[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 26 21:10:35 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
257c1cea by security tracker role at 2021-05-26T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2021-33585
+ RESERVED
+CVE-2021-33584
+ RESERVED
+CVE-2021-33583
+ RESERVED
+CVE-2021-33582
+ RESERVED
+CVE-2021-33581
+ RESERVED
+CVE-2021-33580
+ RESERVED
CVE-2021-XXXX [inspircd memory disclosure]
- inspircd 3.8.1-2 (bug #989144)
[buster] - inspircd <not-affected> (Vulnerable code not present)
@@ -169,8 +181,8 @@ CVE-2021-33508 (Plone through 5.2.4 allows XSS via a full name that is mishandle
NOT-FOR-US: Plone
CVE-2021-33507 (Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService b ...)
NOT-FOR-US: Zope Products.CMFCore (as used in Plone)
-CVE-2021-33506
- RESERVED
+CVE-2021-33506 (jitsi-meet-prosody in Jitsi Meet before 5026 does not ensure that rest ...)
+ TODO: check
CVE-2021-33505
RESERVED
CVE-2021-33504
@@ -250,10 +262,10 @@ CVE-2021-33472
RESERVED
CVE-2021-33471
RESERVED
-CVE-2021-33470
- RESERVED
-CVE-2021-33469
- RESERVED
+CVE-2021-33470 (COVID19 Testing Management System 1.0 is vulnerable to SQL Injection v ...)
+ TODO: check
+CVE-2021-33469 (COVID19 Testing Management System 1.0 is vulnerable to Cross Site Scri ...)
+ TODO: check
CVE-2021-33468
RESERVED
CVE-2021-33467
@@ -819,8 +831,7 @@ CVE-2021-33196
RESERVED
CVE-2021-33195
RESERVED
-CVE-2021-33194
- RESERVED
+CVE-2021-33194 (Go through 1.15.12 and 1.16.x through 1.16.4 has a golang.org/x/net/ht ...)
- golang-golang-x-net 1:0.0+git20210119.5f4716e+dfsg-4
- golang-golang-x-net-dev <removed>
NOTE: https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ
@@ -1177,8 +1188,8 @@ CVE-2021-33040
RESERVED
CVE-2021-33039
RESERVED
-CVE-2021-33038
- RESERVED
+CVE-2021-33038 (An issue was discovered in management/commands/hyperkitty_import.py in ...)
+ TODO: check
CVE-2021-33037
RESERVED
CVE-2021-33036
@@ -2419,21 +2430,25 @@ CVE-2021-3542
NOTE: https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/
CVE-2021-32493
RESERVED
+ {DLA-2667-1}
- djvulibre 3.5.28-2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943424
NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #3 / Patch12)
CVE-2021-32492
RESERVED
+ {DLA-2667-1}
- djvulibre 3.5.28-2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943410
NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #1 / Patch10)
CVE-2021-32491
RESERVED
+ {DLA-2667-1}
- djvulibre 3.5.28-2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943409
NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #5 / Patch9)
CVE-2021-32490
RESERVED
+ {DLA-2667-1}
- djvulibre 3.5.28-2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943408
NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #4 / Patch8)
@@ -2489,8 +2504,8 @@ CVE-2021-32459
RESERVED
CVE-2021-32458
RESERVED
-CVE-2021-32457
- RESERVED
+CVE-2021-32457 (A privilege escalation vulnerability exists in the tdts.ko chrdev_ioct ...)
+ TODO: check
CVE-2021-32456 (SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access t ...)
NOT-FOR-US: SITEL CAP/PRX firmware
CVE-2021-32455 (SITEL CAP/PRX firmware version 5.2.01, allows an attacker with access ...)
@@ -4236,10 +4251,10 @@ CVE-2021-31778 (The media2click (aka 2 Clicks for External Media) extension 1.x
NOT-FOR-US: Typo3 extension
CVE-2021-31777 (The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x be ...)
NOT-FOR-US: Typo3 extension
-CVE-2019-25030
- RESERVED
-CVE-2019-25029
- RESERVED
+CVE-2019-25030 (In Versa Director, Versa Analytics and VOS, Passwords are not hashed u ...)
+ TODO: check
+CVE-2019-25029 (In Versa Director, the command injection is an attack in which the goa ...)
+ TODO: check
CVE-2020-13672 [SA-CORE-2021-002]
RESERVED
{DLA-2637-1}
@@ -5082,6 +5097,7 @@ CVE-2021-3502 (A flaw was found in avahi 0.8-5. A reachable assertion is present
NOTE: Introduced by: https://github.com/lathiat/avahi/commit/80c98fa16782e921f5b5d5c880f1d80f5c43bd49 (v0.8)
CVE-2021-3500
RESERVED
+ {DLA-2667-1}
- djvulibre 3.5.28-2 (bug #988215)
[buster] - djvulibre <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943685
@@ -13985,8 +14001,8 @@ CVE-2021-27678 (Cross-site scripting (XSS) vulnerability in Snippets in Batflat
NOT-FOR-US: Batflat CMS
CVE-2021-27677 (Cross-site scripting (XSS) vulnerability in Galleries in Batflat CMS 1 ...)
NOT-FOR-US: Batflat CMS
-CVE-2021-27676
- RESERVED
+CVE-2021-27676 (Centreon version 20.10.2 is affected by a cross-site scripting (XSS) v ...)
+ TODO: check
CVE-2021-27675
RESERVED
CVE-2021-27674
@@ -17895,12 +17911,12 @@ CVE-2021-26036
RESERVED
CVE-2021-26035
RESERVED
-CVE-2021-26034
- RESERVED
-CVE-2021-26033
- RESERVED
-CVE-2021-26032
- RESERVED
+CVE-2021-26034 (An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing tok ...)
+ TODO: check
+CVE-2021-26033 (An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing tok ...)
+ TODO: check
+CVE-2021-26032 (An issue was discovered in Joomla! 3.0.0 through 3.9.26. HTML was miss ...)
+ TODO: check
CVE-2021-26031 (An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate fi ...)
NOT-FOR-US: Joomla!
CVE-2021-26030 (An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate es ...)
@@ -18095,8 +18111,8 @@ CVE-2021-25947
RESERVED
CVE-2021-25946 (Prototype pollution vulnerability in `nconf-toml` versions 0.0.1 throu ...)
TODO: check
-CVE-2021-25945
- RESERVED
+CVE-2021-25945 (Prototype pollution vulnerability in 'js-extend' versions 0.0.1 throug ...)
+ TODO: check
CVE-2021-25944 (Prototype pollution vulnerability in 'deep-defaults' versions 1.0.0 th ...)
TODO: check
CVE-2021-25943 (Prototype pollution vulnerability in '101' versions 1.0.0 through 1.6. ...)
@@ -26000,8 +26016,7 @@ CVE-2021-22545
RESERVED
CVE-2021-22544
RESERVED
-CVE-2021-22543
- RESERVED
+CVE-2021-22543 (An issue was discovered in the Linux: KVM through Improper handling of ...)
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/05/26/3
NOTE: https://github.com/google/security-research/security/advisories/GHSA-7wq5-phmq-m584
@@ -26806,8 +26821,7 @@ CVE-2021-22162
RESERVED
CVE-2021-22161 (In OpenWrt 19.07.x before 19.07.7, when IPv6 is used, a routing loop c ...)
NOT-FOR-US: OpenWrt
-CVE-2021-22160
- RESERVED
+CVE-2021-22160 (If Apache Pulsar is configured to authenticate clients using tokens ba ...)
NOT-FOR-US: Apache Pulsar
CVE-2020-36159 (Veritas Desktop and Laptop Option (DLO) before 9.5 disclosed operation ...)
NOT-FOR-US: Veritas
@@ -27169,10 +27183,10 @@ CVE-2021-21988 (VMware Workstation (16.x prior to 16.1.2) and Horizon Client for
NOT-FOR-US: VMware
CVE-2021-21987 (VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windo ...)
NOT-FOR-US: VMware
-CVE-2021-21986
- RESERVED
-CVE-2021-21985
- RESERVED
+CVE-2021-21986 (The vSphere Client (HTML5) contains a vulnerability in a vSphere authe ...)
+ TODO: check
+CVE-2021-21985 (The vSphere Client (HTML5) contains a remote code execution vulnerabil ...)
+ TODO: check
CVE-2021-21984 (VMware vRealize Business for Cloud 7.x prior to 7.6.0 contains a remot ...)
NOT-FOR-US: VMware
CVE-2021-21983 (Arbitrary file write vulnerability in vRealize Operations Manager API ...)
@@ -32046,8 +32060,8 @@ CVE-2021-20494
RESERVED
CVE-2021-20493
RESERVED
-CVE-2021-20492
- RESERVED
+CVE-2021-20492 (IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch ...)
+ TODO: check
CVE-2021-20491 (IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based bu ...)
NOT-FOR-US: IBM
CVE-2021-20490
@@ -32056,10 +32070,10 @@ CVE-2021-20489
RESERVED
CVE-2021-20488
RESERVED
-CVE-2021-20487
- RESERVED
-CVE-2021-20486
- RESERVED
+CVE-2021-20487 (IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inje ...)
+ TODO: check
+CVE-2021-20486 (IBM Cloud Pak for Data 3.0 could allow an authenticated user to obtain ...)
+ TODO: check
CVE-2021-20485
RESERVED
CVE-2021-20484
@@ -33074,8 +33088,7 @@ CVE-2021-20180
CVE-2021-20179 (A flaw was found in pki-core. An attacker who has successfully comprom ...)
- dogtag-pki 10.10.2-2
NOTE: https://github.com/dogtagpki/pki/pull/3475
-CVE-2021-20178 [user data leak in snmp_facts module]
- RESERVED
+CVE-2021-20178 (A flaw was found in ansible module where credentials are disclosed in ...)
- ansible <unfixed> (bug #985753)
[bullseye] - ansible <no-dsa> (Minor issue)
[buster] - ansible <no-dsa> (Minor issue)
@@ -43706,8 +43719,7 @@ CVE-2020-27817
REJECTED
CVE-2020-27816 (The elasticsearch-operator does not validate the namespace where kiban ...)
NOT-FOR-US: OpenShift Elasticsearch operator
-CVE-2020-27815
- RESERVED
+CVE-2020-27815 (A flaw was found in the JFS filesystem code in the Linux Kernel which ...)
{DSA-4843-1 DLA-2586-1 DLA-2557-1}
- linux 5.10.4-1
NOTE: https://www.openwall.com/lists/oss-security/2020/11/30/5
@@ -46861,14 +46873,14 @@ CVE-2020-26682 (In libass 0.14.0, the `ass_outline_construct`'s call to `outline
NOTE: https://github.com/libass/libass/pull/432
CVE-2020-26681
RESERVED
-CVE-2020-26680
- RESERVED
-CVE-2020-26679
- RESERVED
-CVE-2020-26678
- RESERVED
-CVE-2020-26677
- RESERVED
+CVE-2020-26680 (In vFairs 3.3, any user logged in to a vFairs virtual conference or ev ...)
+ TODO: check
+CVE-2020-26679 (vFairs 3.3 is affected by Insecure Permissions. Any user logged in to ...)
+ TODO: check
+CVE-2020-26678 (vFairs 3.3 is affected by Remote Code Execution. Any user logged in to ...)
+ TODO: check
+CVE-2020-26677 (Any user logged in to a vFairs 3.3 virtual conference or event can per ...)
+ TODO: check
CVE-2020-26676
RESERVED
CVE-2020-26675
@@ -49209,8 +49221,7 @@ CVE-2020-25699 (In moodle, insufficient capability checks could lead to users wi
- moodle <removed>
CVE-2020-25698 (Users' enrollment capabilities were not being sufficiently checked in ...)
- moodle <removed>
-CVE-2020-25697
- RESERVED
+CVE-2020-25697 (A privilege escalation flaw was found in the Xorg-x11-server due to a ...)
NOTE: Long-standing design limitation in X11, unlikely to get fixed until the world moves to Wayland
NOTE: https://www.openwall.com/lists/oss-security/2020/11/09/3
CVE-2020-25696 (A flaw was found in the psql interactive terminal of PostgreSQL in ver ...)
@@ -49329,8 +49340,7 @@ CVE-2020-25674 (WriteOnePNGImage() from coders/png.c (the PNG coder) has a for l
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1715
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/67b871032183a29d3ca0553db6ce1ae80fddb9aa
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/2fdff8e040cd4401498d89f3c3d1f89cffd118b0
-CVE-2020-25673
- RESERVED
+CVE-2020-25673 (A vulnerability was found in Linux kernel where non-blocking socket in ...)
- linux <unfixed>
[bullseye] - linux <postponed> (Minor issue, revisit once fixed upstream)
[buster] - linux <postponed> (Minor issue, revisit once fixed upstream)
@@ -49340,26 +49350,22 @@ CVE-2020-25672 (A memory leak vulnerability was found in Linux kernel in llcp_so
[bullseye] - linux <postponed> (Minor issue, revisit once fixed upstream)
[buster] - linux <postponed> (Minor issue, revisit once fixed upstream)
NOTE: https://www.openwall.com/lists/oss-security/2020/11/01/1
-CVE-2020-25671
- RESERVED
+CVE-2020-25671 (A vulnerability was found in Linux Kernel, where a refcount leak in ll ...)
- linux 5.10.38-1
[bullseye] - linux <postponed> (Minor issue, revisit once fixed upstream)
[buster] - linux <postponed> (Minor issue, revisit once fixed upstream)
NOTE: https://www.openwall.com/lists/oss-security/2020/11/01/1
-CVE-2020-25670
- RESERVED
+CVE-2020-25670 (A vulnerability was found in Linux Kernel where refcount leak in llcp_ ...)
- linux 5.10.38-1
[bullseye] - linux <postponed> (Minor issue, revisit once fixed upstream)
[buster] - linux <postponed> (Minor issue, revisit once fixed upstream)
NOTE: https://www.openwall.com/lists/oss-security/2020/11/01/1
-CVE-2020-25669
- RESERVED
+CVE-2020-25669 (A vulnerability was found in the Linux Kernel where the function sunkb ...)
{DLA-2494-1 DLA-2483-1}
- linux 5.9.11-1
[buster] - linux 4.19.160-1
NOTE: https://www.openwall.com/lists/oss-security/2020/11/05/2
-CVE-2020-25668 [concurrency use-after-free in vt]
- RESERVED
+CVE-2020-25668 (A flaw was found in Linux Kernel because access to the global variable ...)
{DLA-2494-1 DLA-2483-1}
- linux 5.9.6-1
[buster] - linux 4.19.160-1
@@ -53206,8 +53212,8 @@ CVE-2020-24022
RESERVED
CVE-2020-24021
RESERVED
-CVE-2020-24020
- RESERVED
+CVE-2020-24020 (Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad ...)
+ TODO: check
CVE-2020-24019
RESERVED
CVE-2020-24018
@@ -57228,8 +57234,8 @@ CVE-2020-22022
RESERVED
CVE-2020-22021
RESERVED
-CVE-2020-22020
- RESERVED
+CVE-2020-22020 (Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map func ...)
+ TODO: check
CVE-2020-22019
RESERVED
CVE-2020-22018
@@ -57238,8 +57244,8 @@ CVE-2020-22017
RESERVED
CVE-2020-22016
RESERVED
-CVE-2020-22015
- RESERVED
+CVE-2020-22015 (Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due ...)
+ TODO: check
CVE-2020-22014
RESERVED
CVE-2020-22013
@@ -64865,8 +64871,8 @@ CVE-2020-18223
RESERVED
CVE-2020-18222
RESERVED
-CVE-2020-18221
- RESERVED
+CVE-2020-18221 (Cross Site Scripting (XSS) in Typora v0.9.65 and earlier allows remote ...)
+ TODO: check
CVE-2020-18220 (Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attack ...)
NOT-FOR-US: DoraCMS
CVE-2020-18219
@@ -72230,8 +72236,8 @@ CVE-2020-15078 (OpenVPN 2.5.1 and earlier versions allows a remote attackers to
NOTE: https://github.com/OpenVPN/openvpn/commit/0e5516a9d656ce86f7fb370c824344ea1760c255 (2.4.11)
CVE-2020-15077
RESERVED
-CVE-2020-15076
- RESERVED
+CVE-2020-15076 (Private Tunnel installer for macOS version 3.0.1 and older versions ma ...)
+ TODO: check
CVE-2020-15075 (OpenVPN Connect installer for macOS version 3.2.6 and older may corrup ...)
NOT-FOR-US: OpenVPN Connect installer for macOS
CVE-2020-15074 (OpenVPN Access Server older than version 2.8.4 generates new user auth ...)
@@ -111450,7 +111456,7 @@ CVE-2019-18805 (An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Lin
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/19fad20d15a6494f47f85d869f00b11343ee5c78
CVE-2019-18804 (DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU:: ...)
- {DLA-1985-1}
+ {DLA-2667-1 DLA-1985-1}
- djvulibre 3.5.27.1-14 (bug #945114)
[buster] - djvulibre <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/djvu/bugs/309/
@@ -125035,25 +125041,25 @@ CVE-2019-15147 (GoPro GPMF-parser 1.2.2 has an out-of-bounds read and SEGV in GP
CVE-2019-15146 (GoPro GPMF-parser 1.2.2 has a heap-based buffer over-read (4 bytes) in ...)
NOT-FOR-US: gpmf-parser
CVE-2019-15145 (DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack ...)
- {DLA-1902-1}
+ {DLA-2667-1 DLA-1902-1}
- djvulibre 3.5.27.1-11 (low)
[buster] - djvulibre <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/djvu/bugs/298/
NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/9658b01431cd7ff6344d7787f855179e73fe81a7/
CVE-2019-15144 (In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate< ...)
- {DLA-1902-1}
+ {DLA-2667-1 DLA-1902-1}
- djvulibre 3.5.27.1-11 (low)
[buster] - djvulibre <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/djvu/bugs/299/
NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/e15d51510048927f172f1bf1f27ede65907d940d/
CVE-2019-15143 (In DjVuLibre 3.5.27, the bitmap reader component allows attackers to c ...)
- {DLA-1902-1}
+ {DLA-2667-1 DLA-1902-1}
- djvulibre 3.5.27.1-11 (low)
[buster] - djvulibre <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/djvu/bugs/297/
NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f/
CVE-2019-15142 (In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows a ...)
- {DLA-1902-1}
+ {DLA-2667-1 DLA-1902-1}
- djvulibre 3.5.27.1-11 (low)
[buster] - djvulibre <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/djvu/bugs/296/
@@ -126325,8 +126331,7 @@ CVE-2019-14838 (A flaw was found in wildfly-core before 7.2.5.GA. The Management
- wildfly <itp> (bug #752018)
CVE-2019-14837 (A flaw was found in keycloack before version 8.0.0. The owner of 'plac ...)
NOT-FOR-US: Keycloak
-CVE-2019-14836
- RESERVED
+CVE-2019-14836 (3scale dev portal login form does not verify CSRF token, and so does n ...)
NOT-FOR-US: 3scale
CVE-2019-14835 (A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in ...)
{DSA-4531-1 DLA-1940-1 DLA-1930-1}
@@ -156697,8 +156702,8 @@ CVE-2019-4590
RESERVED
CVE-2019-4589 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalatio ...)
NOT-FOR-US: IBM
-CVE-2019-4588
- RESERVED
+CVE-2019-4588 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, ...)
+ TODO: check
CVE-2019-4587
RESERVED
CVE-2019-4586
@@ -178241,18 +178246,18 @@ CVE-2018-16501
RESERVED
CVE-2018-16500
RESERVED
-CVE-2018-16499
- RESERVED
-CVE-2018-16498
- RESERVED
-CVE-2018-16497
- RESERVED
-CVE-2018-16496
- RESERVED
-CVE-2018-16495
- RESERVED
-CVE-2018-16494
- RESERVED
+CVE-2018-16499 (In VOS compromised, an attacker at network endpoints can possibly view ...)
+ TODO: check
+CVE-2018-16498 (In Versa Director, the unencrypted backup files stored on the Versa de ...)
+ TODO: check
+CVE-2018-16497 (In Versa Analytics, the cron jobs are used for scheduling tasks by exe ...)
+ TODO: check
+CVE-2018-16496 (In Versa Director, the un-authentication request found. ...)
+ TODO: check
+CVE-2018-16495 (In VOS user session identifier (authentication token) is issued to the ...)
+ TODO: check
+CVE-2018-16494 (In VOS and overly permissive "umask" may allow for authorized users of ...)
+ TODO: check
CVE-2018-16493 (A path traversal vulnerability was found in module static-resource-ser ...)
NOT-FOR-US: node static-resource-server
CVE-2018-16492 (A prototype pollution vulnerability was found in module extend <2.0 ...)
@@ -193459,22 +193464,17 @@ CVE-2018-10870 (redhat-certification does not properly sanitize paths in rhcertS
NOT-FOR-US: Red Hat Certification
CVE-2018-10869 (redhat-certification does not properly restrict files that can be down ...)
NOT-FOR-US: Red Hat Certification
-CVE-2018-10868
- RESERVED
+CVE-2018-10868 (It has been discovered that redhat-certification does not properly lim ...)
NOT-FOR-US: Red Hat Certification
-CVE-2018-10867
- RESERVED
+CVE-2018-10867 (It has been discovered that redhat-certification does not restrict fil ...)
NOT-FOR-US: Red Hat Certification
-CVE-2018-10866
- RESERVED
+CVE-2018-10866 (It has been discovered that redhat-certification does not perform an a ...)
NOT-FOR-US: Red Hat Certification
-CVE-2018-10865
- RESERVED
+CVE-2018-10865 (It has been discovered that redhat-certification does not perform an a ...)
NOT-FOR-US: Red Hat Certification
CVE-2018-10864 (An uncontrolled resource consumption flaw has been discovered in redha ...)
NOT-FOR-US: Red Hat Certification
-CVE-2018-10863
- RESERVED
+CVE-2018-10863 (It has been discovered that redhat-certification is not properly confi ...)
NOT-FOR-US: Red Hat Certification
CVE-2018-10862 (WildFly Core before version 6.0.0.Alpha3 does not properly validate fi ...)
- wildfly <itp> (bug #752018)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/257c1ceaa7b11be9a99517939feb933c48209f83
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/257c1ceaa7b11be9a99517939feb933c48209f83
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210526/c0c8ea5b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list