[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed May 5 09:10:38 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
eb69de0e by security tracker role at 2021-05-05T08:10:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2021-32030
+ RESERVED
+CVE-2021-32029
+ RESERVED
+CVE-2021-32028
+ RESERVED
+CVE-2021-32027
+ RESERVED
+CVE-2018-25014
+ RESERVED
CVE-2021-3534
RESERVED
CVE-2021-3533
@@ -363,18 +373,23 @@ CVE-2021-31870 (An issue was discovered in klibc before 2.0.9. Multiplication in
NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=292650f04c2b5348b4efbad61fb014ed09b4f3f2
NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1
CVE-2020-36332 [extreme memory allocation when reading a file]
+ RESERVED
- libwebp <unfixed>
NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=391
CVE-2020-36331 [heap-based buffer overflow in ChunkAssignData() in mux/muxinternal.c]
+ RESERVED
- libwebp <unfixed>
NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=388
CVE-2020-36330 [heap-based buffer overflow in ChunkVerifyAndAssign() in mux/muxread.c]
+ RESERVED
- libwebp <unfixed>
NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=386
CVE-2020-36329 [use-after-free in EmitFancyRGB() in dec/io_dec.c]
+ RESERVED
- libwebp <unfixed>
NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=385
CVE-2020-36328 [heap-based buffer overflow in WebPDecode*Into functions]
+ RESERVED
- libwebp <unfixed>
NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=383
CVE-2020-36327 (Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes choos ...)
@@ -3040,18 +3055,23 @@ CVE-2020-36322 (An issue was discovered in the FUSE filesystem implementation in
- linux 5.10.9-1
NOTE: https://git.kernel.org/linus/5d069dbe8aaf2a197142558b6fb2978189ba3454
CVE-2018-25013 [heap-based buffer overflow in ShiftBytes()]
+ RESERVED
- libwebp <unfixed>
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9417
CVE-2018-25012 [heap-based buffer overflow in GetLE24()]
+ RESERVED
- libwebp <unfixed>
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9123
CVE-2018-25011 [heap-based buffer overflow in PutLE16()]
+ RESERVED
- libwebp <unfixed>
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9119
CVE-2018-25010 [heap-based buffer overflow in ApplyFilter()]
+ RESERVED
- libwebp <unfixed>
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9105
CVE-2018-25009 [heap-based buffer overflow in GetLE16()]
+ RESERVED
- libwebp <unfixed>
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9100
CVE-2018-25008 (In the standard library in Rust before 1.29.0, there is weak synchroni ...)
@@ -3117,9 +3137,9 @@ CVE-2021-30640
RESERVED
CVE-2021-30639
RESERVED
-CVE-2020-36334
+CVE-2020-36334 (themegrill-demo-importer before 1.6.3 allows CSRF, as demonstrated by ...)
NOT-FOR-US: WordPress plugin themegrill-demo-importer
-CVE-2020-36333
+CVE-2020-36333 (themegrill-demo-importer before 1.6.2 does not require authentication ...)
NOT-FOR-US: WordPress plugin themegrill-demo-importer
CVE-2020-36321 (Improper URL validation in development mode handler in com.vaadin:flow ...)
NOT-FOR-US: Vaadin
@@ -4234,12 +4254,12 @@ CVE-2019-25026 (Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup dat
CVE-2021-30160
RESERVED
CVE-2021-30159 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...)
- {DSA-4889-1}
+ {DSA-4889-1 DLA-2648-1}
- mediawiki 1:1.35.2-1
NOTE: https://phabricator.wikimedia.org/T272386
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
CVE-2021-30158 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...)
- {DSA-4889-1}
+ {DSA-4889-1 DLA-2648-1}
- mediawiki 1:1.35.2-1
NOTE: https://phabricator.wikimedia.org/T277009
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/670546
@@ -4254,7 +4274,7 @@ CVE-2021-30156 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x t
NOTE: https://phabricator.wikimedia.org/T276306
NOTE: CVE description is wrong
CVE-2021-30155 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...)
- {DSA-4889-1}
+ {DSA-4889-1 DLA-2648-1}
- mediawiki 1:1.35.2-1
NOTE: https://phabricator.wikimedia.org/T270988
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
@@ -4272,7 +4292,7 @@ CVE-2021-30153
NOTE: https://phabricator.wikimedia.org/T270453
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
CVE-2021-30152 (An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through ...)
- {DSA-4889-1}
+ {DSA-4889-1 DLA-2648-1}
- mediawiki 1:1.35.2-1
NOTE: https://phabricator.wikimedia.org/T270713
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
@@ -5791,15 +5811,13 @@ CVE-2021-29480
RESERVED
CVE-2021-29479
RESERVED
-CVE-2021-29478
- RESERVED
+CVE-2021-29478 (Redis is an open source (BSD licensed), in-memory data structure store ...)
- redis 5:6.0.13-1 (bug #988045)
[buster] - redis <not-affected> (Vulnerable code not present)
[stretch] - redis <not-affected> (Vulnerable code not present)
NOTE: https://groups.google.com/g/redis-db/c/6GSWzTW0PR8/m/8FbdIEEoBAAJ
NOTE: https://github.com/redis/redis/commit/29900d4e6bccdf3691bedf0ea9a5d84863fa3592
-CVE-2021-29477
- RESERVED
+CVE-2021-29477 (Redis is an open source (BSD licensed), in-memory data structure store ...)
- redis 5:6.0.13-1 (bug #988045)
[buster] - redis <not-affected> (Vulnerable code not present)
[stretch] - redis <not-affected> (Vulnerable code not present)
@@ -6435,8 +6453,8 @@ CVE-2021-29242 (CODESYS Control Runtime system before 3.5.17.0 has improper inpu
NOT-FOR-US: CODESYS Control Runtime
CVE-2021-29241 (CODESYS Gateway 3 before 3.5.17.0 has a NULL pointer dereference that ...)
NOT-FOR-US: CODESYS Gateway 3
-CVE-2021-29240
- RESERVED
+CVE-2021-29240 (The Package Manager of CODESYS Development System 3 before 3.5.17.0 do ...)
+ TODO: check
CVE-2021-29239 (CODESYS Development System 3 before 3.5.17.0 displays or executes mali ...)
NOT-FOR-US: CODESYS Development System 3
CVE-2021-29238 (CODESYS Automation Server before 1.16.0 allows cross-site request forg ...)
@@ -10927,7 +10945,7 @@ CVE-2021-27292 (ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expre
NOTE: https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76
NOTE: https://github.com/faisalman/ua-parser-js/commit/809439e20e273ce0d25c1d04e111dcf6011eb566
CVE-2021-27291 (In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming ...)
- {DSA-4889-1 DSA-4878-1 DLA-2600-1}
+ {DSA-4889-1 DSA-4878-1 DLA-2648-1 DLA-2600-1}
- pygments <unfixed> (bug #985574)
- mediawiki 1:1.35.2-1
NOTE: https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce
@@ -11084,6 +11102,7 @@ CVE-2021-27220 (An issue was discovered in PRTG Network Monitor before 21.1.66.1
CVE-2021-27217 (An issue was discovered in the _send_secure_msg() function of Yubico y ...)
NOT-FOR-US: YubiHSM 2 SDK
CVE-2021-27216
+ RESERVED
- exim4 4.94.2-1
[buster] - exim4 <not-affected> (Vulnerable code introduced later)
[stretch] - exim4 <not-affected> (Vulnerable code introduced later)
@@ -12084,8 +12103,8 @@ CVE-2021-26806
RESERVED
CVE-2021-26805 (Buffer Overflow in tsMuxer 2.6.16 allows attackers to cause a Denial o ...)
NOT-FOR-US: tsMuxer
-CVE-2021-26804
- RESERVED
+CVE-2021-26804 (Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 2 ...)
+ TODO: check
CVE-2021-26803
RESERVED
CVE-2021-26802
@@ -16115,7 +16134,7 @@ CVE-2021-25218
CVE-2021-25217
RESERVED
CVE-2021-25216 (In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9 ...)
- {DSA-4909-1}
+ {DSA-4909-1 DLA-2647-1}
- bind9 1:9.16.15-1 (bug #987743)
NOTE: https://kb.isc.org/docs/cve-2021-25216
NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/216a97188d86cb3edb307a40ff5ee61b030eb033 (v9_16_15)
@@ -16126,12 +16145,12 @@ CVE-2021-25216 (In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions
NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/99132eda0e006932fa5927d4ad81bced0d3b3042 (v9_16_15)
NOTE: Issue can be mitigated configuring with --disable-isc-spnego and using the system library.
CVE-2021-25215 (In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9 ...)
- {DSA-4909-1}
+ {DSA-4909-1 DLA-2647-1}
- bind9 1:9.16.15-1 (bug #987742)
NOTE: https://kb.isc.org/docs/cve-2021-25215
NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/dde958717c9bfdc8679764c045c226e3a1468334 (v9_16_15)
CVE-2021-25214 (In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, ...)
- {DSA-4909-1}
+ {DSA-4909-1 DLA-2647-1}
- bind9 1:9.16.15-1 (bug #987741)
NOTE: https://kb.isc.org/docs/cve-2021-25214
NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/f68d4cba3321ed375bbc334e2333250893c4f587 (v9_16_15)
@@ -16187,8 +16206,8 @@ CVE-2021-3156 (Sudo before 1.9.5p2 contains an off-by-one error that can result
NOTE: https://www.openwall.com/lists/oss-security/2021/01/26/3
CVE-2021-3155
RESERVED
-CVE-2021-3154
- RESERVED
+CVE-2021-3154 (An issue was discovered in SolarWinds Serv-U before 15.2.2. Unauthenti ...)
+ TODO: check
CVE-2021-3153 (HashiCorp Terraform Enterprise up to v202102-2 failed to enforce an or ...)
NOT-FOR-US: HashiCorp Terraform Enterprise
CVE-2021-3152 (** DISPUTED ** Home Assistant before 2021.1.3 does not have a protecti ...)
@@ -16238,8 +16257,8 @@ CVE-2021-25181
RESERVED
CVE-2021-25180
RESERVED
-CVE-2021-25179
- RESERVED
+CVE-2021-25179 (SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS ...)
+ TODO: check
CVE-2021-25178 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...)
NOT-FOR-US: Open Design Alliance Drawings SDK
CVE-2021-25177 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...)
@@ -20134,8 +20153,7 @@ CVE-2021-23385
RESERVED
CVE-2021-23384
RESERVED
-CVE-2021-23383 [Prototype Pollution]
- RESERVED
+CVE-2021-23383 (The package handlebars before 4.7.7 are vulnerable to Prototype Pollut ...)
- node-handlebars <unfixed>
[buster] - node-handlebars <no-dsa> (Minor issue; can be fixed via point release)
- libjs-handlebars <removed>
@@ -20244,8 +20262,8 @@ CVE-2021-23345 (All versions of package github.com/thecodingmachine/gotenberg ar
NOT-FOR-US: gotenberg
CVE-2021-23344 (The package total.js before 3.4.8 are vulnerable to Remote Code Execut ...)
NOT-FOR-US: total.js
-CVE-2021-23343
- RESERVED
+CVE-2021-23343 (All versions of package path-parse are vulnerable to Regular Expressio ...)
+ TODO: check
CVE-2021-23342 (This affects the package docsify before 4.12.0. It is possible to bypa ...)
NOT-FOR-US: docsify
CVE-2021-23341 (The package prismjs before 1.23.0 are vulnerable to Regular Expression ...)
@@ -22022,8 +22040,8 @@ CVE-2021-22549
RESERVED
CVE-2021-22548
RESERVED
-CVE-2021-22547
- RESERVED
+CVE-2021-22547 (In IoT Devices SDK, there is an implementation of calloc() that doesn' ...)
+ TODO: check
CVE-2021-22546
RESERVED
CVE-2021-22545
@@ -24091,8 +24109,8 @@ CVE-2021-21553
RESERVED
CVE-2021-21552
RESERVED
-CVE-2021-21551
- RESERVED
+CVE-2021-21551 (Dell dbutil_2_3.sys driver contains an insufficient access control vul ...)
+ TODO: check
CVE-2021-21550
RESERVED
CVE-2021-21549
@@ -25576,6 +25594,7 @@ CVE-2020-35638
CVE-2020-35637
RESERVED
CVE-2020-35636 (A code execution vulnerability exists in the Nef polygon-parsing funct ...)
+ {DLA-2649-1}
- cgal 5.2-3 (bug #985671)
[buster] - cgal <no-dsa> (Minor issue)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225
@@ -25594,6 +25613,7 @@ CVE-2020-35630
CVE-2020-35629
RESERVED
CVE-2020-35628 (A code execution vulnerability exists in the Nef polygon-parsing funct ...)
+ {DLA-2649-1}
- cgal 5.2-3 (bug #985671)
[buster] - cgal <no-dsa> (Minor issue)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225
@@ -28606,7 +28626,7 @@ CVE-2021-20271 (A flaw was found in RPM's signature check functionality when rea
[stretch] - rpm <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1934125
CVE-2021-20270 (An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lea ...)
- {DSA-4889-1 DSA-4870-1 DLA-2590-1}
+ {DSA-4889-1 DSA-4870-1 DLA-2648-1 DLA-2590-1}
- pygments 2.7.1+dfsg-2 (bug #984664)
- mediawiki 1:1.35.2-1
NOTE: https://github.com/pygments/pygments/issues/1625
@@ -35777,6 +35797,7 @@ CVE-2020-28638 (ask_password in Tomb 2.0 through 2.7 returns a warning when pine
CVE-2020-28637
RESERVED
CVE-2020-28636 (A code execution vulnerability exists in the Nef polygon-parsing funct ...)
+ {DLA-2649-1}
- cgal 5.2-3 (bug #985671)
[buster] - cgal <no-dsa> (Minor issue)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225
@@ -35849,6 +35870,7 @@ CVE-2020-28603
CVE-2020-28602
RESERVED
CVE-2020-28601 (A code execution vulnerability exists in the Nef polygon-parsing funct ...)
+ {DLA-2649-1}
- cgal 5.2-3 (bug #985671)
[buster] - cgal <no-dsa> (Minor issue)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225
@@ -38887,35 +38909,51 @@ CVE-2020-28028
CVE-2020-28027
RESERVED
CVE-2020-28026
+ RESERVED
+ {DSA-4912-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28025
+ RESERVED
+ {DSA-4912-1}
- exim4 4.94.2-1
NOTE: Introduced by: https://git.exim.org/exim.git/commit/80a47a2c9633437d4ceebd214cd44abfbd4f4543 (exim-4_70_RC3)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28024
+ RESERVED
+ {DSA-4912-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28023
+ RESERVED
+ {DSA-4912-1}
- exim4 4.94.2-1
NOTE: Introduced by: https://git.exim.org/exim.git/commit/18481de384caecff421f23f715be916403f5d0ee (exim-4_88_RC1)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28022
+ RESERVED
+ {DSA-4912-1}
- exim4 4.94.2-1
NOTE: Introduced by: https://git.exim.org/exim.git/commit/d7a2c8337f7b615763d4429ab27653862756b6fb (exim-4_89_RC1)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28021
+ RESERVED
+ {DSA-4912-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28020
+ RESERVED
- exim4 4.92~RC5-1
NOTE: Fixed by: https://git.exim.org/exim.git/commit/56ac062a3ff94fc4e1bbfc2293119c079a4e980b (exim-4.92-RC5)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28019
+ RESERVED
+ {DSA-4912-1}
- exim4 4.94.2-1
NOTE: Introduced by: https://git.exim.org/exim.git/commit/7e3ce68e68ab9b8906a637d352993abf361554e2 (exim-4_88_RC1)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28018
+ RESERVED
- exim4 4.94.2-1 (unimportant)
[buster] - exim4 4.92-8+deb10u6
[stretch] - exim4 <not-affected> (Vulnerable code introduced later)
@@ -38923,41 +38961,62 @@ CVE-2020-28018
NOTE: Debian Exim is built with GnuTLS, not OpenSSL.
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28017
+ RESERVED
+ {DSA-4912-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28016
+ RESERVED
- exim4 4.94.2-1
[buster] - exim4 <not-affected> (Vulnerable code introduced later)
[stretch] - exim4 <not-affected> (Vulnerable code introduced later)
NOTE: Introduced by: https://git.exim.org/exim.git/commit/3c90bbcdc7cf73298156f7bcd5f5e750e7814e72
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28015
+ RESERVED
+ {DSA-4912-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28014
+ RESERVED
+ {DSA-4912-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28013
+ RESERVED
+ {DSA-4912-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28012
+ RESERVED
+ {DSA-4912-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28011
+ RESERVED
+ {DSA-4912-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28010
+ RESERVED
+ {DSA-4912-1}
- exim4 4.94.2-1
[stretch] - exim4 <not-affected> (Vulnerable code introduced later)
NOTE: Introduced by: https://git.exim.org/exim.git/commit/805fd869d551c36d1d77ab2b292a7008d643ca79 (exim-4.92-RC1)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28009
+ RESERVED
+ {DSA-4912-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28008
+ RESERVED
+ {DSA-4912-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28007
+ RESERVED
+ {DSA-4912-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-25692 (A NULL pointer dereference was found in OpenLDAP server and was fixed ...)
@@ -40916,8 +40975,8 @@ CVE-2020-27520
RESERVED
CVE-2020-27519 (Pritunl Client v1.2.2550.20 contains a local privilege escalation vuln ...)
NOT-FOR-US: Pritunl Client
-CVE-2020-27518
- RESERVED
+CVE-2020-27518 (All versions of Windscribe VPN for Mac and Windows <= v2.02.10 cont ...)
+ TODO: check
CVE-2020-27517
RESERVED
CVE-2020-27516
@@ -52280,8 +52339,8 @@ CVE-2020-22430
RESERVED
CVE-2020-22429
RESERVED
-CVE-2020-22428
- RESERVED
+CVE-2020-22428 (SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scr ...)
+ TODO: check
CVE-2020-22427 (** DISPUTED ** NagiosXI 5.6.11 is affected by a remote code execution ...)
NOT-FOR-US: Nagios XI
CVE-2020-22426
@@ -53140,8 +53199,8 @@ CVE-2020-22001 (HomeAutomation 3.3.2 suffers from an authentication bypass vulne
NOT-FOR-US: HomeAutomation
CVE-2020-22000 (HomeAutomation 3.3.2 suffers from an authenticated OS command executio ...)
NOT-FOR-US: HomeAutomation
-CVE-2020-21999
- RESERVED
+CVE-2020-21999 (iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an authent ...)
+ TODO: check
CVE-2020-21998 (In HomeAutomation 3.3.2 input passed via the 'redirect' GET parameter ...)
NOT-FOR-US: HomeAutomation
CVE-2020-21997 (Smartwares HOME easy <=1.0.9 is vulnerable to an unauthenticated da ...)
@@ -81302,7 +81361,7 @@ CVE-2020-10748 (A flaw was found in Keycloak's data filter, in version 10.0.1, w
NOT-FOR-US: Keycloak
CVE-2020-10747
REJECTED
-CVE-2020-10746 (A flaw was found in Infinispan version 10, where it permits local acce ...)
+CVE-2020-10746 (A flaw was found in Infinispan (org.infinispan:infinispan-server-runti ...)
NOT-FOR-US: Infinispan
CVE-2020-10745 (A flaw was found in all Samba versions before 4.10.17, before 4.11.11 ...)
{DLA-2463-1}
@@ -96201,8 +96260,8 @@ CVE-2020-4989
RESERVED
CVE-2020-4988 (Loopback 8.0.0 contains a vulnerability that could allow an attacker t ...)
NOT-FOR-US: IBM
-CVE-2020-4987
- RESERVED
+CVE-2020-4987 (IBM FlashSystem 900 1.5.2.9 and 1.6.1.3 user management GUI is vulnera ...)
+ TODO: check
CVE-2020-4986
RESERVED
CVE-2020-4985
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb69de0e27486777d954bd845a0bc9e18518459f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb69de0e27486777d954bd845a0bc9e18518459f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210505/2e3d8f43/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list