[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Nov 29 20:10:30 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ccb171b0 by security tracker role at 2021-11-29T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,249 @@
+CVE-2021-44353
+ RESERVED
+CVE-2021-44352
+ RESERVED
+CVE-2021-44351
+ RESERVED
+CVE-2021-44350
+ RESERVED
+CVE-2021-44349
+ RESERVED
+CVE-2021-44348
+ RESERVED
+CVE-2021-44347
+ RESERVED
+CVE-2021-44346
+ RESERVED
+CVE-2021-44345
+ RESERVED
+CVE-2021-44344
+ RESERVED
+CVE-2021-44343
+ RESERVED
+CVE-2021-44342
+ RESERVED
+CVE-2021-44341
+ RESERVED
+CVE-2021-44340
+ RESERVED
+CVE-2021-44339
+ RESERVED
+CVE-2021-44338
+ RESERVED
+CVE-2021-44337
+ RESERVED
+CVE-2021-44336
+ RESERVED
+CVE-2021-44335
+ RESERVED
+CVE-2021-44334
+ RESERVED
+CVE-2021-44333
+ RESERVED
+CVE-2021-44332
+ RESERVED
+CVE-2021-44331
+ RESERVED
+CVE-2021-44330
+ RESERVED
+CVE-2021-44329
+ RESERVED
+CVE-2021-44328
+ RESERVED
+CVE-2021-44327
+ RESERVED
+CVE-2021-44326
+ RESERVED
+CVE-2021-44325
+ RESERVED
+CVE-2021-44324
+ RESERVED
+CVE-2021-44323
+ RESERVED
+CVE-2021-44322
+ RESERVED
+CVE-2021-44321
+ RESERVED
+CVE-2021-44320
+ RESERVED
+CVE-2021-44319
+ RESERVED
+CVE-2021-44318
+ RESERVED
+CVE-2021-44317
+ RESERVED
+CVE-2021-44316
+ RESERVED
+CVE-2021-44315
+ RESERVED
+CVE-2021-44314
+ RESERVED
+CVE-2021-44313
+ RESERVED
+CVE-2021-44312
+ RESERVED
+CVE-2021-44311
+ RESERVED
+CVE-2021-44310
+ RESERVED
+CVE-2021-44309
+ RESERVED
+CVE-2021-44308
+ RESERVED
+CVE-2021-44307
+ RESERVED
+CVE-2021-44306
+ RESERVED
+CVE-2021-44305
+ RESERVED
+CVE-2021-44304
+ RESERVED
+CVE-2021-44303
+ RESERVED
+CVE-2021-44302
+ RESERVED
+CVE-2021-44301
+ RESERVED
+CVE-2021-44300
+ RESERVED
+CVE-2021-44299
+ RESERVED
+CVE-2021-44298
+ RESERVED
+CVE-2021-44297
+ RESERVED
+CVE-2021-44296
+ RESERVED
+CVE-2021-44295
+ RESERVED
+CVE-2021-44294
+ RESERVED
+CVE-2021-44293
+ RESERVED
+CVE-2021-44292
+ RESERVED
+CVE-2021-44291
+ RESERVED
+CVE-2021-44290
+ RESERVED
+CVE-2021-44289
+ RESERVED
+CVE-2021-44288
+ RESERVED
+CVE-2021-44287
+ RESERVED
+CVE-2021-44286
+ RESERVED
+CVE-2021-44285
+ RESERVED
+CVE-2021-44284
+ RESERVED
+CVE-2021-44283
+ RESERVED
+CVE-2021-44282
+ RESERVED
+CVE-2021-44281
+ RESERVED
+CVE-2021-44280
+ RESERVED
+CVE-2021-44279
+ RESERVED
+CVE-2021-44278
+ RESERVED
+CVE-2021-44277
+ RESERVED
+CVE-2021-44276
+ RESERVED
+CVE-2021-44275
+ RESERVED
+CVE-2021-44274
+ RESERVED
+CVE-2021-44273
+ RESERVED
+CVE-2021-44272
+ RESERVED
+CVE-2021-44271
+ RESERVED
+CVE-2021-44270
+ RESERVED
+CVE-2021-44269
+ RESERVED
+CVE-2021-44268
+ RESERVED
+CVE-2021-44267
+ RESERVED
+CVE-2021-44266
+ RESERVED
+CVE-2021-44265
+ RESERVED
+CVE-2021-44264
+ RESERVED
+CVE-2021-44263
+ RESERVED
+CVE-2021-44262
+ RESERVED
+CVE-2021-44261
+ RESERVED
+CVE-2021-44260
+ RESERVED
+CVE-2021-44259
+ RESERVED
+CVE-2021-44258
+ RESERVED
+CVE-2021-44257
+ RESERVED
+CVE-2021-44256
+ RESERVED
+CVE-2021-44255
+ RESERVED
+CVE-2021-44254
+ RESERVED
+CVE-2021-44253
+ RESERVED
+CVE-2021-44252
+ RESERVED
+CVE-2021-44251
+ RESERVED
+CVE-2021-44250
+ RESERVED
+CVE-2021-44249
+ RESERVED
+CVE-2021-44248
+ RESERVED
+CVE-2021-44247
+ RESERVED
+CVE-2021-44246
+ RESERVED
+CVE-2021-44245
+ RESERVED
+CVE-2021-44244
+ RESERVED
+CVE-2021-44243
+ RESERVED
+CVE-2021-44242
+ RESERVED
+CVE-2021-44241
+ RESERVED
+CVE-2021-44240
+ RESERVED
+CVE-2021-44239
+ RESERVED
+CVE-2021-44238
+ RESERVED
+CVE-2021-44237
+ RESERVED
+CVE-2021-44236
+ RESERVED
+CVE-2021-4032
+ RESERVED
+CVE-2021-4031
+ RESERVED
+CVE-2021-4030
+ RESERVED
+CVE-2021-4029
+ RESERVED
+CVE-2021-4028
+ RESERVED
CVE-2021-4027
RESERVED
CVE-2021-4026
@@ -202,18 +448,18 @@ CVE-2021-44205
RESERVED
CVE-2021-44204
RESERVED
-CVE-2021-44203
- RESERVED
-CVE-2021-44202
- RESERVED
-CVE-2021-44201
- RESERVED
-CVE-2021-44200
- RESERVED
-CVE-2021-44199
- RESERVED
-CVE-2021-44198
- RESERVED
+CVE-2021-44203 (Stored cross-site scripting (XSS) was possible in protection plan deta ...)
+ TODO: check
+CVE-2021-44202 (Stored cross-site scripting (XSS) was possible in activity details. Th ...)
+ TODO: check
+CVE-2021-44201 (Cross-site scripting (XSS) was possible in notification pop-ups. The f ...)
+ TODO: check
+CVE-2021-44200 (Self cross-site scripting (XSS) was possible on devices page. The foll ...)
+ TODO: check
+CVE-2021-44199 (DLL hijacking could lead to denial of service. The following products ...)
+ TODO: check
+CVE-2021-44198 (DLL hijacking could lead to local privilege escalation. The following ...)
+ TODO: check
CVE-2021-44197
RESERVED
CVE-2021-44196
@@ -222,8 +468,8 @@ CVE-2021-4016
RESERVED
CVE-2021-4015
RESERVED
-CVE-2017-20008
- RESERVED
+CVE-2017-20008 (The myCred WordPress plugin before 1.7.8 does not sanitise and escape ...)
+ TODO: check
CVE-2021-4014
RESERVED
CVE-2021-4013
@@ -522,7 +768,7 @@ CVE-2021-3992
RESERVED
CVE-2021-44078
RESERVED
-CVE-2021-44077 (Zoho ManageEngine ServiceDesk Plus before 11306 is vulnerable to unaut ...)
+CVE-2021-44077 (Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2021-3991
RESERVED
@@ -2406,22 +2652,22 @@ CVE-2021-43700
RESERVED
CVE-2021-43699
RESERVED
-CVE-2021-43698
- RESERVED
-CVE-2021-43697
- RESERVED
-CVE-2021-43696
- RESERVED
-CVE-2021-43695
- RESERVED
+CVE-2021-43698 (An unspecified version of phpWhois is affected by a Cross Site Scripti ...)
+ TODO: check
+CVE-2021-43697 (An unspecified version of Workerman-ThinkPHP-Redis is affected by a Cr ...)
+ TODO: check
+CVE-2021-43696 (An unspecified version of twmap is affected by a Cross Site Scripting ...)
+ TODO: check
+CVE-2021-43695 (An unspecified version of issabelPBX is affected by a Cross Site Scrip ...)
+ TODO: check
CVE-2021-43694
RESERVED
-CVE-2021-43693
- RESERVED
-CVE-2021-43692
- RESERVED
-CVE-2021-43691
- RESERVED
+CVE-2021-43693 (vesta 0.9.8-24 is affected by a file inclusion vulnerability in file w ...)
+ TODO: check
+CVE-2021-43692 (An unspecified version of youtube-php-mirroring is affected by a Cross ...)
+ TODO: check
+CVE-2021-43691 (An unspecified version of tripexpress is affected by a path manipulati ...)
+ TODO: check
CVE-2021-43690
RESERVED
CVE-2021-43689
@@ -7590,10 +7836,10 @@ CVE-2021-42367
RESERVED
CVE-2021-42366
RESERVED
-CVE-2021-42365
- RESERVED
-CVE-2021-42364
- RESERVED
+CVE-2021-42365 (The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2021-42364 (The Stetic WordPress plugin is vulnerable to Cross-Site Request Forger ...)
+ TODO: check
CVE-2021-42363 (The Preview E-Mails for WooCommerce WordPress plugin is vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2021-42362 (The WordPress Popular Posts WordPress plugin is vulnerable to arbitrar ...)
@@ -7604,8 +7850,8 @@ CVE-2021-42360 (On sites that also had the Elementor plugin for WordPress instal
NOT-FOR-US: Elementor plugin for WordPress
CVE-2021-42359 (WP DSGVO Tools (GDPR) <= 3.1.23 had an AJAX action, ‘admin-di ...)
NOT-FOR-US: WP DSGVO Tools (GDPR)
-CVE-2021-42358
- RESERVED
+CVE-2021-42358 (The Contact Form With Captcha WordPress plugin is vulnerable to Cross- ...)
+ TODO: check
CVE-2021-42357
RESERVED
CVE-2021-42356
@@ -10871,8 +11117,7 @@ CVE-2021-41079 (Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1
NOTE: https://github.com/apache/tomcat/commit/b90d4fc1ff44f30e4b3aba622ba6677e3f003822 (8.5.64)
CVE-2021-3803 (nth-check is vulnerable to Inefficient Regular Expression Complexity ...)
NOT-FOR-US: nth-check
-CVE-2021-3802
- RESERVED
+CVE-2021-3802 (A vulnerability found in udisks2. This flaw allows an attacker to inpu ...)
{DLA-2809-1}
- udisks2 2.9.4-1
[bullseye] - udisks2 <no-dsa> (Minor issue)
@@ -13477,8 +13722,8 @@ CVE-2021-39997
RESERVED
CVE-2021-39996
RESERVED
-CVE-2021-39995
- RESERVED
+CVE-2021-39995 (Some Huawei products use the OpenHpi software for hardware management. ...)
+ TODO: check
CVE-2021-39994
RESERVED
CVE-2021-39993
@@ -17600,8 +17845,8 @@ CVE-2021-38285
RESERVED
CVE-2021-38284
RESERVED
-CVE-2021-38283
- RESERVED
+CVE-2021-38283 (Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote att ...)
+ TODO: check
CVE-2021-38282
RESERVED
CVE-2021-38281
@@ -18036,8 +18281,8 @@ CVE-2021-38149 (index.php/admin/add_user in Chikitsa Patient Management System 2
NOT-FOR-US: Chikitsa Patient Management System
CVE-2021-38148 (Obsidian before 0.12.12 does not require user confirmation for non-htt ...)
NOT-FOR-US: Obsidian
-CVE-2021-38147
- RESERVED
+CVE-2021-38147 (Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote att ...)
+ TODO: check
CVE-2021-38146 (The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_1 ...)
NOT-FOR-US: Wipro Holmes Orchestrator
CVE-2021-38145 (An issue was discovered in Form Tools through 3.0.20. SQL Injection ca ...)
@@ -50869,8 +51114,8 @@ CVE-2021-24929
RESERVED
CVE-2021-24928
RESERVED
-CVE-2021-24927
- RESERVED
+CVE-2021-24927 (The My Calendar WordPress plugin before 3.2.18 does not sanitise and e ...)
+ TODO: check
CVE-2021-24926
RESERVED
CVE-2021-24925
@@ -50887,14 +51132,14 @@ CVE-2021-24920
RESERVED
CVE-2021-24919
RESERVED
-CVE-2021-24918
- RESERVED
+CVE-2021-24918 (The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did n ...)
+ TODO: check
CVE-2021-24917
RESERVED
CVE-2021-24916
RESERVED
-CVE-2021-24915
- RESERVED
+CVE-2021-24915 (The Contest Gallery WordPress plugin before 13.1.0.6 does not have cap ...)
+ TODO: check
CVE-2021-24914
RESERVED
CVE-2021-24913
@@ -50907,8 +51152,8 @@ CVE-2021-24910
RESERVED
CVE-2021-24909
RESERVED
-CVE-2021-24908
- RESERVED
+CVE-2021-24908 (The Check & Log Email WordPress plugin before 1.0.4 does not escap ...)
+ TODO: check
CVE-2021-24907
RESERVED
CVE-2021-24906
@@ -50925,8 +51170,8 @@ CVE-2021-24901
RESERVED
CVE-2021-24900
RESERVED
-CVE-2021-24899
- RESERVED
+CVE-2021-24899 (The Media-Tags WordPress plugin through 3.2.0.2 does not sanitise and ...)
+ TODO: check
CVE-2021-24898
RESERVED
CVE-2021-24897
@@ -50945,8 +51190,8 @@ CVE-2021-24891 (The Elementor Website Builder WordPress plugin before 3.1.4 does
NOT-FOR-US: WordPress plugin
CVE-2021-24890
RESERVED
-CVE-2021-24889
- RESERVED
+CVE-2021-24889 (The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not es ...)
+ TODO: check
CVE-2021-24888 (The ImageBoss WordPress plugin before 3.0.6 does not sanitise and esca ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24887
@@ -50957,8 +51202,8 @@ CVE-2021-24885 (The YOP Poll WordPress plugin before 6.1.2 does not escape the p
NOT-FOR-US: WordPress plugin
CVE-2021-24884 (The Formidable Form Builder WordPress plugin before 4.09.05 allows to ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24883
- RESERVED
+CVE-2021-24883 (The Popup Anything WordPress plugin before 2.0.4 does not escape the L ...)
+ TODO: check
CVE-2021-24882 (The Slideshow Gallery WordPress plugin before 1.7.4 does not sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24881
@@ -50971,8 +51216,8 @@ CVE-2021-24878
RESERVED
CVE-2021-24877 (The MainWP Child WordPress plugin before 4.1.8 does not validate the o ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24876
- RESERVED
+CVE-2021-24876 (The Registrations for the Events Calendar WordPress plugin before 2.7. ...)
+ TODO: check
CVE-2021-24875 (The eCommerce Product Catalog Plugin for WordPress plugin before 3.0.3 ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24874
@@ -51003,8 +51248,8 @@ CVE-2021-24862
RESERVED
CVE-2021-24861
RESERVED
-CVE-2021-24860
- RESERVED
+CVE-2021-24860 (The BSK PDF Manager WordPress plugin before 3.1.2 does not validate an ...)
+ TODO: check
CVE-2021-24859
RESERVED
CVE-2021-24858
@@ -51039,8 +51284,8 @@ CVE-2021-24844 (The Affiliates Manager WordPress plugin before 2.8.7 does not va
NOT-FOR-US: WordPress plugin
CVE-2021-24843
RESERVED
-CVE-2021-24842
- RESERVED
+CVE-2021-24842 (The Bulk Datetime Change WordPress plugin before 1.12 does not enforce ...)
+ TODO: check
CVE-2021-24841 (The Helpful WordPress plugin before 4.4.59 does not sanitise and escap ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24840 (The Squaretype WordPress theme before 3.0.4 allows unauthenticated use ...)
@@ -51079,8 +51324,8 @@ CVE-2021-24824
RESERVED
CVE-2021-24823
RESERVED
-CVE-2021-24822
- RESERVED
+CVE-2021-24822 (The Stylish Cost Calculator WordPress plugin before 7.0.4 does not hav ...)
+ TODO: check
CVE-2021-24821
RESERVED
CVE-2021-24820
@@ -51101,8 +51346,8 @@ CVE-2021-24813 (The Events Made Easy WordPress plugin before 2.2.24 does not san
NOT-FOR-US: WordPress plugin
CVE-2021-24812 (The BetterLinks WordPress plugin before 1.2.6 does not sanitise and es ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24811
- RESERVED
+CVE-2021-24811 (The Shop Page WP WordPress plugin before 1.2.8 does not sanitise and e ...)
+ TODO: check
CVE-2021-24810
RESERVED
CVE-2021-24809 (The BP Better Messages WordPress plugin before 1.9.9.41 does not check ...)
@@ -51187,8 +51432,8 @@ CVE-2021-24770 (The Stylish Price List WordPress plugin before 6.9.1 does not pe
NOT-FOR-US: WordPress plugin
CVE-2021-24769 (The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not v ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24768
- RESERVED
+CVE-2021-24768 (The WP RSS Aggregator WordPress plugin before 4.19.2 does not properly ...)
+ TODO: check
CVE-2021-24767 (The Redirect 404 Error Page to Homepage or Custom Page with Logs WordP ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24766 (The 404 to 301 – Redirect, Log and Notify 404 Errors WordPress p ...)
@@ -51213,28 +51458,28 @@ CVE-2021-24757 (The Stylish Price List WordPress plugin before 6.9.0 does not pe
NOT-FOR-US: WordPress plugin
CVE-2021-24756
RESERVED
-CVE-2021-24755
- RESERVED
+CVE-2021-24755 (The myCred WordPress plugin before 2.3 does not validate or escape the ...)
+ TODO: check
CVE-2021-24754 (The MainWP Child Reports WordPress plugin before 2.0.8 does not valida ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24753
RESERVED
CVE-2021-24752 (Multiple Plugins from the CatchThemes vendor do not perform capability ...)
NOT-FOR-US: WordPress plugins
-CVE-2021-24751
- RESERVED
+CVE-2021-24751 (The GenerateBlocks WordPress plugin before 1.4.0 does not validate the ...)
+ TODO: check
CVE-2021-24750
RESERVED
-CVE-2021-24749
- RESERVED
-CVE-2021-24748
- RESERVED
+CVE-2021-24749 (The URL Shortify WordPress plugin before 1.5.1 does not have CSRF chec ...)
+ TODO: check
+CVE-2021-24748 (The Email Before Download WordPress plugin before 6.8 does not properl ...)
+ TODO: check
CVE-2021-24747
RESERVED
CVE-2021-24746
RESERVED
-CVE-2021-24745
- RESERVED
+CVE-2021-24745 (The About Author Box WordPress plugin before 1.0.2 does not sanitise a ...)
+ TODO: check
CVE-2021-24744 (The WordPress Contact Forms by Cimatti WordPress plugin before 1.4.12 ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24743 (The Podcast Subscribe Buttons WordPress plugin before 1.4.2 allows use ...)
@@ -65234,12 +65479,14 @@ CVE-2020-35076
CVE-2020-35061
RESERVED
CVE-2020-35037
+ RESERVED
NOT-FOR-US: WordPress plugin events-manager
CVE-2020-35030
RESERVED
CVE-2020-35017
RESERVED
CVE-2020-35012
+ RESERVED
NOT-FOR-US: WordPress plugin events-manager
CVE-2020-35001
RESERVED
@@ -77983,16 +78230,19 @@ CVE-2019-20923 (A user authorized to perform database queries may trigger denial
CVE-1999-0199 (manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a ...)
- glibc 2.2-1
CVE-2020-26572 (The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a ...)
+ {DLA-2832-1}
- opensc 0.21.0-1 (bug #972035)
[buster] - opensc <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22967
NOTE: https://github.com/OpenSC/OpenSC/commit/9d294de90d1cc66956389856e60b6944b27b4817 (0.21.0-rc1)
CVE-2020-26571 (The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 ...)
+ {DLA-2832-1}
- opensc 0.21.0-1 (bug #972036)
[buster] - opensc <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20612
NOTE: https://github.com/OpenSC/OpenSC/commit/ed55fcd2996930bf58b9bb57e9ba7b1f3a753c43 (0.21.0-rc1)
CVE-2020-26570 (The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 ha ...)
+ {DLA-2832-1}
- opensc 0.21.0-1 (bug #972037)
[buster] - opensc <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24316
@@ -140790,7 +141040,7 @@ CVE-2019-19480 (An issue was discovered in OpenSC through 0.19.0 and 0.20.x thro
NOTE: fixes are not related "directly" to the CVE assignment for the incorrect
NOTE: free operation in sc_pkcs15_decode_prkdf_entry.
CVE-2019-19479 (An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0. ...)
- {DLA-2046-1}
+ {DLA-2832-1 DLA-2046-1}
- opensc 0.20.0-1 (bug #947383)
[buster] - opensc <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18693
@@ -154316,12 +154566,12 @@ CVE-2019-15948 (Texas Instruments CC256x and WL18xx dual-mode Bluetooth controll
CVE-2019-15947 (In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted ...)
- bitcoin 0.20.1~dfsg-1 (bug #939608)
CVE-2019-15946 (OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet ...)
- {DLA-1916-1}
+ {DLA-2832-1 DLA-1916-1}
- opensc 0.20.0-1 (bug #939669)
[buster] - opensc <no-dsa> (Minor issue)
NOTE: https://github.com/OpenSC/OpenSC/commit/a3fc7693f3a035a8a7921cffb98432944bb42740
CVE-2019-15945 (OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitst ...)
- {DLA-1916-1}
+ {DLA-2832-1 DLA-1916-1}
- opensc 0.20.0-1 (bug #939668)
[buster] - opensc <no-dsa> (Minor issue)
NOTE: https://github.com/OpenSC/OpenSC/commit/412a6142c27a5973c61ba540e33cdc22d5608e68
@@ -177561,14 +177811,12 @@ CVE-2019-8924 (XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or
NOT-FOR-US: XAMPP
CVE-2019-8923 (XAMPP through 5.6.8 and previous allows SQL injection via the cds-fpdf ...)
NOT-FOR-US: XAMPP
-CVE-2019-8922
- RESERVED
+CVE-2019-8922 (A heap-based buffer overflow was discovered in bluetoothd in BlueZ thr ...)
{DLA-2827-1}
- bluez 5.54-1
NOTE: https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow/
NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=6c7243fb6ab90b7b855cead98c66394fedea135f (5.51)
-CVE-2019-8921
- RESERVED
+CVE-2019-8921 (An issue was discovered in bluetoothd in BlueZ through 5.48. The vulne ...)
{DLA-2827-1}
- bluez 5.54-1
NOTE: https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ccb171b041be8c1c7f2b8c4065db5b28179c573c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ccb171b041be8c1c7f2b8c4065db5b28179c573c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211129/9d09af00/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list