[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jul 15 21:10:34 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b1adf3bb by security tracker role at 2021-07-15T20:10:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2021-36753 (sharkdp BAT before 0.18.2 executes less.exe from the current working d ...)
+ TODO: check
+CVE-2021-36752
+ RESERVED
+CVE-2021-36751
+ RESERVED
+CVE-2021-36750
+ RESERVED
+CVE-2021-36749
+ RESERVED
+CVE-2021-3650
+ RESERVED
+CVE-2021-3649
+ RESERVED
CVE-2021-36748
RESERVED
CVE-2021-36747
@@ -3719,8 +3733,8 @@ CVE-2021-35058
RESERVED
CVE-2021-35057
RESERVED
-CVE-2021-35056
- RESERVED
+CVE-2021-35056 (Unisys Stealth 5.1 before 5.1.025.0 and 6.0 before 6.0.055.0 has an un ...)
+ TODO: check
CVE-2021-35055
RESERVED
CVE-2020-36393
@@ -4208,14 +4222,14 @@ CVE-2021-34832
RESERVED
CVE-2021-34831
RESERVED
-CVE-2021-34830
- RESERVED
-CVE-2021-34829
- RESERVED
-CVE-2021-34828
- RESERVED
-CVE-2021-34827
- RESERVED
+CVE-2021-34830 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ TODO: check
+CVE-2021-34829 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ TODO: check
+CVE-2021-34828 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ TODO: check
+CVE-2021-34827 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ TODO: check
CVE-2021-3608 [pvrdma: uninitialized memory unmap in pvrdma_ring_init()]
RESERVED
- qemu <unfixed> (bug #990563)
@@ -4538,18 +4552,18 @@ CVE-2021-34693 (net/can/bcm.c in the Linux kernel through 5.12.10 allows local u
NOTE: https://www.openwall.com/lists/oss-security/2021/06/15/1
NOTE: https://github.com/nrb547/kernel-exploitation/tree/main/cve-2021-34693
NOTE: https://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076@3c-app-gmx-bs04/T/
-CVE-2021-34692
- RESERVED
-CVE-2021-34691
- RESERVED
-CVE-2021-34690
- RESERVED
-CVE-2021-34689
- RESERVED
-CVE-2021-34688
- RESERVED
-CVE-2021-34687
- RESERVED
+CVE-2021-34692 (iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. ...)
+ TODO: check
+CVE-2021-34691 (iDrive RemotePC before 4.0.1 on Linux allows denial of service. A remo ...)
+ TODO: check
+CVE-2021-34690 (iDrive RemotePC before 7.6.48 on Windows allows authentication bypass. ...)
+ TODO: check
+CVE-2021-34689 (iDrive RemotePC before 7.6.48 on Windows allows information disclosure ...)
+ TODO: check
+CVE-2021-34688 (iDrive RemotePC before 7.6.48 on Windows allows information disclosure ...)
+ TODO: check
+CVE-2021-34687 (iDrive RemotePC before 7.6.48 on Windows allows information disclosure ...)
+ TODO: check
CVE-2021-3601
RESERVED
- openssl1.0 <removed>
@@ -4870,8 +4884,7 @@ CVE-2021-3592 (An invalid pointer initialization issue was found in the SLiRP ne
NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/f13cad45b25d92760bb0ad67bec0300a4d7d5275 (v4.6.0)
NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2eca0838eee1da96204545e22cdaed860d9d7c6c (v4.6.0)
NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
-CVE-2021-34558
- RESERVED
+CVE-2021-34558 (The crypto/tls package of Go through 1.16.5 does not properly assert t ...)
- golang-1.16 1.16.6-1
- golang-1.15 <unfixed>
- golang-1.11 <removed>
@@ -5160,8 +5173,8 @@ CVE-2021-34431
RESERVED
CVE-2021-34430 (Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C ...)
NOT-FOR-US: Eclipse TinyDTLS
-CVE-2021-34429
- RESERVED
+CVE-2021-34429 (For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-1 ...)
+ TODO: check
CVE-2021-34428 (For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, i ...)
- jetty9 9.4.39-2 (bug #990578)
[stretch] - jetty9 <not-affected> (vulnerable code is not present)
@@ -7288,8 +7301,8 @@ CVE-2021-33507 (Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthSer
NOT-FOR-US: Zope Products.CMFCore (as used in Plone)
CVE-2021-33506 (jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure tha ...)
NOT-FOR-US: jitsi-meet-prosody
-CVE-2021-33505
- RESERVED
+CVE-2021-33505 (Falco through 0.28.1 has a Time-of-check Time-of-use (TOCTOU) Race Con ...)
+ TODO: check
CVE-2021-33504
RESERVED
CVE-2021-33503 (An issue was discovered in urllib3 before 1.26.5. When provided with a ...)
@@ -8964,8 +8977,8 @@ CVE-2021-32772
RESERVED
CVE-2021-32771
RESERVED
-CVE-2021-32770
- RESERVED
+CVE-2021-32770 (Gatsby is a framework for building websites. The gatsby-source-wordpre ...)
+ TODO: check
CVE-2021-32769
RESERVED
CVE-2021-32768
@@ -9004,8 +9017,8 @@ CVE-2021-32752 (Ether Logs is a package that allows one to check one's logs in t
NOT-FOR-US: Ether Logs
CVE-2021-32751
RESERVED
-CVE-2021-32750
- RESERVED
+CVE-2021-32750 (MuWire is a file publishing and networking tool that protects the iden ...)
+ TODO: check
CVE-2021-32749
RESERVED
CVE-2021-32748
@@ -9026,8 +9039,7 @@ CVE-2021-32745
RESERVED
CVE-2021-32744
RESERVED
-CVE-2021-32743 [Passwords used to access external services inadvertently exposed through API]
- RESERVED
+CVE-2021-32743 (Icinga is a monitoring system which checks the availability of network ...)
- icinga2 <unfixed>
NOTE: https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/
NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7
@@ -9039,8 +9051,7 @@ CVE-2021-32740 (Addressable is an alternative implementation to the URI implemen
- ruby-addressable 2.7.0-2 (bug #990791)
NOTE: https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g
NOTE: https://github.com/sporkmonger/addressable/commit/b48ff03347a6d46e8dc674e242ce74c6381962a5#diff-fb36d3dc67e6565ffde17e666a98697f48e76dac38fabf1bb9e97cdf3b583d76
-CVE-2021-32739 [Results of queries for ApiListener objects include the ticket salt which allows in turn to steal (more privileged) identities]
- RESERVED
+CVE-2021-32739 (Icinga is a monitoring system which checks the availability of network ...)
- icinga2 <unfixed>
NOTE: https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/
NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-98wp-jc6q-x5q5
@@ -10825,8 +10836,8 @@ CVE-2021-32001
RESERVED
CVE-2021-32000
RESERVED
-CVE-2021-31999
- RESERVED
+CVE-2021-31999 (A Reliance on Untrusted Inputs in a Security Decision vulnerability in ...)
+ TODO: check
CVE-2021-31998 (A Incorrect Default Permissions vulnerability in the packaging of inn ...)
- inn2 <not-affected> (SuSE-specific packaging issue)
CVE-2021-31997 (a UNIX Symbolic Link (Symlink) Following vulnerability in python-posto ...)
@@ -14408,7 +14419,7 @@ CVE-2021-30548 (Use after free in Loader in Google Chrome prior to 91.0.4472.101
- chromium <unfixed> (bug #990079)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30547 (Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 a ...)
- {DSA-4939-1}
+ {DSA-4939-1 DLA-2709-1}
- chromium <unfixed> (bug #990079)
[stretch] - chromium <end-of-life> (see DSA 4562)
- firefox 90.0-1
@@ -15928,7 +15939,7 @@ CVE-2021-29977
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29977
CVE-2021-29976
RESERVED
- {DSA-4939-1}
+ {DSA-4939-1 DLA-2709-1}
- firefox 90.0-1
- firefox-esr 78.12.0esr-1
- thunderbird <unfixed>
@@ -15957,7 +15968,7 @@ CVE-2021-29971
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29971
CVE-2021-29970
RESERVED
- {DSA-4939-1}
+ {DSA-4939-1 DLA-2709-1}
- firefox 90.0-1
- firefox-esr 78.12.0esr-1
- thunderbird <unfixed>
@@ -16493,8 +16504,8 @@ CVE-2021-29751 (IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Bu
NOT-FOR-US: IBM
CVE-2021-29750
RESERVED
-CVE-2021-29749
- RESERVED
+CVE-2021-29749 (IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6 ...)
+ TODO: check
CVE-2021-29748
RESERVED
CVE-2021-29747 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...)
@@ -16507,8 +16518,8 @@ CVE-2021-29744
RESERVED
CVE-2021-29743
RESERVED
-CVE-2021-29742
- RESERVED
+CVE-2021-29742 (IBM Security Verify Access Docker 10.0.0 could allow a user to imperso ...)
+ TODO: check
CVE-2021-29741
RESERVED
CVE-2021-29740 (IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 sys ...)
@@ -16541,8 +16552,8 @@ CVE-2021-29727
RESERVED
CVE-2021-29726
RESERVED
-CVE-2021-29725
- RESERVED
+CVE-2021-29725 (IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IB ...)
+ TODO: check
CVE-2021-29724
RESERVED
CVE-2021-29723
@@ -16593,8 +16604,8 @@ CVE-2021-29701
RESERVED
CVE-2021-29700
RESERVED
-CVE-2021-29699
- RESERVED
+CVE-2021-29699 (IBM Security Verify Access Docker 10.0.0 could allow a remote priviled ...)
+ TODO: check
CVE-2021-29698
RESERVED
CVE-2021-29697
@@ -21222,12 +21233,12 @@ CVE-2021-27849
RESERVED
CVE-2021-27848
RESERVED
-CVE-2021-27847
- RESERVED
+CVE-2021-27847 (Division-By-Zero vulnerability in Libvips 8.10.5 in the function vips_ ...)
+ TODO: check
CVE-2021-27846
RESERVED
-CVE-2021-27845
- RESERVED
+CVE-2021-27845 (A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2 ...)
+ TODO: check
CVE-2021-27844
RESERVED
CVE-2021-27843
@@ -22678,7 +22689,7 @@ CVE-2021-27200 (In WoWonder 3.0.4, remote attackers can take over any account du
NOT-FOR-US: WoWonder
CVE-2021-27199
RESERVED
-CVE-2021-27198 (An issue was discovered in Visualware MyConnection Server through 11.0 ...)
+CVE-2021-27198 (An issue was discovered in Visualware MyConnection Server before v11.1 ...)
NOT-FOR-US: Visualware MyConnection Server
CVE-2021-27197 (DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arb ...)
NOT-FOR-US: Pelco Digital Sentry Server
@@ -27416,13 +27427,13 @@ CVE-2021-25321 (A UNIX Symbolic Link (Symlink) Following vulnerability in arpwat
- arpwatch <not-affected> (SuSE specific packaging issue)
NOTE: Debian does not ship arpwatch-2.1a11-drop-privs.dif and does apply permissions
NOTE: to /var/lib/arpwatch (to arpwatch:arpatch, 0750) on postinst time
-CVE-2021-25320
- RESERVED
+CVE-2021-25320 (A Improper Access Control vulnerability in Rancher, allows users in th ...)
+ TODO: check
CVE-2021-25319 (A Incorrect Default Permissions vulnerability in the packaging of virt ...)
- virtualbox <not-affected> (openSUSE specific security issue in the openSUSE packaging)
NOTE: https://www.openwall.com/lists/oss-security/2021/04/26/2
-CVE-2021-25318
- RESERVED
+CVE-2021-25318 (A Incorrect Permission Assignment for Critical Resource vulnerability ...)
+ TODO: check
CVE-2021-25317 (A Incorrect Default Permissions vulnerability in the packaging of cups ...)
- cups <not-affected> (In Debian /var/log/cups is owned by root:root)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1949119
@@ -32265,10 +32276,10 @@ CVE-2021-3045
RESERVED
CVE-2021-3044 (An improper authorization vulnerability in Palo Alto Networks Cortex X ...)
NOT-FOR-US: Palo Alto Networks
-CVE-2021-3043
- RESERVED
-CVE-2021-3042
- RESERVED
+CVE-2021-3043 (A reflected cross-site scripting (XSS) vulnerability exists in the Pri ...)
+ TODO: check
+CVE-2021-3042 (A local privilege escalation (PE) vulnerability exists in the Palo Alt ...)
+ TODO: check
CVE-2021-3041 (A local privilege escalation vulnerability exists in the Palo Alto Net ...)
NOT-FOR-US: Palo Alto Networks
CVE-2021-3040 (An unsafe deserialization vulnerability in Bridgecrew Checkov by Prism ...)
@@ -35502,7 +35513,7 @@ CVE-2021-21706
RESERVED
CVE-2021-21705 [PHP: SSRF bypass in FILTER_VALIDATE_URL]
RESERVED
- {DSA-4935-1}
+ {DSA-4935-1 DLA-2708-1}
- php8.0 8.0.8-1 (bug #990575)
- php7.4 7.4.21-1+deb11u1
- php7.3 <removed>
@@ -35511,7 +35522,7 @@ CVE-2021-21705 [PHP: SSRF bypass in FILTER_VALIDATE_URL]
NOTE: PHP Bug: https://bugs.php.net/81122
CVE-2021-21704 [PHP: firebird issues]
RESERVED
- {DSA-4935-1}
+ {DSA-4935-1 DLA-2708-1}
- php8.0 8.0.8-1 (bug #990575)
- php7.4 7.4.21-1+deb11u1
- php7.3 <removed>
@@ -35524,7 +35535,7 @@ CVE-2021-21704 [PHP: firebird issues]
CVE-2021-21703
RESERVED
CVE-2021-21702 (In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below ...)
- {DSA-4856-1}
+ {DSA-4856-1 DLA-2708-1}
- php8.0 8.0.2-1
- php7.4 7.4.15-1
- php7.3 <removed>
@@ -35759,10 +35770,10 @@ CVE-2021-21589 (Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0
NOT-FOR-US: EMC
CVE-2021-21588 (Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vu ...)
NOT-FOR-US: EMC
-CVE-2021-21587
- RESERVED
-CVE-2021-21586
- RESERVED
+CVE-2021-21587 (Dell Wyse Management Suite versions 3.2 and earlier contain a full pat ...)
+ TODO: check
+CVE-2021-21586 (Wyse Management Suite versions 3.2 and earlier contain an absolute pat ...)
+ TODO: check
CVE-2021-21585
RESERVED
CVE-2021-21584
@@ -39742,16 +39753,16 @@ CVE-2021-20539
RESERVED
CVE-2021-20538 (IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a us ...)
NOT-FOR-US: IBM
-CVE-2021-20537
- RESERVED
+CVE-2021-20537 (IBM Security Verify Access Docker 10.0.0 contains hard-coded credentia ...)
+ TODO: check
CVE-2021-20536 (IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores ...)
NOT-FOR-US: IBM
CVE-2021-20535 (IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerabl ...)
NOT-FOR-US: IBM
-CVE-2021-20534
- RESERVED
-CVE-2021-20533
- RESERVED
+CVE-2021-20534 (IBM Security Verify Access Docker 10.0.0 could allow a remote attacker ...)
+ TODO: check
+CVE-2021-20533 (IBM Security Verify Access Docker 10.0.0 could allow a remote authenti ...)
+ TODO: check
CVE-2021-20532 (IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 could allow a loc ...)
NOT-FOR-US: IBM
CVE-2021-20531
@@ -39768,10 +39779,10 @@ CVE-2021-20526
RESERVED
CVE-2021-20525
RESERVED
-CVE-2021-20524
- RESERVED
-CVE-2021-20523
- RESERVED
+CVE-2021-20524 (IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site s ...)
+ TODO: check
+CVE-2021-20523 (IBM Security Verify Access Docker 10.0.0 could allow a remote attacker ...)
+ TODO: check
CVE-2021-20522
RESERVED
CVE-2021-20521
@@ -39794,10 +39805,10 @@ CVE-2021-20513
RESERVED
CVE-2021-20512
RESERVED
-CVE-2021-20511
- RESERVED
-CVE-2021-20510
- RESERVED
+CVE-2021-20511 (IBM Security Verify Access Docker 10.0.0 could allow a remote attacker ...)
+ TODO: check
+CVE-2021-20510 (IBM Security Verify Access Docker 10.0.0 stores user credentials in pl ...)
+ TODO: check
CVE-2021-20509
RESERVED
CVE-2021-20508
@@ -39816,16 +39827,16 @@ CVE-2021-20502 (IBM Jazz Foundation Products are vulnerable to an XML External E
NOT-FOR-US: IBM
CVE-2021-20501 (IBM i 7.1, 7.2, 7.3, and 7.4 SMTP allows a network attacker to send em ...)
NOT-FOR-US: IBM
-CVE-2021-20500
- RESERVED
-CVE-2021-20499
- RESERVED
-CVE-2021-20498
- RESERVED
-CVE-2021-20497
- RESERVED
-CVE-2021-20496
- RESERVED
+CVE-2021-20500 (IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive ...)
+ TODO: check
+CVE-2021-20499 (IBM Security Verify Access Docker 10.0.0 could allow a remote attacker ...)
+ TODO: check
+CVE-2021-20498 (IBM Security Verify Access Docker 10.0.0 reveals version information i ...)
+ TODO: check
+CVE-2021-20497 (IBM Security Verify Access Docker 10.0.0 uses weaker than expected cry ...)
+ TODO: check
+CVE-2021-20496 (IBM Security Verify Access Docker 10.0.0 could allow an authenticated ...)
+ TODO: check
CVE-2021-20495
RESERVED
CVE-2021-20494 (IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a ...)
@@ -39938,8 +39949,8 @@ CVE-2021-20441 (IBM Security Verify Bridge uses weaker than expected cryptograph
NOT-FOR-US: IBM
CVE-2021-20440 (IBM API Connect 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13 does not ...)
NOT-FOR-US: IBM
-CVE-2021-20439
- RESERVED
+CVE-2021-20439 (IBM Security Access Manager 9.0 and IBM Security Verify Access Docker ...)
+ TODO: check
CVE-2021-20438
RESERVED
CVE-2021-20437
@@ -56922,8 +56933,8 @@ CVE-2020-25738 (CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows atta
NOT-FOR-US: CyberArk Endpoint Privilege Manager (EPM)
CVE-2020-25737 (An elevation of privilege vulnerability exists in Hackolade versions p ...)
NOT-FOR-US: Hackolade
-CVE-2020-25736
- RESERVED
+CVE-2020-25736 (Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows ...)
+ TODO: check
CVE-2020-25735 (webTareas through 2.1 allows XSS in clients/editclient.php, extensions ...)
NOT-FOR-US: webTareas
CVE-2020-25734 (webTareas through 2.1 allows files/Default/ Directory Listing. ...)
@@ -57506,8 +57517,8 @@ CVE-2020-25595 (An issue was discovered in Xen through 4.14.x. The PCI passthrou
NOTE: https://xenbits.xen.org/xsa/advisory-337.html
CVE-2020-25594 (HashiCorp Vault and Vault Enterprise allowed for enumeration of Secret ...)
NOT-FOR-US: HashiCorp Vault
-CVE-2020-25593
- RESERVED
+CVE-2020-25593 (Acronis True Image through 2021 on macOS allows local privilege escala ...)
+ TODO: check
CVE-2020-25592 (In SaltStack Salt through 3002, salt-netapi improperly validates eauth ...)
{DSA-4837-1 DLA-2480-1}
- salt 3002.1+dfsg1-1
@@ -70930,7 +70941,7 @@ CVE-2020-19203 (Netgate pfSense Community Edition 2.4.4 - p2 (arm64) is affected
NOT-FOR-US: Netgate pfSense Community Edition
CVE-2020-19202 (An authenticated Stored XSS (Cross-site Scripting) exists in the "capt ...)
NOT-FOR-US: IPFire
-CVE-2020-19201 (Netgate pfSense 2.4.4 - p2 is affected by: Cross Site Scripting (XSS). ...)
+CVE-2020-19201 (A Stored Cross-Site Scripting (XSS) vulnerability was found in status_ ...)
NOT-FOR-US: Netgate pfSense
CVE-2020-19200
RESERVED
@@ -79205,10 +79216,10 @@ CVE-2020-15498 (An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.
NOT-FOR-US: ASUS RT-AC1900P routers
CVE-2020-15497 (** DISPUTED ** jcore/portal/ajaxPortal.jsp in Jalios JCMS 10.0.2 build ...)
NOT-FOR-US: Jalios JCMS
-CVE-2020-15496
- RESERVED
-CVE-2020-15495
- RESERVED
+CVE-2020-15496 (Acronis True Image for Mac before 2021 Update 4 allowed local privileg ...)
+ TODO: check
+CVE-2020-15495 (Acronis True Image 2019 update 1 through 2020 on macOS allows local pr ...)
+ TODO: check
CVE-2020-15494
RESERVED
CVE-2020-15493
@@ -86718,18 +86729,18 @@ CVE-2020-12736 (Code42 environments with on-premises server versions 7.0.4 and e
NOT-FOR-US: Code42
CVE-2020-12735 (reset.php in DomainMOD 4.13.0 uses insufficient entropy for password r ...)
NOT-FOR-US: DomainMOD
-CVE-2020-12734
- RESERVED
-CVE-2020-12733
- RESERVED
-CVE-2020-12732
- RESERVED
-CVE-2020-12731
- RESERVED
-CVE-2020-12730
- RESERVED
-CVE-2020-12729
- RESERVED
+CVE-2020-12734 (DEPSTECH WiFi Digital Microscope 3 allows remote attackers to change t ...)
+ TODO: check
+CVE-2020-12733 (Certain Shenzhen PENGLIXIN components on DEPSTECH WiFi Digital Microsc ...)
+ TODO: check
+CVE-2020-12732 (DEPSTECH WiFi Digital Microscope 3 has a default SSID of Jetion_xxxxxx ...)
+ TODO: check
+CVE-2020-12731 (The MagicMotion Flamingo 2 application for Android stores data on an s ...)
+ TODO: check
+CVE-2020-12730 (MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing an ...)
+ TODO: check
+CVE-2020-12729 (MagicMotion Flamingo 2 has a lack of access control for reading from d ...)
+ TODO: check
CVE-2020-12728
RESERVED
CVE-2020-12727
@@ -90640,8 +90651,8 @@ CVE-2020-11635 (The Zscaler Client Connector prior to 3.1.0 did not sufficiently
NOT-FOR-US: Zscaler Client Connector
CVE-2020-11634
RESERVED
-CVE-2020-11633
- RESERVED
+CVE-2020-11633 (The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack ...)
+ TODO: check
CVE-2020-11632
RESERVED
CVE-2020-11631 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...)
@@ -102619,7 +102630,7 @@ CVE-2020-7073
CVE-2020-7072
RESERVED
CVE-2020-7071 (In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when ...)
- {DSA-4856-1}
+ {DSA-4856-1 DLA-2708-1}
- php8.0 8.0.1-1
- php7.4 7.4.14-1
- php7.3 <removed>
@@ -123449,7 +123460,7 @@ CVE-2019-18220 (Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery
CVE-2019-18219 (Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting (XSS) vulner ...)
NOT-FOR-US: Sitemagic CMS
CVE-2019-18218 (cdf_read_property_info in cdf.c in file through 5.37 does not restrict ...)
- {DSA-4550-1 DLA-1969-1}
+ {DSA-4550-1 DLA-2708-1 DLA-1969-1}
- file 1:5.37-6 (bug #942830)
- php7.0 <removed>
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1adf3bb9a216bd9e74c865993d37e7b6829b623
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1adf3bb9a216bd9e74c865993d37e7b6829b623
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210715/afd645f4/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list