 	NOT-FOR-US: HashiCorp Vault
-CVE-2020-25593
-	RESERVED
+CVE-2020-25593 (Acronis True Image through 2021 on macOS allows local privilege escala ...)
+	TODO: check
 CVE-2020-25592 (In SaltStack Salt through 3002, salt-netapi improperly validates eauth ...)
 	{DSA-4837-1 DLA-2480-1}
 	- salt 3002.1+dfsg1-1
@@ -70930,7 +70941,7 @@ CVE-2020-19203 (Netgate pfSense Community Edition 2.4.4 - p2 (arm64) is affected
 	NOT-FOR-US: Netgate pfSense Community Edition
 CVE-2020-19202 (An authenticated Stored XSS (Cross-site Scripting) exists in the "capt ...)
 	NOT-FOR-US: IPFire
-CVE-2020-19201 (Netgate pfSense 2.4.4 - p2 is affected by: Cross Site Scripting (XSS). ...)
+CVE-2020-19201 (A Stored Cross-Site Scripting (XSS) vulnerability was found in status_ ...)
 	NOT-FOR-US: Netgate pfSense
 CVE-2020-19200
 	RESERVED
@@ -79205,10 +79216,10 @@ CVE-2020-15498 (An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.
 	NOT-FOR-US: ASUS RT-AC1900P routers
 CVE-2020-15497 (** DISPUTED ** jcore/portal/ajaxPortal.jsp in Jalios JCMS 10.0.2 build ...)
 	NOT-FOR-US: Jalios JCMS
-CVE-2020-15496
-	RESERVED
-CVE-2020-15495
-	RESERVED
+CVE-2020-15496 (Acronis True Image for Mac before 2021 Update 4 allowed local privileg ...)
+	TODO: check
+CVE-2020-15495 (Acronis True Image 2019 update 1 through 2020 on macOS allows local pr ...)
+	TODO: check
 CVE-2020-15494
 	RESERVED
 CVE-2020-15493
@@ -86718,18 +86729,18 @@ CVE-2020-12736 (Code42 environments with on-premises server versions 7.0.4 and e
 	NOT-FOR-US: Code42
 CVE-2020-12735 (reset.php in DomainMOD 4.13.0 uses insufficient entropy for password r ...)
 	NOT-FOR-US: DomainMOD
-CVE-2020-12734
-	RESERVED
-CVE-2020-12733
-	RESERVED
-CVE-2020-12732
-	RESERVED
-CVE-2020-12731
-	RESERVED
-CVE-2020-12730
-	RESERVED
-CVE-2020-12729
-	RESERVED
+CVE-2020-12734 (DEPSTECH WiFi Digital Microscope 3 allows remote attackers to change t ...)
+	TODO: check
+CVE-2020-12733 (Certain Shenzhen PENGLIXIN components on DEPSTECH WiFi Digital Microsc ...)
+	TODO: check
+CVE-2020-12732 (DEPSTECH WiFi Digital Microscope 3 has a default SSID of Jetion_xxxxxx ...)
+	TODO: check
+CVE-2020-12731 (The MagicMotion Flamingo 2 application for Android stores data on an s ...)
+	TODO: check
+CVE-2020-12730 (MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing an ...)
+	TODO: check
+CVE-2020-12729 (MagicMotion Flamingo 2 has a lack of access control for reading from d ...)
+	TODO: check
 CVE-2020-12728
 	RESERVED
 CVE-2020-12727
@@ -90640,8 +90651,8 @@ CVE-2020-11635 (The Zscaler Client Connector prior to 3.1.0 did not sufficiently
 	NOT-FOR-US: Zscaler Client Connector
 CVE-2020-11634
 	RESERVED
-CVE-2020-11633
-	RESERVED
+CVE-2020-11633 (The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack ...)
+	TODO: check
 CVE-2020-11632
 	RESERVED
 CVE-2020-11631 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...)
@@ -102619,7 +102630,7 @@ CVE-2020-7073
 CVE-2020-7072
 	RESERVED
 CVE-2020-7071 (In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when ...)
-	{DSA-4856-1}
+	{DSA-4856-1 DLA-2708-1}
 	- php8.0 8.0.1-1
 	- php7.4 7.4.14-1
 	- php7.3 <removed>
@@ -123449,7 +123460,7 @@ CVE-2019-18220 (Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery
 CVE-2019-18219 (Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting (XSS) vulner ...)
 	NOT-FOR-US: Sitemagic CMS
 CVE-2019-18218 (cdf_read_property_info in cdf.c in file through 5.37 does not restrict ...)
-	{DSA-4550-1 DLA-1969-1}
+	{DSA-4550-1 DLA-2708-1 DLA-1969-1}
 	- file 1:5.37-6 (bug #942830)
 	- php7.0 <removed>
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1adf3bb9a216bd9e74c865993d37e7b6829b623

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1adf3bb9a216bd9e74c865993d37e7b6829b623
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210715/afd645f4/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list