[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jun 28 21:10:35 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bda8de7f by security tracker role at 2021-06-28T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,31 @@
+CVE-2021-3624
+ RESERVED
+CVE-2021-3623
+ RESERVED
+CVE-2021-35525 (PostSRSd before 1.11 allows a denial of service (subprocess hang) if P ...)
+ TODO: check
+CVE-2021-35524
+ RESERVED
+CVE-2021-35523 (Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe conf ...)
+ TODO: check
+CVE-2021-35522
+ RESERVED
+CVE-2021-35521
+ RESERVED
+CVE-2021-35520
+ RESERVED
+CVE-2021-35519
+ RESERVED
+CVE-2021-35518
+ RESERVED
CVE-2021-35517
RESERVED
CVE-2021-35516
RESERVED
CVE-2021-35515
RESERVED
-CVE-2021-35514
- RESERVED
+CVE-2021-35514 (Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection via the t ...)
+ TODO: check
CVE-2021-35513 (Mermaid before 8.11.0 allows XSS when the antiscript feature is used. ...)
- node-mermaid <unfixed>
NOTE: https://github.com/mermaid-js/mermaid/issues/2122
@@ -148,8 +168,8 @@ CVE-2021-35458
RESERVED
CVE-2021-35457
RESERVED
-CVE-2021-35456
- RESERVED
+CVE-2021-35456 (Online Pet Shop We App 1.0 is vulnerable to remote SQL injection and s ...)
+ TODO: check
CVE-2021-35455
RESERVED
CVE-2021-35454
@@ -455,18 +475,18 @@ CVE-2021-35305
RESERVED
CVE-2021-35304
RESERVED
-CVE-2021-35303
- RESERVED
-CVE-2021-35302
- RESERVED
-CVE-2021-35301
- RESERVED
-CVE-2021-35300
- RESERVED
-CVE-2021-35299
- RESERVED
-CVE-2021-35298
- RESERVED
+CVE-2021-35303 (Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote a ...)
+ TODO: check
+CVE-2021-35302 (Incorrect Access Control for linked Tickets in Zammad 1.0.x up to 4.0. ...)
+ TODO: check
+CVE-2021-35301 (Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows remote att ...)
+ TODO: check
+CVE-2021-35300 (Text injection/Content Spoofing in 404 page in Zammad 1.0.x up to 4.0. ...)
+ TODO: check
+CVE-2021-35299 (Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows attackers ...)
+ TODO: check
+CVE-2021-35298 (Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote a ...)
+ TODO: check
CVE-2021-35297
RESERVED
CVE-2021-35296
@@ -2782,8 +2802,8 @@ CVE-2021-34256
RESERVED
CVE-2021-34255
RESERVED
-CVE-2021-34254
- RESERVED
+CVE-2021-34254 (Umbraco CMS before 7.15.7 is vulnerable to Open Redirection due to ins ...)
+ TODO: check
CVE-2021-34253
RESERVED
CVE-2021-34252
@@ -2916,8 +2936,8 @@ CVE-2021-34189
RESERVED
CVE-2021-34188
RESERVED
-CVE-2021-34187
- RESERVED
+CVE-2021-34187 (main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Inj ...)
+ TODO: check
CVE-2021-34186
RESERVED
CVE-2021-34185 (Miniaudio 0.10.35 has an integer-based buffer overflow caused by an ou ...)
@@ -4475,8 +4495,7 @@ CVE-2021-33516 (An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.
NOTE: https://gitlab.gnome.org/GNOME/gupnp/-/issues/24
NOTE: https://gitlab.gnome.org/GNOME/gupnp/-/commit/05e964d48322ff23a65c6026d656e4494ace6ff9 (gupnp-1.0)
NOTE: https://gitlab.gnome.org/GNOME/gupnp/-/commit/ca6ec9dcb26fd7a2a630eb6a68118659b589afac (master)
-CVE-2021-33515 [SMTP Submission service STARTTLS injection]
- RESERVED
+CVE-2021-33515 (The submission service in Dovecot before 2.3.15 allows STARTTLS comman ...)
- dovecot <unfixed>
[stretch] - dovecot <not-affected> (Vulnerable code (smtp_server_command queue) introduced later)
NOTE: https://dovecot.org/pipermail/dovecot-news/2021-June/000462.html
@@ -5142,7 +5161,7 @@ CVE-2021-3557
RESERVED
NOT-FOR-US: Argo CD
CVE-2021-3556
- RESERVED
+ REJECTED
CVE-2021-33204 (In the pg_partman (aka PG Partition Manager) extension before 4.5.1 fo ...)
- pg-partman 4.5.1-1 (bug #988917)
[stretch] - pg-partman <no-dsa> (Minor issue)
@@ -6258,12 +6277,12 @@ CVE-2021-32722
RESERVED
CVE-2021-32721
RESERVED
-CVE-2021-32720
- RESERVED
-CVE-2021-32719
- RESERVED
-CVE-2021-32718
- RESERVED
+CVE-2021-32720 (Sylius is an Open Source eCommerce platform on top of Symfony. In vers ...)
+ TODO: check
+CVE-2021-32719 (RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prio ...)
+ TODO: check
+CVE-2021-32718 (RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prio ...)
+ TODO: check
CVE-2021-32717 (Shopware is an open source eCommerce platform. In versions prior to 6. ...)
NOT-FOR-US: Shopware
CVE-2021-32716 (Shopware is an open source eCommerce platform. In versions prior to 6. ...)
@@ -6793,8 +6812,8 @@ CVE-2021-32498
RESERVED
CVE-2021-32497
RESERVED
-CVE-2021-32496
- RESERVED
+CVE-2021-32496 (SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inad ...)
+ TODO: check
CVE-2021-32495
RESERVED
CVE-2021-32494
@@ -8285,21 +8304,25 @@ CVE-2021-31875 (In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously form
CVE-2021-31874
RESERVED
CVE-2021-31873 (An issue was discovered in klibc before 2.0.9. Additions in the malloc ...)
+ {DLA-2695-1}
- klibc 2.0.8-6 (bug #989505)
[buster] - klibc 2.0.6-1+deb10u1
NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=a31ae8c508fc8d1bca4f57e9f9f88127572d5202
NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1
CVE-2021-31872 (An issue was discovered in klibc before 2.0.9. Multiple possible integ ...)
+ {DLA-2695-1}
- klibc 2.0.8-6 (bug #989505)
[buster] - klibc 2.0.6-1+deb10u1
NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=9b1c91577aef7f2e72c3aa11a27749160bd278ff
NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1
CVE-2021-31871 (An issue was discovered in klibc before 2.0.9. An integer overflow in ...)
+ {DLA-2695-1}
- klibc 2.0.8-6 (bug #989505)
[buster] - klibc 2.0.6-1+deb10u1
NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=2e48a12ab1e30d43498c2d53e878a11a1b5102d5
NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1
CVE-2021-31870 (An issue was discovered in klibc before 2.0.9. Multiplication in the c ...)
+ {DLA-2695-1}
- klibc 2.0.8-6 (bug #989505)
[buster] - klibc 2.0.6-1+deb10u1
NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=292650f04c2b5348b4efbad61fb014ed09b4f3f2
@@ -9735,8 +9758,8 @@ CVE-2021-31339 (A vulnerability has been identified in Mendix Excel Importer Mod
NOT-FOR-US: Mendix Excel Importer Module
CVE-2021-31338
RESERVED
-CVE-2021-31337
- RESERVED
+CVE-2021-31337 (The Telnet service of the SIMATIC HMI Comfort Panels system component ...)
+ TODO: check
CVE-2021-31336
RESERVED
CVE-2021-31335
@@ -13488,8 +13511,8 @@ CVE-2021-29777 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server
NOT-FOR-US: IBM
CVE-2021-29776
RESERVED
-CVE-2021-29775
- RESERVED
+CVE-2021-29775 (IBM Business Automation Workflow 19.0.03 and 20.0 and IBM Cloud Pak fo ...)
+ TODO: check
CVE-2021-29774
RESERVED
CVE-2021-29773
@@ -13536,8 +13559,8 @@ CVE-2021-29753
RESERVED
CVE-2021-29752
RESERVED
-CVE-2021-29751
- RESERVED
+CVE-2021-29751 (IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business ...)
+ TODO: check
CVE-2021-29750
RESERVED
CVE-2021-29749
@@ -13652,8 +13675,8 @@ CVE-2021-29695 (IBM Host firmware for LC-class Systems could allow a remote atta
NOT-FOR-US: IBM
CVE-2021-29694 (IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expec ...)
NOT-FOR-US: IBM
-CVE-2021-29693
- RESERVED
+CVE-2021-29693 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user that is in the ...)
+ TODO: check
CVE-2021-29692 (IBM Security Identity Manager 7.0.2 could allow a remote attacker to o ...)
NOT-FOR-US: IBM
CVE-2021-29691 (IBM Security Identity Manager 7.0.2 contains hard-coded credentials, s ...)
@@ -15040,8 +15063,7 @@ CVE-2021-29159 (A cross-site scripting (XSS) vulnerability has been discovered i
NOT-FOR-US: Nexus Repository Manager
CVE-2021-29158 (Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has ...)
NOT-FOR-US: Sonatype Nexus Repository Manager
-CVE-2021-29157 [oauth2 JWT local validation path traversal]
- RESERVED
+CVE-2021-29157 (Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with acce ...)
- dovecot <unfixed>
[buster] - dovecot <not-affected> (Vulnerable code introduced later)
[stretch] - dovecot <not-affected> (Vulnerable code introduced later)
@@ -16388,8 +16410,8 @@ CVE-2021-28625
RESERVED
CVE-2021-28624
RESERVED
-CVE-2021-28623
- RESERVED
+CVE-2021-28623 (Adobe Premiere Elements version 5.2 (and earlier) is affected by an in ...)
+ TODO: check
CVE-2021-28622
RESERVED
CVE-2021-28621
@@ -16440,8 +16462,8 @@ CVE-2021-28599
RESERVED
CVE-2021-28598
RESERVED
-CVE-2021-28597
- RESERVED
+CVE-2021-28597 (Adobe Photoshop Elements version 5.2 (and earlier) is affected by an i ...)
+ TODO: check
CVE-2021-28596
RESERVED
CVE-2021-28595
@@ -16458,44 +16480,44 @@ CVE-2021-28590
RESERVED
CVE-2021-28589
RESERVED
-CVE-2021-28588
- RESERVED
-CVE-2021-28587
- RESERVED
-CVE-2021-28586
- RESERVED
-CVE-2021-28585
- RESERVED
-CVE-2021-28584
- RESERVED
-CVE-2021-28583
- RESERVED
+CVE-2021-28588 (Adobe RoboHelp Server version 2019.0.9 (and earlier) is affected by a ...)
+ TODO: check
+CVE-2021-28587 (After Effects versions 18.0 (and earlier) are affected by an out-of-bo ...)
+ TODO: check
+CVE-2021-28586 (After Effects version 18.0 (and earlier) are affected by an out-of-bou ...)
+ TODO: check
+CVE-2021-28585 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...)
+ TODO: check
+CVE-2021-28584 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...)
+ TODO: check
+CVE-2021-28583 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...)
+ TODO: check
CVE-2021-28582
RESERVED
CVE-2021-28581
RESERVED
CVE-2021-28580
RESERVED
-CVE-2021-28579
- RESERVED
+CVE-2021-28579 (Adobe Connect version 11.2.1 (and earlier) is affected by an Improper ...)
+ TODO: check
CVE-2021-28578
RESERVED
CVE-2021-28577
RESERVED
-CVE-2021-28576
- RESERVED
-CVE-2021-28575
- RESERVED
-CVE-2021-28574
- RESERVED
-CVE-2021-28573
- RESERVED
+CVE-2021-28576 (Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bo ...)
+ TODO: check
+CVE-2021-28575 (Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bo ...)
+ TODO: check
+CVE-2021-28574 (Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bo ...)
+ TODO: check
+CVE-2021-28573 (Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bo ...)
+ TODO: check
CVE-2021-28572
RESERVED
CVE-2021-28571
RESERVED
-CVE-2021-28570
- RESERVED
+CVE-2021-28570 (Adobe After Effects version 18.1 (and earlier) is affected by an Uncon ...)
+ TODO: check
CVE-2021-28569
RESERVED
CVE-2021-28568
@@ -16508,10 +16530,10 @@ CVE-2021-28565
RESERVED
CVE-2021-28564
RESERVED
-CVE-2021-28563
- RESERVED
-CVE-2021-28562
- RESERVED
+CVE-2021-28563 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...)
+ TODO: check
+CVE-2021-28562 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...)
+ TODO: check
CVE-2021-28561
RESERVED
CVE-2021-28560
@@ -16522,8 +16544,8 @@ CVE-2021-28558
RESERVED
CVE-2021-28557
RESERVED
-CVE-2021-28556
- RESERVED
+CVE-2021-28556 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...)
+ TODO: check
CVE-2021-28555
RESERVED
CVE-2021-28554
@@ -22830,9 +22852,9 @@ CVE-2021-25951
RESERVED
CVE-2021-25950
REJECTED
-CVE-2021-25949 (Prototype pollution vulnerability in ‘set-getter’ version ...)
+CVE-2021-25949 (Prototype pollution vulnerability in 'set-getter' version 0.1.0 allows ...)
NOT-FOR-US: Node set-getter
-CVE-2021-25948 (Prototype pollution vulnerability in ‘expand-hash’ version ...)
+CVE-2021-25948 (Prototype pollution vulnerability in 'expand-hash' versions 0.1.0 thro ...)
NOT-FOR-US: Node expand-hash
CVE-2021-25947 (Prototype pollution vulnerability in 'nestie' versions 0.0.0 through 1 ...)
NOT-FOR-US: Node nestie
@@ -28766,8 +28788,8 @@ CVE-2021-23401
RESERVED
CVE-2021-23400
RESERVED
-CVE-2021-23399
- RESERVED
+CVE-2021-23399 (This affects all versions of package wincred. If attacker-controlled u ...)
+ TODO: check
CVE-2021-23398 (All versions of package react-bootstrap-table are vulnerable to Cross- ...)
NOT-FOR-US: react-bootstrap-table
CVE-2021-23397
@@ -35534,16 +35556,16 @@ CVE-2021-21104
RESERVED
CVE-2021-21103
RESERVED
-CVE-2021-21102
- RESERVED
-CVE-2021-21101
- RESERVED
+CVE-2021-21102 (Adobe Illustrator version 25.2 (and earlier) is affected by a Path Tra ...)
+ TODO: check
+CVE-2021-21101 (Adobe Illustrator version 25.2 (and earlier) is affected by an Out-of- ...)
+ TODO: check
CVE-2021-21100 (Adobe Digital Editions version 4.5.11.187245 (and earlier) is affected ...)
NOT-FOR-US: Adobe
-CVE-2021-21099
- RESERVED
-CVE-2021-21098
- RESERVED
+CVE-2021-21099 (Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bou ...)
+ TODO: check
+CVE-2021-21098 (Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bou ...)
+ TODO: check
CVE-2021-21097
RESERVED
CVE-2021-21096 (Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) ar ...)
@@ -35558,8 +35580,8 @@ CVE-2021-21092 (Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earli
NOT-FOR-US: Adobe
CVE-2021-21091 (Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) ar ...)
NOT-FOR-US: Adobe
-CVE-2021-21090
- RESERVED
+CVE-2021-21090 (Adobe InCopy version 16.0 (and earlier) is affected by an path travers ...)
+ TODO: check
CVE-2021-21089
RESERVED
CVE-2021-21088
@@ -35570,10 +35592,10 @@ CVE-2021-21086
RESERVED
CVE-2021-21085 (Adobe Connect version 11.0.7 (and earlier) is affected by an Input Val ...)
NOT-FOR-US: Adobe
-CVE-2021-21084
- RESERVED
-CVE-2021-21083
- RESERVED
+CVE-2021-21084 (AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), ...)
+ TODO: check
+CVE-2021-21083 (AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), ...)
+ TODO: check
CVE-2021-21082 (Adobe Photoshop versions 21.2.5 (and earlier) and 22.2 (and earlier) a ...)
NOT-FOR-US: Adobe
CVE-2021-21081
@@ -35652,9 +35674,9 @@ CVE-2021-21045 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier)
NOT-FOR-US: Adobe
CVE-2021-21044 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
NOT-FOR-US: Adobe
-CVE-2021-21043 (ACS Commons version 4.9.2 (and earlier) suffers from a Reflected Cross ...)
+CVE-2021-21043 (Acrobat InDesign version 16.0 (and earlier) is affected by an Out-of-b ...)
NOT-FOR-US: Adobe
-CVE-2021-21042 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+CVE-2021-21042 (Acrobat Reader DC versions 2020.013.20074 (and earlier), 2020.001.3001 ...)
NOT-FOR-US: Adobe
CVE-2021-21041 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
NOT-FOR-US: Adobe
@@ -36644,12 +36666,12 @@ CVE-2021-20576 (IBM Security Verify Access 20.07 could allow a remote attacker t
NOT-FOR-US: IBM
CVE-2021-20575 (IBM Security Verify Access 20.07 allows web pages to be stored locally ...)
NOT-FOR-US: IBM
-CVE-2021-20574
- RESERVED
-CVE-2021-20573
- RESERVED
-CVE-2021-20572
- RESERVED
+CVE-2021-20574 (IBM Security Identity Manager Adapters 6.0 and 7.0 could allow a remot ...)
+ TODO: check
+CVE-2021-20573 (IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a ...)
+ TODO: check
+CVE-2021-20572 (IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a ...)
+ TODO: check
CVE-2021-20571
RESERVED
CVE-2021-20570
@@ -36804,8 +36826,8 @@ CVE-2021-20496
RESERVED
CVE-2021-20495
RESERVED
-CVE-2021-20494
- RESERVED
+CVE-2021-20494 (IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a ...)
+ TODO: check
CVE-2021-20493
RESERVED
CVE-2021-20492 (IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch ...)
@@ -36966,8 +36988,8 @@ CVE-2021-20415
RESERVED
CVE-2021-20414
RESERVED
-CVE-2021-20413
- RESERVED
+CVE-2021-20413 (IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attack ...)
+ TODO: check
CVE-2021-20412 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 contains hard-co ...)
NOT-FOR-US: IBM
CVE-2021-20411 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a us ...)
@@ -37991,10 +38013,10 @@ CVE-2021-20102
RESERVED
CVE-2021-20101
RESERVED
-CVE-2021-20100
- RESERVED
-CVE-2021-20099
- RESERVED
+CVE-2021-20100 (Nessus Agent 8.2.4 and earlier for Windows were found to contain multi ...)
+ TODO: check
+CVE-2021-20099 (Nessus Agent 8.2.4 and earlier for Windows were found to contain multi ...)
+ TODO: check
CVE-2021-20098
RESERVED
CVE-2021-20097
@@ -47253,8 +47275,7 @@ CVE-2020-28202
RESERVED
CVE-2020-28201
RESERVED
-CVE-2020-28200 [Sieve excessive resource usage]
- RESERVED
+CVE-2020-28200 (The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource ...)
- dovecot <unfixed>
[stretch] - dovecot <no-dsa> (Minor issue)
NOTE: https://dovecot.org/pipermail/dovecot-news/2021-June/000460.html
@@ -58628,18 +58649,18 @@ CVE-2020-23717
RESERVED
CVE-2020-23716
RESERVED
-CVE-2020-23715
- RESERVED
+CVE-2020-23715 (Directory Traversal vulnerability in Webport CMS 1.19.10.17121 via the ...)
+ TODO: check
CVE-2020-23714
RESERVED
CVE-2020-23713
RESERVED
CVE-2020-23712
RESERVED
-CVE-2020-23711
- RESERVED
-CVE-2020-23710
- RESERVED
+CVE-2020-23711 (SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET ...)
+ TODO: check
+CVE-2020-23710 (Cross Site Scripting (XSS) vulneraiblity in LimeSurvey 4.2.5 on textbo ...)
+ TODO: check
CVE-2020-23709
RESERVED
CVE-2020-23708
@@ -60855,12 +60876,12 @@ CVE-2020-22611
RESERVED
CVE-2020-22610
RESERVED
-CVE-2020-22609
- RESERVED
-CVE-2020-22608
- RESERVED
-CVE-2020-22607
- RESERVED
+CVE-2020-22609 (Cross Site Scripting (XSS) vulnerability in Enhancesoft osTicket befor ...)
+ TODO: check
+CVE-2020-22608 (Cross Site Scripting vulnerability in Enhancesoft osTicket before v1.1 ...)
+ TODO: check
+CVE-2020-22607 (Cross Site Scripting vulnerabilty in LimeSurvey 4.1.11+200316 via the ...)
+ TODO: check
CVE-2020-22606
RESERVED
CVE-2020-22605
@@ -64914,8 +64935,8 @@ CVE-2020-20642
RESERVED
CVE-2020-20641
RESERVED
-CVE-2020-20640
- RESERVED
+CVE-2020-20640 (Cross Site Scripting (XSS) vulnerability in ECShop 4.0 due to security ...)
+ TODO: check
CVE-2020-20639
RESERVED
CVE-2020-20638
@@ -76577,8 +76598,8 @@ CVE-2020-15304 (An issue was discovered in OpenEXR before 2.5.2. An invalid tile
NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/727
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/36e05c14c612a89c43d4e0b013669ecd7f8e3440 (v3.0.4)
NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/e79d2296496a50826a15c667bf92bdc5a05518b4 (v2.4.1)
-CVE-2020-15303
- RESERVED
+CVE-2020-15303 (Infoblox NIOS before 8.5.2 allows entity expansion during an XML uploa ...)
+ TODO: check
CVE-2020-15302 (In Argent RecoveryManager before 0xdc350d09f71c48c5D22fBE2741e4d6A0397 ...)
NOT-FOR-US: Argent RecoveryManager
CVE-2020-15301 (SuiteCRM through 7.11.13 allows CSV Injection via registration fields ...)
@@ -226432,7 +226453,7 @@ CVE-2018-1139 (A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed
[jessie] - samba <not-affected> (Issue introduced in 4.7.0)
NOTE: https://www.samba.org/samba/security/CVE-2018-1139.html
CVE-2018-1138
- RESERVED
+ REJECTED
CVE-2018-1137 (An issue was discovered in Moodle 3.x. By substituting URLs in portfol ...)
- moodle <removed>
CVE-2018-1136 (An issue was discovered in Moodle 3.x. An authenticated user is allowe ...)
@@ -310047,7 +310068,7 @@ CVE-2015-8567 (Memory leak in net/vmxnet3.c in QEMU allows remote attackers to c
- qemu-kvm <not-affected> (Vulnerable code not present)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02299.html
NOTE: https://www.openwall.com/lists/oss-security/2015/12/15/4
-CVE-2015-8559 (The knife bootstrap command in chef leaks the validator.pem private RS ...)
+CVE-2015-8559 (The knife bootstrap command in chef Infra client before version 15.4.4 ...)
- chef <removed> (low; bug #809670)
[buster] - chef <ignored> (Minor issue; workaround using validatorless bootstrapping)
[stretch] - chef <ignored> (Minor issue; workaround using validatorless bootstrapping)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bda8de7f8d986a6d54fd9b2b45c1ce99da91ddd6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bda8de7f8d986a6d54fd9b2b45c1ce99da91ddd6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210628/667bcdcf/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list