[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jun 16 21:10:33 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
97131d3d by security tracker role at 2021-06-16T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2021-34813 (Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to cra ...)
+ TODO: check
+CVE-2021-34812
+ RESERVED
+CVE-2021-34811
+ RESERVED
+CVE-2021-34810
+ RESERVED
+CVE-2021-34809
+ RESERVED
+CVE-2021-34808
+ RESERVED
+CVE-2021-34807
+ RESERVED
+CVE-2021-34806
+ RESERVED
+CVE-2021-34805
+ RESERVED
+CVE-2021-34804
+ RESERVED
+CVE-2021-34803 (TeamViewer before 14.7.48644 on Windows loads untrusted DLLs in certai ...)
+ TODO: check
+CVE-2021-34802
+ RESERVED
+CVE-2021-34801 (Valine 1.4.14 allows remote attackers to cause a denial of service (ap ...)
+ TODO: check
+CVE-2021-34800
+ RESERVED
+CVE-2021-34799
+ RESERVED
+CVE-2021-34798
+ RESERVED
CVE-2021-3604
RESERVED
CVE-2021-34797
@@ -241,8 +273,8 @@ CVE-2021-34685
RESERVED
CVE-2021-34684
RESERVED
-CVE-2021-34683
- RESERVED
+CVE-2021-34683 (An issue was discovered in EXCELLENT INFOTEK CORPORATION (EIC) E-docum ...)
+ TODO: check
CVE-2021-34682 (Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack agains ...)
NOT-FOR-US: Receita Federal IRPF 2021 1.7
CVE-2021-3600
@@ -553,8 +585,8 @@ CVE-2021-34553
RESERVED
CVE-2021-34552
RESERVED
-CVE-2021-34551
- RESERVED
+CVE-2021-34551 (PHPMailer before 6.5.0 on Windows allows remote code execution if lang ...)
+ TODO: check
CVE-2021-34550
RESERVED
CVE-2021-34549
@@ -1299,10 +1331,10 @@ CVE-2021-34205
RESERVED
CVE-2021-34204
RESERVED
-CVE-2021-34203
- RESERVED
-CVE-2021-34202
- RESERVED
+CVE-2021-34203 (D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. ...)
+ TODO: check
+CVE-2021-34202 (There are multiple out-of-bounds vulnerabilities in some processes of ...)
+ TODO: check
CVE-2021-34201
RESERVED
CVE-2021-34200
@@ -2134,8 +2166,8 @@ CVE-2021-33815 (dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-o
NOTE: https://github.com/FFmpeg/FFmpeg/commit/26d3c81bc5ef2f8c3f09d45eaeacfb4b1139a777
CVE-2021-33814
RESERVED
-CVE-2021-33813
- RESERVED
+CVE-2021-33813 (An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to c ...)
+ TODO: check
CVE-2021-33812
RESERVED
CVE-2021-33811
@@ -4184,8 +4216,8 @@ CVE-2021-32930 (The affected product’s configuration is vulnerable due to
NOT-FOR-US: Advantech
CVE-2021-32929
RESERVED
-CVE-2021-32928
- RESERVED
+CVE-2021-32928 (The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prio ...)
+ TODO: check
CVE-2021-32927
RESERVED
CVE-2021-32926 (When an authenticated password change request takes place, this vulner ...)
@@ -4763,8 +4795,8 @@ CVE-2021-32661 (Backstage is an open platform for building developer portals. In
NOT-FOR-US: Backstage
CVE-2021-32660 (Backstage is an open platform for building developer portals, and tech ...)
NOT-FOR-US: Backstage
-CVE-2021-32659
- RESERVED
+CVE-2021-32659 (Matrix-appservice-bridge is the bridging service for the Matrix commun ...)
+ TODO: check
CVE-2021-32658 (Nextcloud Android is the Android client for the Nextcloud open source ...)
NOT-FOR-US: Nextcloud client for Android
CVE-2021-32657 (Nextcloud Server is a Nextcloud package that handles data storage. In ...)
@@ -4884,8 +4916,8 @@ CVE-2021-32613 (In radare2 through 5.3.0 there is a double free vulnerability in
- radare2 <unfixed> (bug #989067)
NOTE: https://github.com/radareorg/radare2/issues/18679
NOTE: https://github.com/radareorg/radare2/commit/049de62730f4954ef9a642f2eeebbca30a8eccdc
-CVE-2021-32612
- RESERVED
+CVE-2021-32612 (The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android d ...)
+ TODO: check
CVE-2021-32611 (A NULL pointer dereference vulnerability exists in eXcall_api.c in Ant ...)
- libexosip2 <removed>
[buster] - libexosip2 <no-dsa> (Minor issue)
@@ -6171,8 +6203,8 @@ CVE-2021-32035
RESERVED
CVE-2021-32034
RESERVED
-CVE-2021-32033
- RESERVED
+CVE-2021-32033 (Protectimus SLIM NFC 70 10.01 devices allow a Time Traveler attack in ...)
+ TODO: check
CVE-2021-32032 (In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated ...)
NOT-FOR-US: Trusted Firmware-M
CVE-2021-32031
@@ -6744,8 +6776,8 @@ CVE-2021-31859
RESERVED
CVE-2021-31858
RESERVED
-CVE-2021-31857
- RESERVED
+CVE-2021-31857 (In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, att ...)
+ TODO: check
CVE-2021-31856 (A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 ...)
NOT-FOR-US: Layer Meshery
CVE-2021-31855 (KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages ...)
@@ -8488,8 +8520,8 @@ CVE-2021-31161
RESERVED
CVE-2021-31160
RESERVED
-CVE-2021-31159
- RESERVED
+CVE-2021-31159 (Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a ...)
+ TODO: check
CVE-2021-31158 (In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, ...)
NOT-FOR-US: Couchbase Server
CVE-2021-31157
@@ -10155,8 +10187,8 @@ CVE-2021-30469 (A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::P
[buster] - libpodofo <no-dsa> (Minor issue)
[stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
NOTE: https://sourceforge.net/p/podofo/tickets/129/
-CVE-2021-30468
- RESERVED
+CVE-2021-30468 (A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows ...)
+ TODO: check
CVE-2021-30467
RESERVED
CVE-2021-30466
@@ -11980,8 +12012,8 @@ CVE-2021-29704
RESERVED
CVE-2021-29703
RESERVED
-CVE-2021-29702
- RESERVED
+CVE-2021-29702 (Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 a ...)
+ TODO: check
CVE-2021-29701
RESERVED
CVE-2021-29700
@@ -13769,8 +13801,8 @@ CVE-2021-28981
RESERVED
CVE-2021-28980
RESERVED
-CVE-2021-28979
- RESERVED
+CVE-2021-28979 (SafeNet KeySecure Management Console 8.12.0 is vulnerable to HTTP resp ...)
+ TODO: check
CVE-2021-28978
RESERVED
CVE-2021-28977
@@ -17092,12 +17124,12 @@ CVE-2021-27614 (SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1,
NOT-FOR-US: SAP
CVE-2021-27613 (Under certain conditions, SAP Business One Chef cookbook, version - 9. ...)
NOT-FOR-US: SAP
-CVE-2021-27612 (In specific situations SAP GUI for Windows, versions - 7.60 PL10, 7.70 ...)
+CVE-2021-27612 (In specific situations SAP GUI for Windows until and including 7.60 PL ...)
NOT-FOR-US: SAP
CVE-2021-27611 (SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a hig ...)
NOT-FOR-US: SAP
-CVE-2021-27610
- RESERVED
+CVE-2021-27610 (SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, ...)
+ TODO: check
CVE-2021-27609 (SAP Focused RUN versions 200, 300, does not perform necessary authoriz ...)
NOT-FOR-US: SAP
CVE-2021-27608 (An unquoted service path in SAPSetup, version - 9.0, could lead to pri ...)
@@ -17352,28 +17384,28 @@ CVE-2021-27491
RESERVED
CVE-2021-27490 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...)
NOT-FOR-US: Datakit
-CVE-2021-27489
- RESERVED
+CVE-2021-27489 (ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allo ...)
+ TODO: check
CVE-2021-27488 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...)
NOT-FOR-US: Datakit
-CVE-2021-27487
- RESERVED
+CVE-2021-27487 (ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products co ...)
+ TODO: check
CVE-2021-27486 (FATEK Automation WinProladder Versions 3.30 and prior is vulnerable to ...)
NOT-FOR-US: Fatek Automation WinProladder
-CVE-2021-27485
- RESERVED
+CVE-2021-27485 (ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows us ...)
+ TODO: check
CVE-2021-27484
RESERVED
-CVE-2021-27483
- RESERVED
+CVE-2021-27483 (ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products con ...)
+ TODO: check
CVE-2021-27482
RESERVED
-CVE-2021-27481
- RESERVED
+CVE-2021-27481 (ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products ut ...)
+ TODO: check
CVE-2021-27480 (Delta Industrial Automation COMMGR Versions 1.12 and prior are vulnera ...)
NOT-FOR-US: Delta Industrial Automation COMMGR
-CVE-2021-27479
- RESERVED
+CVE-2021-27479 (ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product̵ ...)
+ TODO: check
CVE-2021-27478
RESERVED
CVE-2021-27477
@@ -28071,8 +28103,8 @@ CVE-2021-22916
RESERVED
CVE-2021-22915 (Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brut ...)
- nextcloud-server <itp> (bug #941708)
-CVE-2021-22914
- RESERVED
+CVE-2021-22914 (Citrix Cloud Connector before 6.31.0.62192 suffers from insecure stora ...)
+ TODO: check
CVE-2021-22913 (Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclos ...)
NOT-FOR-US: Nextcloud Deck
CVE-2021-22912 (Nextcloud iOS before 3.4.2 suffers from an information disclosure vuln ...)
@@ -30866,11 +30898,9 @@ CVE-2021-21670
RESERVED
CVE-2021-21669
RESERVED
-CVE-2021-21668
- RESERVED
+CVE-2021-21668 (Jenkins Scriptler Plugin 3.1 and earlier does not escape script conten ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21667
- RESERVED
+CVE-2021-21667 (Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter nam ...)
NOT-FOR-US: Jenkins plugin
CVE-2021-21666 (Jenkins Kiuwan Plugin 1.6.0 and earlier does not escape query paramete ...)
NOT-FOR-US: Jenkins plugin
@@ -32060,8 +32090,8 @@ CVE-2021-21443
RESERVED
CVE-2021-21442
RESERVED
-CVE-2021-21441
- RESERVED
+CVE-2021-21441 (There is a XSS vulnerability in the ticket overview screens. It's poss ...)
+ TODO: check
CVE-2021-21440
RESERVED
CVE-2021-21439 (DoS attack can be performed when an email contains specially designed ...)
@@ -32262,14 +32292,14 @@ CVE-2020-35764
RESERVED
CVE-2020-35763
RESERVED
-CVE-2020-35762
- RESERVED
-CVE-2020-35761
- RESERVED
-CVE-2020-35760
- RESERVED
-CVE-2020-35759
- RESERVED
+CVE-2020-35762 (bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' pa ...)
+ TODO: check
+CVE-2020-35761 (bloofoxCMS 0.5.2.1 is infected with XSS that allows remote attackers t ...)
+ TODO: check
+CVE-2020-35760 (bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allo ...)
+ TODO: check
+CVE-2020-35759 (bloofoxCMS 0.5.2.1 is infected with a CSRF Attack that leads to an att ...)
+ TODO: check
CVE-2020-35758 (An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. The ...)
NOT-FOR-US: Libre Wireless LS9 LS1.5/p7040 devices
CVE-2020-35757 (An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. The ...)
@@ -34940,10 +34970,10 @@ CVE-2021-20569
RESERVED
CVE-2021-20568
RESERVED
-CVE-2021-20567
- RESERVED
-CVE-2021-20566
- RESERVED
+CVE-2021-20567 (IBM Resilient SOAR V38.0 could allow a local privileged attacker to ob ...)
+ TODO: check
+CVE-2021-20566 (IBM Resilient SOAR V38.0 uses weaker than expected cryptographic algor ...)
+ TODO: check
CVE-2021-20565 (IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, ...)
NOT-FOR-US: IBM
CVE-2021-20564 (IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, ...)
@@ -35098,8 +35128,8 @@ CVE-2021-20490
RESERVED
CVE-2021-20489
RESERVED
-CVE-2021-20488
- RESERVED
+CVE-2021-20488 (IBM Security Identity Manager 6.0.2 could allow an authenticated malic ...)
+ TODO: check
CVE-2021-20487 (IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inje ...)
NOT-FOR-US: IBM
CVE-2021-20486 (IBM Cloud Pak for Data 3.0 could allow an authenticated user to obtain ...)
@@ -35108,8 +35138,8 @@ CVE-2021-20485
RESERVED
CVE-2021-20484
RESERVED
-CVE-2021-20483
- RESERVED
+CVE-2021-20483 (IBM Security Identity Manager 6.0.2 is vulnerable to server-side reque ...)
+ TODO: check
CVE-2021-20482 (IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 are vulnerable to ...)
NOT-FOR-US: IBM
CVE-2021-20481
@@ -36293,10 +36323,10 @@ CVE-2021-20096 (Cross-site request forgery in OpenOversight 0.6.4 allows a remot
NOT-FOR-US: OpenOversight
CVE-2021-20095
REJECTED
-CVE-2021-20094
- RESERVED
-CVE-2021-20093
- RESERVED
+CVE-2021-20094 (A denial of service vulnerability exists in Wibu-Systems CodeMeter ver ...)
+ TODO: check
+CVE-2021-20093 (A buffer over-read vulnerability exists in Wibu-Systems CodeMeter vers ...)
+ TODO: check
CVE-2021-20092 (The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.0 ...)
NOT-FOR-US: Buffalo
CVE-2021-20091 (The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.0 ...)
@@ -41919,18 +41949,18 @@ CVE-2021-1573
RESERVED
CVE-2021-1572
RESERVED
-CVE-2021-1571
- RESERVED
-CVE-2021-1570
- RESERVED
-CVE-2021-1569
- RESERVED
-CVE-2021-1568
- RESERVED
-CVE-2021-1567
- RESERVED
-CVE-2021-1566
- RESERVED
+CVE-2021-1571 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2021-1570 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...)
+ TODO: check
+CVE-2021-1569 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...)
+ TODO: check
+CVE-2021-1568 (A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows ...)
+ TODO: check
+CVE-2021-1567 (A vulnerability in the DLL loading mechanism of Cisco AnyConnect Secur ...)
+ TODO: check
+CVE-2021-1566 (A vulnerability in the Cisco Advanced Malware Protection (AMP) for End ...)
+ TODO: check
CVE-2021-1565
RESERVED
CVE-2021-1564 (Multiple vulnerabilities in the implementation of the Cisco Discovery ...)
@@ -41975,12 +42005,12 @@ CVE-2021-1545
RESERVED
CVE-2021-1544 (A vulnerability in logging mechanisms of Cisco Webex Meetings client s ...)
NOT-FOR-US: Cisco
-CVE-2021-1543
- RESERVED
-CVE-2021-1542
- RESERVED
-CVE-2021-1541
- RESERVED
+CVE-2021-1543 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2021-1542 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2021-1541 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
CVE-2021-1540 (Multiple vulnerabilities in the authorization process of Cisco ASR 500 ...)
NOT-FOR-US: Cisco
CVE-2021-1539 (Multiple vulnerabilities in the authorization process of Cisco ASR 500 ...)
@@ -42013,8 +42043,8 @@ CVE-2021-1526 (A vulnerability in Cisco Webex Player for Windows and MacOS could
NOT-FOR-US: Cisco
CVE-2021-1525 (A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Serve ...)
NOT-FOR-US: Cisco
-CVE-2021-1524
- RESERVED
+CVE-2021-1524 (A vulnerability in the API of Cisco Meeting Server could allow an auth ...)
+ TODO: check
CVE-2021-1523
RESERVED
CVE-2021-1522
@@ -42277,8 +42307,8 @@ CVE-2021-1397 (A vulnerability in the web-based management interface of Cisco In
NOT-FOR-US: Cisco
CVE-2021-1396 (Multiple vulnerabilities in Cisco Application Services Engine could al ...)
NOT-FOR-US: Cisco
-CVE-2021-1395
- RESERVED
+CVE-2021-1395 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ TODO: check
CVE-2021-1394 (A vulnerability in the ingress traffic manager of Cisco IOS XE Softwar ...)
NOT-FOR-US: Cisco
CVE-2021-1393 (Multiple vulnerabilities in Cisco Application Services Engine could al ...)
@@ -48386,8 +48416,8 @@ CVE-2020-27341
RESERVED
CVE-2020-27340 (The online help portal of Mitel MiCollab before 9.2 could allow an att ...)
NOT-FOR-US: Mitel
-CVE-2020-27339
- RESERVED
+CVE-2020-27339 (An issue was discovered in IdeBusDxe in Insyde InsydeH2O 5.x. Code in ...)
+ TODO: check
CVE-2020-27338 (An issue was discovered in Treck IPv6 before 6.0.1.68. Improper Input ...)
NOT-FOR-US: Treck
CVE-2020-27337 (An issue was discovered in Treck IPv6 before 6.0.1.68. Improper Input ...)
@@ -52100,14 +52130,14 @@ CVE-2020-25757 (A lack of input validation and access controls in Lua CGIs on D-
CVE-2020-25756 (** DISPUTED ** A buffer overflow vulnerability exists in the mg_get_ht ...)
NOT-FOR-US: Cesanta Mongoose
NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
-CVE-2020-25755
- RESERVED
-CVE-2020-25754
- RESERVED
-CVE-2020-25753
- RESERVED
-CVE-2020-25752
- RESERVED
+CVE-2020-25755 (An issue was discovered on Enphase Envoy R3.x and D4.x (and other curr ...)
+ TODO: check
+CVE-2020-25754 (An issue was discovered on Enphase Envoy R3.x and D4.x devices. There ...)
+ TODO: check
+CVE-2020-25753 (An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 ...)
+ TODO: check
+CVE-2020-25752 (An issue was discovered on Enphase Envoy R3.x and D4.x devices. There ...)
+ TODO: check
CVE-2020-25751 (The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via ...)
NOT-FOR-US: paGO Commerce plugin for Joomla!
CVE-2020-25750 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in DotPlant2 b ...)
@@ -54217,8 +54247,8 @@ CVE-2020-24941 (An issue was discovered in Laravel before 6.18.35 and 7.x before
NOT-FOR-US: Laravel
CVE-2020-24940 (An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23. ...)
NOT-FOR-US: Laravel
-CVE-2020-24939
- RESERVED
+CVE-2020-24939 (Prototype pollution in Stampit supermixer 1.0.3 allows an attacker to ...)
+ TODO: check
CVE-2020-24938
RESERVED
CVE-2020-24937
@@ -59914,36 +59944,36 @@ CVE-2020-22214
RESERVED
CVE-2020-22213
RESERVED
-CVE-2020-22212
- RESERVED
-CVE-2020-22211
- RESERVED
-CVE-2020-22210
- RESERVED
-CVE-2020-22209
- RESERVED
-CVE-2020-22208
- RESERVED
+CVE-2020-22212 (SQL Injection in 74cms 3.2.0 via the id parameter to wap/wap-company-s ...)
+ TODO: check
+CVE-2020-22211 (SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajax_street ...)
+ TODO: check
+CVE-2020-22210 (SQL Injection in 74cms 3.2.0 via the x parameter to ajax_officebuildin ...)
+ TODO: check
+CVE-2020-22209 (SQL Injection in 74cms 3.2.0 via the query parameter to plus/ajax_comm ...)
+ TODO: check
+CVE-2020-22208 (SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajax_street.p ...)
+ TODO: check
CVE-2020-22207
RESERVED
-CVE-2020-22206
- RESERVED
-CVE-2020-22205
- RESERVED
-CVE-2020-22204
- RESERVED
-CVE-2020-22203
- RESERVED
+CVE-2020-22206 (SQL Injection in ECShop 3.0 via the aid parameter to admin/affiliate_c ...)
+ TODO: check
+CVE-2020-22205 (SQL Injection in ECShop 3.0 via the id parameter to admin/shophelp.php ...)
+ TODO: check
+CVE-2020-22204 (SQL Injection in ECShop 2.7.6 via the goods_number parameter to flow.p ...)
+ TODO: check
+CVE-2020-22203 (SQL Injection in phpCMS 2008 sp4 via the genre parameter to yp/job.php ...)
+ TODO: check
CVE-2020-22202
RESERVED
-CVE-2020-22201
- RESERVED
-CVE-2020-22200
- RESERVED
-CVE-2020-22199
- RESERVED
-CVE-2020-22198
- RESERVED
+CVE-2020-22201 (phpCMS 2008 sp4 allowas remote malicious users to execute arbitrary ph ...)
+ TODO: check
+CVE-2020-22200 (Directory Traversal vulnerability in phpCMS 9.1.13 via the q parameter ...)
+ TODO: check
+CVE-2020-22199 (SQL Injection vulnerability in phpCMS 2007 SP6 build 0805 via the digg ...)
+ TODO: check
+CVE-2020-22198 (SQL Injection vulnerability in DedeCMS 5.7 via mdescription parameter ...)
+ TODO: check
CVE-2020-22197
RESERVED
CVE-2020-22196
@@ -63587,8 +63617,8 @@ CVE-2020-20445 (FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/
- ffmpeg <unfixed> (unimportant)
NOTE: https://trac.ffmpeg.org/ticket/7996
NOTE: Negligible security impact
-CVE-2020-20444
- RESERVED
+CVE-2020-20444 (Jact OpenClinic 0.8.20160412 allows the attacker to read server files ...)
+ TODO: check
CVE-2020-20443
RESERVED
CVE-2020-20442
@@ -64119,7 +64149,7 @@ CVE-2020-20180
RESERVED
CVE-2020-20179
RESERVED
-CVE-2020-20178 (A flaw was found in OpenLDAP. This flaw allows an attacker who can sen ...)
+CVE-2020-20178 (Ethereum 0xe933c0cd9784414d5f278c114904f5a84b396919#code.sol latest ve ...)
NOTE: Will be rectified by MITRE, then remove TODO
TODO: wait for cleanup, CVE is wrongly associated
CVE-2020-20177
@@ -91723,8 +91753,7 @@ CVE-2020-9494 (Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0
{DSA-4710-1}
- trafficserver 8.0.8+ds-1 (bug #963629)
NOTE: https://github.com/apache/trafficserver/pull/6922
-CVE-2020-9493
- RESERVED
+CVE-2020-9493 (A deserialization flaw was found in Apache Chainsaw versions prior to ...)
NOT-FOR-US: Apache Chainsaw
CVE-2020-9492 (In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alph ...)
- hadoop <itp> (bug #793644)
@@ -94693,10 +94722,10 @@ CVE-2020-8302
RESERVED
CVE-2020-8301
RESERVED
-CVE-2020-8300
- RESERVED
-CVE-2020-8299
- RESERVED
+CVE-2020-8300 (Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, ...)
+ TODO: check
+CVE-2020-8299 (Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-6 ...)
+ TODO: check
CVE-2020-8298 (fs-path node module before 0.0.25 is vulnerable to command injection b ...)
NOT-FOR-US: Node fs-path
CVE-2020-8297 (Nextcloud Deck before 1.0.2 suffers from an insecure direct object ref ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97131d3d28448ef911f33ad84650a6c7f8743ed9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97131d3d28448ef911f33ad84650a6c7f8743ed9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210616/70d8da0d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list