[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu May 6 21:10:36 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1fe7c894 by security tracker role at 2021-05-06T20:10:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,43 @@
+CVE-2021-3539
+ RESERVED
+CVE-2021-3538
+ RESERVED
+CVE-2021-32077
+ RESERVED
+CVE-2021-32076
+ RESERVED
+CVE-2021-32075
+ RESERVED
+CVE-2021-32074
+ RESERVED
+CVE-2021-32073
+ RESERVED
+CVE-2021-32072
+ RESERVED
+CVE-2021-32071
+ RESERVED
+CVE-2021-32070
+ RESERVED
+CVE-2021-32069
+ RESERVED
+CVE-2021-32068
+ RESERVED
+CVE-2021-32067
+ RESERVED
+CVE-2021-32066
+ RESERVED
+CVE-2021-32065
+ RESERVED
+CVE-2021-32064
+ RESERVED
+CVE-2021-32063
+ RESERVED
+CVE-2021-32062 (MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x ...)
+ TODO: check
+CVE-2019-25043 (ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as dem ...)
+ TODO: check
CVE-2021-3537 [NULL pointer dereference in valid.c in xmlValidBuildAContentModel]
+ RESERVED
- libxml2 2.9.10+dfsg-6.6 (bug #988123)
[buster] - libxml2 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/243
@@ -25,8 +64,7 @@ CVE-2021-32054
RESERVED
CVE-2021-32053
RESERVED
-CVE-2021-32052
- RESERVED
+CVE-2021-32052 (In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 ( ...)
- python-django 2:2.2.22-1 (bug #988136; unimportant)
NOTE: https://www.djangoproject.com/weblog/2021/may/06/security-releases/
NOTE: Only an issue in combination with python3.9 3.9.5+
@@ -139,8 +177,8 @@ CVE-2021-32055 (Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 t
NOTE: https://gitlab.com/muttmua/mutt/-/commit/7c4779ac24d2fb68a2a47b58c7904118f40965d5
NOTE: https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc
NOTE: imap_qresync not enabled by default and considered an experimental feature
-CVE-2021-32030
- RESERVED
+CVE-2021-32030 (The administrator application on ASUS GT-AC2900 devices before 3.0.0.4 ...)
+ TODO: check
CVE-2021-32029
RESERVED
CVE-2021-32028
@@ -398,13 +436,11 @@ CVE-2021-31920
RESERVED
CVE-2021-31919 (An issue was discovered in the rkyv crate before 0.6.0 for Rust. When ...)
NOT-FOR-US: Rust crate rkyv
-CVE-2021-31918
- RESERVED
+CVE-2021-31918 (A flaw was found in tripleo-ansible version as shipped in Red Hat Open ...)
NOT-FOR-US: tripleo-ansible
CVE-2021-31917
RESERVED
-CVE-2021-31916 [out of bounds array access in drivers/md/dm-ioctl.c]
- RESERVED
+CVE-2021-31916 (An out-of-bounds (OOB) memory write flaw was found in list_devices in ...)
- linux 5.10.28-1
NOTE: https://git.kernel.org/linus/4edbe1d7bcffcd6269f3b5eb63f710393ff2ec7a
NOTE: https://www.openwall.com/lists/oss-security/2021/03/28/1
@@ -669,12 +705,11 @@ CVE-2021-3514 [sync_repl NULL pointer dereference in sync_create_state_control()
RESERVED
- 389-ds-base <unfixed>
NOTE: https://github.com/389ds/389-ds-base/issues/4711
-CVE-2021-31829
- RESERVED
+CVE-2021-31829 (kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs unde ...)
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/4
-CVE-2021-31828
- RESERVED
+CVE-2021-31828 (An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 ...)
+ TODO: check
CVE-2021-31827
RESERVED
CVE-2021-31825
@@ -698,50 +733,62 @@ CVE-2021-31817
CVE-2021-31816
RESERVED
CVE-2019-25042 (Unbound before 1.9.5 allows an out-of-bounds write via a compressed na ...)
+ {DLA-2652-1}
- unbound 1.9.6-1
[stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
NOTE: https://github.com/NLnetLabs/unbound/commit/6c3a0b54ed8ace93d5b5ca7b8078dc87e75cd640
CVE-2019-25041 (Unbound before 1.9.5 allows an assertion failure via a compressed name ...)
+ {DLA-2652-1}
- unbound 1.9.6-1
[stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
NOTE: https://github.com/NLnetLabs/unbound/commit/2d444a5037acff6024630b88092d9188f2f5d8fe
CVE-2019-25040 (Unbound before 1.9.5 allows an infinite loop via a compressed name in ...)
+ {DLA-2652-1}
- unbound 1.9.6-1
[stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
NOTE: https://github.com/NLnetLabs/unbound/commit/2d444a5037acff6024630b88092d9188f2f5d8fe
CVE-2019-25039 (Unbound before 1.9.5 allows an integer overflow in a size calculation ...)
+ {DLA-2652-1}
- unbound 1.9.6-1
[stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
NOTE: https://github.com/NLnetLabs/unbound/commit/02080f6b180232f43b77f403d0c038e9360a460f
CVE-2019-25038 (Unbound before 1.9.5 allows an integer overflow in a size calculation ...)
+ {DLA-2652-1}
- unbound 1.9.6-1
[stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
NOTE: https://github.com/NLnetLabs/unbound/commit/02080f6b180232f43b77f403d0c038e9360a460f
CVE-2019-25037 (Unbound before 1.9.5 allows an assertion failure and denial of service ...)
+ {DLA-2652-1}
- unbound 1.9.6-1
[stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
NOTE: https://github.com/NLnetLabs/unbound/commit/d2eb78e871153f22332d30c6647f3815148f21e5
CVE-2019-25036 (Unbound before 1.9.5 allows an assertion failure and denial of service ...)
+ {DLA-2652-1}
- unbound 1.9.6-1
[stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
NOTE: https://github.com/NLnetLabs/unbound/commit/f5e06689d193619c57c33270c83f5e40781a261d
CVE-2019-25035 (Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token ...)
+ {DLA-2652-1}
- unbound 1.9.6-1
[stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
NOTE: https://github.com/NLnetLabs/unbound/commit/fa23ee8f31ba9a018c720ea822faaee639dc7a9c
CVE-2019-25034 (Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dnam ...)
+ {DLA-2652-1}
- unbound 1.9.6-1
[stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
NOTE: https://github.com/NLnetLabs/unbound/commit/a3545867fcdec50307c776ce0af28d07046a52dd
CVE-2019-25033 (Unbound before 1.9.5 allows an integer overflow in the regional alloca ...)
+ {DLA-2652-1}
- unbound 1.9.6-1
[stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
NOTE: https://github.com/NLnetLabs/unbound/commit/226298bbd36f1f0fd9608e98c2ae85988b7bbdb8
CVE-2019-25032 (Unbound before 1.9.5 allows an integer overflow in the regional alloca ...)
+ {DLA-2652-1}
- unbound 1.9.6-1
[stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
NOTE: https://github.com/NLnetLabs/unbound/commit/226298bbd36f1f0fd9608e98c2ae85988b7bbdb8
CVE-2019-25031 (Unbound before 1.9.5 allows configuration injection in create_unbound_ ...)
+ {DLA-2652-1}
- unbound 1.9.6-1
[stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
NOTE: https://github.com/NLnetLabs/unbound/commit/f887552763477a606a9608b0f6b498685e0f6587
@@ -805,8 +852,8 @@ CVE-2021-31795 (The PowerVR GPU kernel driver in pvrsrvkm.ko through 2021-04-24
NOT-FOR-US: PowerVR GPU kernel driver (OOT)
CVE-2021-31794 (Settings.aspx?view=About in Directum 5.8.2 allows XSS via the HTTP Use ...)
NOT-FOR-US: Directum
-CVE-2021-31793
- RESERVED
+CVE-2021-31793 (An issue exists on NightOwl WDB-20-V2 WDB-20-V2_20190314 devices that ...)
+ TODO: check
CVE-2021-31792 (XSS in the client account page in SuiteCRM before 7.11.19 allows an at ...)
NOT-FOR-US: SuiteCRM
CVE-2021-31791 (In Hardware Sentry KM before 10.0.01 for BMC PATROL, a cleartext passw ...)
@@ -1168,8 +1215,8 @@ CVE-2021-31618
RESERVED
CVE-2021-31617
RESERVED
-CVE-2021-31616
- RESERVED
+CVE-2021-31616 (Insufficient length checks in the ShapeShift KeepKey hardware wallet f ...)
+ TODO: check
CVE-2021-31615
RESERVED
CVE-2021-31614
@@ -1306,6 +1353,7 @@ CVE-2021-31544
CVE-2021-31543
RESERVED
CVE-2021-31542 (In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, M ...)
+ {DLA-2651-1}
- python-django 2:2.2.21-1 (bug #988053)
NOTE: https://www.djangoproject.com/weblog/2021/may/04/security-releases/
NOTE: https://github.com/django/django/commit/0b79eb36915d178aef5c6a7bbce71b1e76d376d3 (main)
@@ -1328,8 +1376,8 @@ CVE-2021-31534
RESERVED
CVE-2021-31533
RESERVED
-CVE-2021-31532
- RESERVED
+CVE-2021-31532 (NXP LPC55S6x microcontrollers (0A and 1B), i.MX RT500 (silicon rev B1 ...)
+ TODO: check
CVE-2021-31531
RESERVED
CVE-2021-31530
@@ -1382,8 +1430,7 @@ CVE-2021-3508 (A flaw was found in PDFResurrect in version 0.22b. There is an in
NOTE: https://github.com/enferex/pdfresurrect/issues/17
NOTE: https://github.com/enferex/pdfresurrect/commit/7e35d1806e111fd28610ccc86bb33f54792ac370
NOTE: Hang in CLI tool, no security impact
-CVE-2021-3507 [fdc: heap buffer overflow in DMA read data transfers]
- RESERVED
+CVE-2021-3507 (A heap buffer overflow was found in the floppy disk emulator of QEMU u ...)
- qemu <unfixed> (bug #987410)
[bullseye] - qemu <no-dsa> (Minor issue)
[buster] - qemu <no-dsa> (Minor issue)
@@ -1613,8 +1660,7 @@ CVE-2021-31418 (This vulnerability allows local attackers to disclose sensitive
NOT-FOR-US: Parallels Desktop
CVE-2021-31417 (This vulnerability allows local attackers to disclose sensitive inform ...)
NOT-FOR-US: Parallels Desktop
-CVE-2021-3501 [userspace applications can misuse the KVM API to cause a write of 16 bytes at an offset up to 32 GB from vcpu->run]
- RESERVED
+CVE-2021-3501 (A flaw was found in the Linux kernel in versions before 5.12. The valu ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/04c4f2ee3f68c9a4bf1653d15f1a9a435ae33f7a
CVE-2021-31416
@@ -1627,12 +1673,12 @@ CVE-2021-31413
RESERVED
CVE-2021-31412
RESERVED
-CVE-2021-31411
- RESERVED
+CVE-2021-31411 (Insecure temporary directory usage in frontend build functionality of ...)
+ TODO: check
CVE-2021-31410 (Overly relaxed configuration of frontend resources server in Vaadin De ...)
NOT-FOR-US: Vaadin
-CVE-2021-31409
- RESERVED
+CVE-2021-31409 (Unsafe validation RegEx in EmailValidator component in com.vaadin:vaad ...)
+ TODO: check
CVE-2021-31408 (Authentication.logout() helper in com.vaadin:flow-client versions 5.0. ...)
NOT-FOR-US: Vaadin
CVE-2021-31407 (Vulnerability in OSGi integration in com.vaadin:flow-server versions 1 ...)
@@ -1988,8 +2034,8 @@ CVE-2021-31247
RESERVED
CVE-2021-31246
RESERVED
-CVE-2021-31245
- RESERVED
+CVE-2021-31245 (omr-admin.py in openmptcprouter-vps-admin 0.57.3 and earlier compares ...)
+ TODO: check
CVE-2021-31244
RESERVED
CVE-2021-31243
@@ -3695,8 +3741,8 @@ CVE-2021-30475
RESERVED
CVE-2021-30474
RESERVED
-CVE-2021-30473
- RESERVED
+CVE-2021-30473 (aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that i ...)
+ TODO: check
CVE-2021-30472
RESERVED
- libpodofo <unfixed> (bug #986794)
@@ -5008,8 +5054,7 @@ CVE-2021-29923
RESERVED
CVE-2021-29922
RESERVED
-CVE-2021-29921 [Improper input validation of octal strings]
- RESERVED
+CVE-2021-29921 (Improper input validation of octal strings in Python stdlib ipaddress ...)
[experimental] - python3.9 3.9.5-1
- python3.9 <unfixed>
NOTE: https://bugs.python.org/issue36384#msg392423
@@ -5952,10 +5997,10 @@ CVE-2021-29493
RESERVED
CVE-2021-29492
RESERVED
-CVE-2021-29491
- RESERVED
-CVE-2021-29490
- RESERVED
+CVE-2021-29491 (Mixme is a library for recursive merging of Javascript objects. In Nod ...)
+ TODO: check
+CVE-2021-29490 (Jellyfin is a free software media system that provides media from a de ...)
+ TODO: check
CVE-2021-29489 (Highcharts JS is a JavaScript charting library based on SVG. In Highch ...)
NOT-FOR-US: Highcharts JS
CVE-2021-29488
@@ -6925,8 +6970,8 @@ CVE-2021-29103
RESERVED
CVE-2021-29102
RESERVED
-CVE-2021-29101
- RESERVED
+CVE-2021-29101 (ArcGIS GeoEvent Server versions 10.8.1 and below has a read-only direc ...)
+ TODO: check
CVE-2021-29100 (A path traversal vulnerability exists in Esri ArcGIS Earth versions 1. ...)
NOT-FOR-US: Esri
CVE-2021-29099
@@ -9034,14 +9079,14 @@ CVE-2021-28155
RESERVED
CVE-2021-28154 (** DISPUTED ** Camunda Modeler (aka camunda-modeler) through 4.6.0 all ...)
NOT-FOR-US: Camunda Modeler
-CVE-2021-28152
- RESERVED
-CVE-2021-28151
- RESERVED
-CVE-2021-28150
- RESERVED
-CVE-2021-28149
- RESERVED
+CVE-2021-28152 (Hongdian H8922 3.0.5 devices have an undocumented feature that allows ...)
+ TODO: check
+CVE-2021-28151 (Hongdian H8922 3.0.5 devices allow OS command injection via shell meta ...)
+ TODO: check
+CVE-2021-28150 (Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read ...)
+ TODO: check
+CVE-2021-28149 (Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_downl ...)
+ TODO: check
CVE-2021-28148 (One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x ...)
- grafana <removed>
CVE-2021-28147 (The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x bef ...)
@@ -9149,8 +9194,8 @@ CVE-2021-28130
RESERVED
CVE-2021-28129
RESERVED
-CVE-2021-28128
- RESERVED
+CVE-2021-28128 (In Strapi through 3.6.0, the admin panel allows the changing of one's ...)
+ TODO: check
CVE-2021-28127
RESERVED
CVE-2021-28126 (index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1 ...)
@@ -11274,8 +11319,7 @@ CVE-2021-27220 (An issue was discovered in PRTG Network Monitor before 21.1.66.1
NOT-FOR-US: PRTG Network Monitor
CVE-2021-27217 (An issue was discovered in the _send_secure_msg() function of Yubico y ...)
NOT-FOR-US: YubiHSM 2 SDK
-CVE-2021-27216
- RESERVED
+CVE-2021-27216 (Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By lev ...)
- exim4 4.94.2-1
[buster] - exim4 <not-affected> (Vulnerable code introduced later)
[stretch] - exim4 <not-affected> (Vulnerable code introduced later)
@@ -12892,8 +12936,8 @@ CVE-2021-26545
RESERVED
CVE-2021-26544 (Livy server version 0.7.0-incubating (only) is vulnerable to a cross s ...)
NOT-FOR-US: Apache Livy
-CVE-2021-26543
- RESERVED
+CVE-2021-26543 (The "gitDiff" function in Wayfair git-parse <=1.0.4 has a command i ...)
+ TODO: check
CVE-2021-26542
RESERVED
CVE-2021-26541 (The gitlog function in src/index.ts in gitlog before 4.0.4 has a comma ...)
@@ -18209,8 +18253,8 @@ CVE-2021-24295
RESERVED
CVE-2021-24294
RESERVED
-CVE-2021-24293
- RESERVED
+CVE-2021-24293 (In the eCommerce module of the NextGEN Gallery Pro WordPress plugin be ...)
+ TODO: check
CVE-2021-24292
RESERVED
CVE-2021-24291
@@ -18243,74 +18287,74 @@ CVE-2021-24278
RESERVED
CVE-2021-24277
RESERVED
-CVE-2021-24276
- RESERVED
-CVE-2021-24275
- RESERVED
-CVE-2021-24274
- RESERVED
-CVE-2021-24273
- RESERVED
-CVE-2021-24272
- RESERVED
-CVE-2021-24271
- RESERVED
-CVE-2021-24270
- RESERVED
-CVE-2021-24269
- RESERVED
-CVE-2021-24268
- RESERVED
-CVE-2021-24267
- RESERVED
-CVE-2021-24266
- RESERVED
-CVE-2021-24265
- RESERVED
-CVE-2021-24264
- RESERVED
-CVE-2021-24263
- RESERVED
-CVE-2021-24262
- RESERVED
-CVE-2021-24261
- RESERVED
-CVE-2021-24260
- RESERVED
-CVE-2021-24259
- RESERVED
-CVE-2021-24258
- RESERVED
-CVE-2021-24257
- RESERVED
-CVE-2021-24256
- RESERVED
-CVE-2021-24255
- RESERVED
-CVE-2021-24254
- RESERVED
-CVE-2021-24253
- RESERVED
-CVE-2021-24252
- RESERVED
-CVE-2021-24251
- RESERVED
-CVE-2021-24250
- RESERVED
-CVE-2021-24249
- RESERVED
-CVE-2021-24248
- RESERVED
-CVE-2021-24247
- RESERVED
-CVE-2021-24246
- RESERVED
-CVE-2021-24245
- RESERVED
-CVE-2021-24244
- RESERVED
-CVE-2021-24243
- RESERVED
+CVE-2021-24276 (The Contact Form by Supsystic WordPress plugin before 1.7.15 did not s ...)
+ TODO: check
+CVE-2021-24275 (The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise ...)
+ TODO: check
+CVE-2021-24274 (The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not s ...)
+ TODO: check
+CVE-2021-24273 (The “Clever Addons for Elementor” WordPress Plugin before ...)
+ TODO: check
+CVE-2021-24272 (The fitness calculators WordPress plugin before 1.9.6 add calculators ...)
+ TODO: check
+CVE-2021-24271 (The “Ultimate Addons for Elementor” WordPress Plugin befor ...)
+ TODO: check
+CVE-2021-24270 (The “DeTheme Kit for Elementor” WordPress Plugin before 1. ...)
+ TODO: check
+CVE-2021-24269 (The “Sina Extension for Elementor” WordPress Plugin before ...)
+ TODO: check
+CVE-2021-24268 (The “JetWidgets For Elementor” WordPress Plugin before 1.0 ...)
+ TODO: check
+CVE-2021-24267 (The “All-in-One Addons for Elementor – WidgetKit” Wo ...)
+ TODO: check
+CVE-2021-24266 (The “The Plus Addons for Elementor Page Builder Lite” Word ...)
+ TODO: check
+CVE-2021-24265 (The “Rife Elementor Extensions & Templates” WordPress ...)
+ TODO: check
+CVE-2021-24264 (The “Image Hover Effects – Elementor Addon” WordPres ...)
+ TODO: check
+CVE-2021-24263 (The “Elementor Addons – PowerPack Addons for ElementorR ...)
+ TODO: check
+CVE-2021-24262 (The “WooLentor – WooCommerce Elementor Addons + Builder ...)
+ TODO: check
+CVE-2021-24261 (The “HT Mega – Absolute Addons for Elementor Page Builder& ...)
+ TODO: check
+CVE-2021-24260 (The “Livemesh Addons for Elementor” WordPress Plugin befor ...)
+ TODO: check
+CVE-2021-24259 (The “Elementor Addon Elements” WordPress Plugin before 1.1 ...)
+ TODO: check
+CVE-2021-24258 (The Elements Kit Lite and Elements Kit Pro WordPress Plugins before 2. ...)
+ TODO: check
+CVE-2021-24257 (The “Premium Addons for Elementor” WordPress Plugin before ...)
+ TODO: check
+CVE-2021-24256 (The “Elementor – Header, Footer & Blocks Template̶ ...)
+ TODO: check
+CVE-2021-24255 (The Essential Addons for Elementor Lite WordPress Plugin before 4.5.4 ...)
+ TODO: check
+CVE-2021-24254 (The College publisher Import WordPress plugin through 0.1 does not che ...)
+ TODO: check
+CVE-2021-24253 (The Classyfrieds WordPress plugin through 3.8 does not properly check ...)
+ TODO: check
+CVE-2021-24252 (The Event Banner WordPress plugin through 1.3 does not verify the uplo ...)
+ TODO: check
+CVE-2021-24251 (The Business Directory Plugin – Easy Listing Directories for Wor ...)
+ TODO: check
+CVE-2021-24250 (The Business Directory Plugin – Easy Listing Directories for Wor ...)
+ TODO: check
+CVE-2021-24249 (The Business Directory Plugin – Easy Listing Directories for Wor ...)
+ TODO: check
+CVE-2021-24248 (The Business Directory Plugin – Easy Listing Directories for Wor ...)
+ TODO: check
+CVE-2021-24247 (The Contact Form Check Tester WordPress plugin through 1.0.2 settings ...)
+ TODO: check
+CVE-2021-24246 (The Workscout Core WordPress plugin before 1.3.4, used by the WorkScou ...)
+ TODO: check
+CVE-2021-24245 (The Stop Spammers WordPress plugin before 2021.9 did not escape user i ...)
+ TODO: check
+CVE-2021-24244 (An AJAX action registered by the WPBakery Page Builder (Visual Compose ...)
+ TODO: check
+CVE-2021-24243 (An AJAX action registered by the WPBakery Page Builder (Visual Compose ...)
+ TODO: check
CVE-2021-24242 (The Tutor LMS – eLearning and online course solution WordPress p ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24241 (The Advanced Custom Fields Pro WordPress plugin before 5.9.1 did not p ...)
@@ -18323,8 +18367,8 @@ CVE-2021-24238 (The Realteo WordPress plugin before 1.2.4, used by the Findeo Th
NOT-FOR-US: WordPress plugin
CVE-2021-24237 (The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, d ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24236
- RESERVED
+CVE-2021-24236 (The Imagements WordPress plugin through 1.2.5 allows images to be uplo ...)
+ TODO: check
CVE-2021-24235 (The Goto WordPress theme before 2.0 does not sanitise the keywords and ...)
NOT-FOR-US: WordPress theme
CVE-2021-24234 (The Search Forms page of the Ivory Search WordPress lugin before 4.6.1 ...)
@@ -18367,8 +18411,8 @@ CVE-2021-24216
RESERVED
CVE-2021-24215 (An Improper Access Control vulnerability was discovered in the Control ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24214
- RESERVED
+CVE-2021-24214 (The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did ...)
+ TODO: check
CVE-2021-24213 (The GiveWP – Donation Plugin and Fundraising Platform WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24212 (The WooCommerce Help Scout WordPress plugin before 2.9.1 (https://wooc ...)
@@ -18437,10 +18481,10 @@ CVE-2021-24181 (The tutor_mark_answer_as_correct AJAX action from the Tutor LMS
NOT-FOR-US: Wordpress plugin
CVE-2021-24180 (Unvalidated input and lack of output encoding within the Related Posts ...)
NOT-FOR-US: Wordpress plugin
-CVE-2021-24179
- RESERVED
-CVE-2021-24178
- RESERVED
+CVE-2021-24179 (The Business Directory Plugin – Easy Listing Directories for Wor ...)
+ TODO: check
+CVE-2021-24178 (The Business Directory Plugin – Easy Listing Directories for Wor ...)
+ TODO: check
CVE-2021-24177 (In the default configuration of the File Manager WordPress plugin befo ...)
NOT-FOR-US: Wordpress plugin
CVE-2021-24176 (The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the re ...)
@@ -22902,14 +22946,14 @@ CVE-2021-22213
RESERVED
CVE-2021-22212
RESERVED
-CVE-2021-22211
- RESERVED
-CVE-2021-22210
- RESERVED
-CVE-2021-22209
- RESERVED
-CVE-2021-22208
- RESERVED
+CVE-2021-22211 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ TODO: check
+CVE-2021-22210 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ TODO: check
+CVE-2021-22209 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ TODO: check
+CVE-2021-22208 (An issue has been discovered in GitLab affecting versions starting wit ...)
+ TODO: check
CVE-2021-22207 (Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to ...)
- wireshark <unfixed> (bug #987853)
[bullseye] - wireshark <postponed> (Minor issue, can be fixed along in future update)
@@ -22917,8 +22961,8 @@ CVE-2021-22207 (Excessive memory consumption in MS-WSP dissector in Wireshark 3.
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17331
NOTE: https://gitlab.com/wireshark/wireshark/-/commit/b7a0650e061b5418ab4a8f72c6e4b00317aff623
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-04.html
-CVE-2021-22206
- RESERVED
+CVE-2021-22206 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
CVE-2021-22205 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
CVE-2021-22204 (Improper neutralization of user data in the DjVu file format in ExifTo ...)
@@ -24301,8 +24345,8 @@ CVE-2021-21552
RESERVED
CVE-2021-21551 (Dell dbutil_2_3.sys driver contains an insufficient access control vul ...)
NOT-FOR-US: Dell
-CVE-2021-21550
- RESERVED
+CVE-2021-21550 (Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralizati ...)
+ TODO: check
CVE-2021-21549
RESERVED
CVE-2021-21548
@@ -24347,8 +24391,8 @@ CVE-2021-21529 (Dell System Update (DSU) 1.9 and earlier versions contain a deni
NOT-FOR-US: Dell System Update (DSU)
CVE-2021-21528
RESERVED
-CVE-2021-21527
- RESERVED
+CVE-2021-21527 (Dell PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization o ...)
+ TODO: check
CVE-2021-21526 (Dell PowerScale OneFS 8.1.0 - 9.1.0 contains a privilege escalation in ...)
NOT-FOR-US: Dell PowerScale OneFS
CVE-2021-21525
@@ -24391,8 +24435,8 @@ CVE-2021-21507 (Dell EMC Networking X-Series firmware versions prior to 3.0.1.8
NOT-FOR-US: EMC
CVE-2021-21506 (PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sani ...)
NOT-FOR-US: PowerScale OneFS
-CVE-2021-21505
- RESERVED
+CVE-2021-21505 (Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 190 ...)
+ TODO: check
CVE-2021-21504
RESERVED
CVE-2021-21503 (PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sani ...)
@@ -29164,8 +29208,7 @@ CVE-2021-20205 (Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a deni
- libjpeg-turbo <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/493
NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/1719d12e51641cce5c77e259516649ba5ef6303c
-CVE-2021-20204 [Use after free in _GD_Supports() in encoding.c]
- RESERVED
+CVE-2021-20204 (A heap memory corruption problem (use after free) can be triggered in ...)
- libgetdata <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1956348
TODO: check details
@@ -29608,8 +29651,7 @@ CVE-2020-35521 (A flaw was found in libtiff. Due to a memory allocation failure
NOTE: Crash in CLI tool, no security impact
CVE-2020-35520
RESERVED
-CVE-2020-35519
- RESERVED
+CVE-2020-35519 (An out-of-bounds (OOB) memory access flaw was found in x25_bind in net ...)
- linux 5.9.15-1
[buster] - linux 4.19.171-1
[stretch] - linux 4.9.258-1
@@ -35152,18 +35194,18 @@ CVE-2021-1537
RESERVED
CVE-2021-1536
RESERVED
-CVE-2021-1535
- RESERVED
+CVE-2021-1535 (A vulnerability in the cluster management interface of Cisco SD-WAN vM ...)
+ TODO: check
CVE-2021-1534
RESERVED
CVE-2021-1533
RESERVED
-CVE-2021-1532
- RESERVED
+CVE-2021-1532 (A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence ...)
+ TODO: check
CVE-2021-1531
RESERVED
-CVE-2021-1530
- RESERVED
+CVE-2021-1530 (A vulnerability in the web-based management interface of Cisco BroadWo ...)
+ TODO: check
CVE-2021-1529
RESERVED
CVE-2021-1528
@@ -35180,40 +35222,40 @@ CVE-2021-1523
RESERVED
CVE-2021-1522
RESERVED
-CVE-2021-1521
- RESERVED
-CVE-2021-1520
- RESERVED
-CVE-2021-1519
- RESERVED
+CVE-2021-1521 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...)
+ TODO: check
+CVE-2021-1520 (A vulnerability in the internal message processing of Cisco RV340, RV3 ...)
+ TODO: check
+CVE-2021-1519 (A vulnerability in the interprocess communication (IPC) channel of Cis ...)
+ TODO: check
CVE-2021-1518
RESERVED
CVE-2021-1517
RESERVED
-CVE-2021-1516
- RESERVED
-CVE-2021-1515
- RESERVED
-CVE-2021-1514
- RESERVED
-CVE-2021-1513
- RESERVED
-CVE-2021-1512
- RESERVED
-CVE-2021-1511
- RESERVED
-CVE-2021-1510
- RESERVED
-CVE-2021-1509
- RESERVED
-CVE-2021-1508
- RESERVED
-CVE-2021-1507
- RESERVED
-CVE-2021-1506
- RESERVED
-CVE-2021-1505
- RESERVED
+CVE-2021-1516 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
+ TODO: check
+CVE-2021-1515 (A vulnerability in Cisco SD-WAN vManage Software could allow an unauth ...)
+ TODO: check
+CVE-2021-1514 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...)
+ TODO: check
+CVE-2021-1513 (A vulnerability in the vDaemon process of Cisco SD-WAN Software could ...)
+ TODO: check
+CVE-2021-1512 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...)
+ TODO: check
+CVE-2021-1511 (Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an ...)
+ TODO: check
+CVE-2021-1510 (Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an ...)
+ TODO: check
+CVE-2021-1509 (Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an ...)
+ TODO: check
+CVE-2021-1508 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...)
+ TODO: check
+CVE-2021-1507 (A vulnerability in an API of Cisco SD-WAN vManage Software could allow ...)
+ TODO: check
+CVE-2021-1506 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...)
+ TODO: check
+CVE-2021-1505 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...)
+ TODO: check
CVE-2021-1504 (Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) So ...)
NOT-FOR-US: Cisco
CVE-2021-1503
@@ -35224,14 +35266,14 @@ CVE-2021-1501 (A vulnerability in the SIP inspection engine of Cisco Adaptive Se
NOT-FOR-US: Cisco
CVE-2021-1500
RESERVED
-CVE-2021-1499
- RESERVED
-CVE-2021-1498
- RESERVED
-CVE-2021-1497
- RESERVED
-CVE-2021-1496
- RESERVED
+CVE-2021-1499 (A vulnerability in the web-based management interface of Cisco HyperFl ...)
+ TODO: check
+CVE-2021-1498 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2021-1497 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2021-1496 (Multiple vulnerabilities in the install, uninstall, and upgrade proces ...)
+ TODO: check
CVE-2021-1495 (Multiple Cisco products are affected by a vulnerability in the Snort d ...)
NOT-FOR-US: Cisco
CVE-2021-1494
@@ -35242,16 +35284,16 @@ CVE-2021-1492 (The Duo Authentication Proxy installer prior to 5.2.1 did not pro
NOT-FOR-US: Duo Authentication Proxy
CVE-2021-1491
RESERVED
-CVE-2021-1490
- RESERVED
+CVE-2021-1490 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
+ TODO: check
CVE-2021-1489 (A vulnerability in filesystem usage management for Cisco Firepower Dev ...)
NOT-FOR-US: Cisco
CVE-2021-1488 (A vulnerability in the upgrade process of Cisco Adaptive Security Appl ...)
NOT-FOR-US: Cisco
CVE-2021-1487
RESERVED
-CVE-2021-1486
- RESERVED
+CVE-2021-1486 (A vulnerability in Cisco SD-WAN vManage Software could allow an unauth ...)
+ TODO: check
CVE-2021-1485 (A vulnerability in the CLI of Cisco IOS XR Software could allow an aut ...)
NOT-FOR-US: Cisco
CVE-2021-1484
@@ -35266,8 +35308,8 @@ CVE-2021-1480 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could a
NOT-FOR-US: Cisco
CVE-2021-1479 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...)
NOT-FOR-US: Cisco
-CVE-2021-1478
- RESERVED
+CVE-2021-1478 (A vulnerability in the Java Management Extensions (JMX) component of C ...)
+ TODO: check
CVE-2021-1477 (A vulnerability in an access control mechanism of Cisco Firepower Mana ...)
NOT-FOR-US: Cisco
CVE-2021-1476 (A vulnerability in the CLI of Cisco Adaptive Security Appliance (ASA) ...)
@@ -35286,8 +35328,8 @@ CVE-2021-1470
RESERVED
CVE-2021-1469 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...)
NOT-FOR-US: Cisco
-CVE-2021-1468
- RESERVED
+CVE-2021-1468 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...)
+ TODO: check
CVE-2021-1467 (A vulnerability in Cisco Webex Meetings for Android could allow an aut ...)
NOT-FOR-US: Cisco
CVE-2021-1466
@@ -35328,8 +35370,8 @@ CVE-2021-1449 (A vulnerability in the boot logic of Cisco Access Points Software
NOT-FOR-US: Cisco
CVE-2021-1448 (A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Sof ...)
NOT-FOR-US: Cisco
-CVE-2021-1447
- RESERVED
+CVE-2021-1447 (A vulnerability in the user account management system of Cisco AsyncOS ...)
+ TODO: check
CVE-2021-1446 (A vulnerability in the DNS application layer gateway (ALG) functionali ...)
NOT-FOR-US: Cisco
CVE-2021-1445 (Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) So ...)
@@ -35346,8 +35388,8 @@ CVE-2021-1440
RESERVED
CVE-2021-1439 (A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco A ...)
NOT-FOR-US: Cisco
-CVE-2021-1438
- RESERVED
+CVE-2021-1438 (A vulnerability in Cisco Wide Area Application Services (WAAS) Softwar ...)
+ TODO: check
CVE-2021-1437 (A vulnerability in the FlexConnect Upgrade feature of Cisco Aironet Se ...)
NOT-FOR-US: Cisco
CVE-2021-1436 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...)
@@ -35362,16 +35404,16 @@ CVE-2021-1432 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could
NOT-FOR-US: Cisco
CVE-2021-1431 (A vulnerability in the vDaemon process of Cisco IOS XE SD-WAN Software ...)
NOT-FOR-US: Cisco
-CVE-2021-1430
- RESERVED
-CVE-2021-1429
- RESERVED
-CVE-2021-1428
- RESERVED
-CVE-2021-1427
- RESERVED
-CVE-2021-1426
- RESERVED
+CVE-2021-1430 (Multiple vulnerabilities in the install, uninstall, and upgrade proces ...)
+ TODO: check
+CVE-2021-1429 (Multiple vulnerabilities in the install, uninstall, and upgrade proces ...)
+ TODO: check
+CVE-2021-1428 (Multiple vulnerabilities in the install, uninstall, and upgrade proces ...)
+ TODO: check
+CVE-2021-1427 (Multiple vulnerabilities in the install, uninstall, and upgrade proces ...)
+ TODO: check
+CVE-2021-1426 (Multiple vulnerabilities in the install, uninstall, and upgrade proces ...)
+ TODO: check
CVE-2021-1425
RESERVED
CVE-2021-1424
@@ -35380,8 +35422,8 @@ CVE-2021-1423 (A vulnerability in the implementation of a CLI command in Cisco A
NOT-FOR-US: Cisco
CVE-2021-1422
RESERVED
-CVE-2021-1421
- RESERVED
+CVE-2021-1421 (A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS ...)
+ TODO: check
CVE-2021-1420 (A vulnerability in certain web pages of Cisco Webex Meetings could all ...)
NOT-FOR-US: Cisco
CVE-2021-1419
@@ -35426,16 +35468,16 @@ CVE-2021-1403 (A vulnerability in the web UI feature of Cisco IOS XE Software co
NOT-FOR-US: Cisco
CVE-2021-1402 (A vulnerability in the software-based SSL/TLS message handler of Cisco ...)
NOT-FOR-US: Cisco
-CVE-2021-1401
- RESERVED
-CVE-2021-1400
- RESERVED
+CVE-2021-1401 (Multiple vulnerabilities in the web-based management interface of cert ...)
+ TODO: check
+CVE-2021-1400 (Multiple vulnerabilities in the web-based management interface of cert ...)
+ TODO: check
CVE-2021-1399 (A vulnerability in the Self Care Portal of Cisco Unified Communication ...)
NOT-FOR-US: Cisco
CVE-2021-1398 (A vulnerability in the boot logic of Cisco IOS XE Software could allow ...)
NOT-FOR-US: Cisco
-CVE-2021-1397
- RESERVED
+CVE-2021-1397 (A vulnerability in the web-based management interface of Cisco Integra ...)
+ TODO: check
CVE-2021-1396 (Multiple vulnerabilities in Cisco Application Services Engine could al ...)
NOT-FOR-US: Cisco
CVE-2021-1395
@@ -35498,12 +35540,12 @@ CVE-2021-1367 (A vulnerability in the Protocol Independent Multicast (PIM) featu
NOT-FOR-US: Cisco
CVE-2021-1366 (A vulnerability in the interprocess communication (IPC) channel of Cis ...)
NOT-FOR-US: Cisco
-CVE-2021-1365
- RESERVED
+CVE-2021-1365 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
CVE-2021-1364 (Multiple vulnerabilities in Cisco Unified Communications Manager IM &a ...)
NOT-FOR-US: Cisco
-CVE-2021-1363
- RESERVED
+CVE-2021-1363 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
CVE-2021-1362 (A vulnerability in the SOAP API endpoint of Cisco Unified Communicatio ...)
NOT-FOR-US: Cisco
CVE-2021-1361 (A vulnerability in the implementation of an internal file management s ...)
@@ -35660,8 +35702,8 @@ CVE-2021-1286 (Multiple vulnerabilities in the web-based management interface of
NOT-FOR-US: Cisco
CVE-2021-1285
RESERVED
-CVE-2021-1284
- RESERVED
+CVE-2021-1284 (A vulnerability in the web-based messaging service interface of Cisco ...)
+ TODO: check
CVE-2021-1283 (A vulnerability in the logging subsystem of Cisco Data Center Network ...)
NOT-FOR-US: Cisco
CVE-2021-1282 (Multiple vulnerabilities in Cisco Unified Communications Manager IM &a ...)
@@ -35678,8 +35720,8 @@ CVE-2021-1277 (Multiple vulnerabilities in Cisco Data Center Network Manager (DC
NOT-FOR-US: Cisco
CVE-2021-1276 (Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) c ...)
NOT-FOR-US: Cisco
-CVE-2021-1275
- RESERVED
+CVE-2021-1275 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...)
+ TODO: check
CVE-2021-1274 (Multiple vulnerabilities in Cisco SD-WAN products could allow an unaut ...)
NOT-FOR-US: Cisco
CVE-2021-1273 (Multiple vulnerabilities in Cisco SD-WAN products could allow an unaut ...)
@@ -39129,115 +39171,95 @@ CVE-2020-28028
RESERVED
CVE-2020-28027
RESERVED
-CVE-2020-28026
- RESERVED
+CVE-2020-28026 (Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, r ...)
{DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
-CVE-2020-28025
- RESERVED
+CVE-2020-28025 (Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bo ...)
{DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: Introduced by: https://git.exim.org/exim.git/commit/80a47a2c9633437d4ceebd214cd44abfbd4f4543 (exim-4_70_RC3)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
-CVE-2020-28024
- RESERVED
+CVE-2020-28024 (Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unaut ...)
{DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
-CVE-2020-28023
- RESERVED
+CVE-2020-28023 (Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may dis ...)
{DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: Introduced by: https://git.exim.org/exim.git/commit/18481de384caecff421f23f715be916403f5d0ee (exim-4_88_RC1)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
-CVE-2020-28022
- RESERVED
+CVE-2020-28022 (Exim 4 before 4.94.2 has Improper Restriction of Write Operations with ...)
{DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: Introduced by: https://git.exim.org/exim.git/commit/d7a2c8337f7b615763d4429ab27653862756b6fb (exim-4_89_RC1)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
-CVE-2020-28021
- RESERVED
+CVE-2020-28021 (Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. A ...)
{DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
-CVE-2020-28020
- RESERVED
+CVE-2020-28020 (Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in whic ...)
{DLA-2650-1}
- exim4 4.92~RC5-1
NOTE: Fixed by: https://git.exim.org/exim.git/commit/56ac062a3ff94fc4e1bbfc2293119c079a4e980b (exim-4.92-RC5)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
-CVE-2020-28019
- RESERVED
+CVE-2020-28019 (Exim 4 before 4.94.2 has Improper Initialization that can lead to recu ...)
{DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: Introduced by: https://git.exim.org/exim.git/commit/7e3ce68e68ab9b8906a637d352993abf361554e2 (exim-4_88_RC1)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
-CVE-2020-28018
- RESERVED
+CVE-2020-28018 (Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain si ...)
- exim4 4.94.2-1 (unimportant)
[buster] - exim4 4.92-8+deb10u6
[stretch] - exim4 <not-affected> (Vulnerable code introduced later)
NOTE: Introduced by: https://git.exim.org/exim.git/commit/a5ffa9b475a426bc73366db01f7cc92a3811bc3a (exim-4_90_RC1)
NOTE: Debian Exim is built with GnuTLS, not OpenSSL.
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
-CVE-2020-28017
- RESERVED
+CVE-2020-28017 (Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in rec ...)
{DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
-CVE-2020-28016
- RESERVED
+CVE-2020-28016 (Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because ...)
- exim4 4.94.2-1
[buster] - exim4 <not-affected> (Vulnerable code introduced later)
[stretch] - exim4 <not-affected> (Vulnerable code introduced later)
NOTE: Introduced by: https://git.exim.org/exim.git/commit/3c90bbcdc7cf73298156f7bcd5f5e750e7814e72
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
-CVE-2020-28015
- RESERVED
+CVE-2020-28015 (Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. L ...)
{DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
-CVE-2020-28014
- RESERVED
+CVE-2020-28014 (Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The ...)
{DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
-CVE-2020-28013
- RESERVED
+CVE-2020-28013 (Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mish ...)
{DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
-CVE-2020-28012
- RESERVED
+CVE-2020-28012 (Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended ...)
{DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
-CVE-2020-28011
- RESERVED
+CVE-2020-28011 (Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run vi ...)
{DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
-CVE-2020-28010
- RESERVED
+CVE-2020-28010 (Exim 4 before 4.94.2 allows Out-of-bounds Write because the main funct ...)
{DSA-4912-1}
- exim4 4.94.2-1
[stretch] - exim4 <not-affected> (Vulnerable code introduced later)
NOTE: Introduced by: https://git.exim.org/exim.git/commit/805fd869d551c36d1d77ab2b292a7008d643ca79 (exim-4.92-RC1)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
-CVE-2020-28009
- RESERVED
+CVE-2020-28009 (Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow becaus ...)
{DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
-CVE-2020-28008
- RESERVED
+CVE-2020-28008 (Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Bec ...)
{DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
-CVE-2020-28007
- RESERVED
+CVE-2020-28007 (Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Bec ...)
{DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
@@ -46143,7 +46165,7 @@ CVE-2020-25455
RESERVED
CVE-2020-25454 (Cross-site Scripting (XSS) vulnerability in grocy 2.7.1 via the add re ...)
- grocy <itp> (bug #969056)
-CVE-2020-25453 (An issue was discovered in BlackCat CMS v.1.3.6. There is a CSRF vulne ...)
+CVE-2020-25453 (An issue was discovered in BlackCat CMS before 1.4. There is a CSRF vu ...)
NOT-FOR-US: BlackCat CMS
CVE-2020-25452
RESERVED
@@ -51162,10 +51184,10 @@ CVE-2020-23130
RESERVED
CVE-2020-23129
RESERVED
-CVE-2020-23128
- RESERVED
-CVE-2020-23127
- RESERVED
+CVE-2020-23128 (Chamilo LMS 1.11.10 does not properly manage privileges which could al ...)
+ TODO: check
+CVE-2020-23127 (Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) v ...)
+ TODO: check
CVE-2020-23126
RESERVED
CVE-2020-23125
@@ -59212,22 +59234,22 @@ CVE-2020-19116
RESERVED
CVE-2020-19115
RESERVED
-CVE-2020-19114
- RESERVED
-CVE-2020-19113
- RESERVED
-CVE-2020-19112
- RESERVED
-CVE-2020-19111
- RESERVED
-CVE-2020-19110
- RESERVED
-CVE-2020-19109
- RESERVED
-CVE-2020-19108
- RESERVED
-CVE-2020-19107
- RESERVED
+CVE-2020-19114 (SQL Injection vulnerability in Online Book Store v1.0 via the publishe ...)
+ TODO: check
+CVE-2020-19113 (Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin ...)
+ TODO: check
+CVE-2020-19112 (SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn ...)
+ TODO: check
+CVE-2020-19111 (Incorrect Access Control vulnerability in Online Book Store v1.0 via a ...)
+ TODO: check
+CVE-2020-19110 (SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn ...)
+ TODO: check
+CVE-2020-19109 (SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn ...)
+ TODO: check
+CVE-2020-19108 (SQL Injection vulnerability in Online Book Store v1.0 via the pubid pa ...)
+ TODO: check
+CVE-2020-19107 (SQL Injection vulnerability in Online Book Store v1.0 via the isbn par ...)
+ TODO: check
CVE-2020-19106
RESERVED
CVE-2020-19105
@@ -59660,12 +59682,12 @@ CVE-2020-18892
RESERVED
CVE-2020-18891
RESERVED
-CVE-2020-18890
- RESERVED
-CVE-2020-18889
- RESERVED
-CVE-2020-18888
- RESERVED
+CVE-2020-18890 (Rmote Code Execution (RCE) vulnerability in puppyCMS v5.1 due to insec ...)
+ TODO: check
+CVE-2020-18889 (Cross Site Request Forgery (CSRF) vulnerability in puppyCMS v5.1 that ...)
+ TODO: check
+CVE-2020-18888 (Arbitrary File Deletion vulnerability in puppyCMS v5.1 allows remote m ...)
+ TODO: check
CVE-2020-18887
RESERVED
CVE-2020-18886
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fe7c8949772edd17e5281b7ed4d01743cd12b22
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fe7c8949772edd17e5281b7ed4d01743cd12b22
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210506/e28e1664/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list