[Git][security-tracker-team/security-tracker][master] automatic update

Sat Jul 31 21:10:36 BST 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bb41cae6 by security tracker role at 2021-07-31T20:10:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2021-37760 (A Session ID leak in the audit log in Graylog before 4.1.2 allows atta ...)
+	TODO: check
+CVE-2021-37759 (A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows ...)
+	TODO: check
 CVE-2021-37758
 	RESERVED
 CVE-2021-37757
@@ -9307,8 +9311,8 @@ CVE-2021-33619
 	RESERVED
 CVE-2021-33618
 	RESERVED
-CVE-2021-33617
-	RESERVED
+CVE-2021-33617 (Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/ ...)
+	TODO: check
 CVE-2021-33616
 	RESERVED
 CVE-2021-33615
@@ -57079,8 +57083,8 @@ CVE-2020-26808 (SAP AS ABAP(DMIS), versions - 2011_1_620, 2011_1_640, 2011_1_700
 	NOT-FOR-US: SAP
 CVE-2020-26807 (SAP ERP Client for E-Bilanz, version - 1.0, installation sets Incorrec ...)
 	NOT-FOR-US: SAP
-CVE-2020-26806
-	RESERVED
+CVE-2020-26806 (admin/file.do in ObjectPlanet Opinio before 7.15 allows Unrestricted F ...)
+	TODO: check
 CVE-2020-26805 (In Sentrifugo 3.2, admin can edit employee's informations via this end ...)
 	NOT-FOR-US: Sentrifugo
 CVE-2020-26804 (In Sentrifugo 3.2, users can share an announcement under "Organization ...)
@@ -57635,11 +57639,11 @@ CVE-2020-26566 (A Denial of Service condition in Motion-Project Motion 3.2 throu
 	NOTE: https://github.com/Motion-Project/motion/security/advisories/GHSA-6f7x-grw7-fw24
 	NOTE: https://github.com/Motion-Project/motion/issues/1227#issuecomment-715927776
 	NOTE: https://github.com/Motion-Project/motion/pull/1232
-CVE-2020-26565
-	RESERVED
-CVE-2020-26564
-	RESERVED
-CVE-2020-26563 (ObjectPlanet Opinio before 7.13 allows reflected XSS via the survey/ad ...)
+CVE-2020-26565 (ObjectPlanet Opinio before 7.14 allows Expression Language Injection v ...)
+	TODO: check
+CVE-2020-26564 (ObjectPlanet Opinio before 7.15 allows XXE attacks via three steps: mo ...)
+	TODO: check
+CVE-2020-26563 (ObjectPlanet Opinio before 7.14 allows reflected XSS via the survey/ad ...)
 	NOT-FOR-US: ObjectPlanet Opinio
 CVE-2020-26562
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb41cae6ba7fb840c33fac081ef093c8a6e5d346

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb41cae6ba7fb840c33fac081ef093c8a6e5d346
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210731/af80e4c7/attachment.htm>
