[Git][security-tracker-team/security-tracker][master] automatic update

Mon Jun 28 09:10:22 BST 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
92ff188e by security tracker role at 2021-06-28T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27625,6 +27625,7 @@ CVE-2021-23928 (OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifes
 CVE-2021-23927 (OX App Suite through 7.10.4 allows SSRF via a URL with an @ character  ...)
 	NOT-FOR-US: OX App Suite
 CVE-2021-23926 (The XML parsers used by XMLBeans up to version 2.6.0 did not set the p ...)
+	{DLA-2693-1}
 	- xmlbeans 3.0.2-1
 	NOTE: https://issues.apache.org/jira/browse/XMLBEANS-517
 CVE-2021-23925 (An issue was discovered in Devolutions Server before 2020.3. There is  ...)
@@ -36285,20 +36286,20 @@ CVE-2021-20753
 	RESERVED
 CVE-2021-20752
 	RESERVED
-CVE-2021-20751
-	RESERVED
-CVE-2021-20750
-	RESERVED
-CVE-2021-20749
-	RESERVED
+CVE-2021-20751 (Cross-site scripting vulnerability in EC-CUBE EC-CUBE 4.0.0 to 4.0.5-p ...)
+	TODO: check
+CVE-2021-20750 (Cross-site scripting vulnerability in EC-CUBE EC-CUBE 3.0.0 to 3.0.18- ...)
+	TODO: check
+CVE-2021-20749 (Cross-site scripting vulnerability in Fudousan plugin ver5.7.0 and ear ...)
+	TODO: check
 CVE-2021-20748
 	RESERVED
 CVE-2021-20747
 	RESERVED
-CVE-2021-20746
-	RESERVED
-CVE-2021-20745
-	RESERVED
+CVE-2021-20746 (Cross-site scripting vulnerability in WordPress Popular Posts 5.3.2 an ...)
+	TODO: check
+CVE-2021-20745 (Inkdrop versions prior to v5.3.1 allows an attacker to execute arbitra ...)
+	TODO: check
 CVE-2021-20744 (Cross-site scripting vulnerability in EC-CUBE Category contents plugin ...)
 	NOT-FOR-US: EC-CUBE Category contents plugin
 CVE-2021-20743 (Cross-site scripting vulnerability in EC-CUBE Email newsletters manage ...)
@@ -36307,8 +36308,8 @@ CVE-2021-20742 (Cross-site scripting vulnerability in EC-CUBE Business form outp
 	NOT-FOR-US: EC-CUBE Business form output plugin
 CVE-2021-20741 (Cross-site scripting vulnerability in Hitachi Application Server Help  ...)
 	NOT-FOR-US: Hitachi
-CVE-2021-20740
-	RESERVED
+CVE-2021-20740 (Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions  ...)
+	TODO: check
 CVE-2021-20739
 	RESERVED
 CVE-2021-20738
@@ -38116,12 +38117,12 @@ CVE-2020-35526
 CVE-2020-35525
 	RESERVED
 CVE-2020-35524 (A heap-based buffer overflow flaw was found in libtiff in the handling ...)
-	{DSA-4869-1}
+	{DSA-4869-1 DLA-2694-1}
 	- tiff 4.1.0+git201212-1
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/7be2e452ddcf6d7abca88f41d3761e6edab72b22
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/159
 CVE-2020-35523 (An integer overflow flaw was found in libtiff that exists in the tif_g ...)
-	{DSA-4869-1}
+	{DSA-4869-1 DLA-2694-1}
 	- tiff 4.1.0+git201212-1
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/160



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92ff188e39e48a002f1b6a2066a5c45d39839756

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92ff188e39e48a002f1b6a2066a5c45d39839756
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210628/e30dc891/attachment.htm>
