[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Oct 4 21:11:00 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1f473a6f by security tracker role at 2021-10-04T20:10:49+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2021-41973
+ RESERVED
+CVE-2021-41972
+ RESERVED
+CVE-2021-41971
+ RESERVED
+CVE-2021-3856
+ RESERVED
+CVE-2021-3855
+ RESERVED
+CVE-2021-3854
+ RESERVED
CVE-2021-XXXX [RUSTSEC-2021-0119: Out-of-bounds write in nix::unistd::getgrouplist]
- rust-nix <unfixed> (bug #995562)
NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0119.html
@@ -186,8 +198,8 @@ CVE-2021-41880
RESERVED
CVE-2021-41879
RESERVED
-CVE-2021-41878
- RESERVED
+CVE-2021-41878 (A reflected cross-site scripting (XSS) vulnerability exists in the i-P ...)
+ TODO: check
CVE-2021-41877
RESERVED
CVE-2021-41876
@@ -206,10 +218,10 @@ CVE-2021-41870
RESERVED
CVE-2021-41869 (SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable ...)
NOT-FOR-US: SuiteCRM
-CVE-2021-41868
- RESERVED
-CVE-2021-41867
- RESERVED
+CVE-2021-41868 (OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to u ...)
+ TODO: check
+CVE-2021-41867 (An information disclosure vulnerability in OnionShare 2.3 before 2.4 a ...)
+ TODO: check
CVE-2021-41866
RESERVED
CVE-2021-3853
@@ -705,8 +717,8 @@ CVE-2021-41653
RESERVED
CVE-2021-41652
RESERVED
-CVE-2021-41651
- RESERVED
+CVE-2021-41651 (A blind SQL injection vulnerability exists in the Raymart DG / Ahmed H ...)
+ TODO: check
CVE-2021-41650
RESERVED
CVE-2021-41649 (An un-authenticated SQL Injection exists in PuneethReddyHC online-shop ...)
@@ -824,18 +836,18 @@ CVE-2021-41598
RESERVED
CVE-2021-41597
RESERVED
-CVE-2021-41596
- RESERVED
-CVE-2021-41595
- RESERVED
+CVE-2021-41596 (SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via ...)
+ TODO: check
+CVE-2021-41595 (SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via ...)
+ TODO: check
CVE-2021-41594
RESERVED
-CVE-2021-41593
- RESERVED
-CVE-2021-41592
- RESERVED
-CVE-2021-41591
- RESERVED
+CVE-2021-41593 (Lightning Labs lnd before 0.13.3-beta allows loss of funds because of ...)
+ TODO: check
+CVE-2021-41592 (Blockstream c-lightning through 0.10.1 allows loss of funds because of ...)
+ TODO: check
+CVE-2021-41591 (ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC ex ...)
+ TODO: check
CVE-2021-41590
RESERVED
CVE-2021-41589
@@ -866,10 +878,10 @@ CVE-2021-41581 (x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constr
NOTE: Affected code not present in any OpenSSL version in Bullseye/Buster/Stretch
CVE-2021-41580 (** DISPUTED ** The passport-oauth2 package before 1.6.1 for Node.js mi ...)
NOT-FOR-US: Node passport-oauth2
-CVE-2021-41579
- RESERVED
-CVE-2021-41578
- RESERVED
+CVE-2021-41579 (LCDS LAquis SCADA through 4.3.1.1085 is vulnerable to a control bypass ...)
+ TODO: check
+CVE-2021-41578 (mySCADA myDESIGNER 8.20.0 and below allows Directory Traversal attacks ...)
+ TODO: check
CVE-2021-41577
RESERVED
CVE-2021-41576
@@ -977,8 +989,8 @@ CVE-2021-41532
RESERVED
CVE-2021-41531 (NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if ...)
- routinator <itp> (bug #929024)
-CVE-2021-41530
- RESERVED
+CVE-2021-41530 (Forcepoint NGFW Engine versions 6.5.11 and earlier, 6.8.6 and earlier, ...)
+ TODO: check
CVE-2021-41529
RESERVED
CVE-2021-41528
@@ -1026,8 +1038,8 @@ CVE-2021-41513
RESERVED
CVE-2021-41512
RESERVED
-CVE-2021-41511
- RESERVED
+CVE-2021-41511 (The username and password field of login in Lodging Reservation Manage ...)
+ TODO: check
CVE-2021-41510
RESERVED
CVE-2021-41509
@@ -1855,8 +1867,8 @@ CVE-2021-41120
RESERVED
CVE-2021-41119
RESERVED
-CVE-2021-41118
- RESERVED
+CVE-2021-41118 (The DynamicPageList3 extension is a reporting tool for MediaWiki, list ...)
+ TODO: check
CVE-2021-41117
RESERVED
CVE-2021-41116
@@ -1885,16 +1897,15 @@ CVE-2021-41105
RESERVED
CVE-2021-41104 (ESPHome is a system to control the ESP8266/ESP32. Anyone with web_serv ...)
NOT-FOR-US: ESPHome
-CVE-2021-41103
- RESERVED
+CVE-2021-41103 (containerd is an open source container runtime with an emphasis on sim ...)
+ TODO: check
CVE-2021-41102
RESERVED
CVE-2021-41101 (wire-server is an open-source back end for Wire, a secure collaboratio ...)
NOT-FOR-US: wire-server
-CVE-2021-41100
- RESERVED
-CVE-2021-41099
- RESERVED
+CVE-2021-41100 (Wire-server is the backing server for the open source wire secure mess ...)
+ TODO: check
+CVE-2021-41099 (Redis is an open source, in-memory database that persists on disk. An ...)
- redis 5:6.0.16-1
NOTE: https://github.com/redis/redis/security/advisories/GHSA-j3cr-9h5g-6cph
CVE-2021-41098 (Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers wit ...)
@@ -1907,10 +1918,10 @@ CVE-2021-41096 (Rucky is a USB HID Rubber Ducky Launch Pad for Android. Versions
NOT-FOR-US: Rucky for Android
CVE-2021-41095 (Discourse is an open source discussion platform. There is a cross-site ...)
NOT-FOR-US: Discourse
-CVE-2021-41094
- RESERVED
-CVE-2021-41093
- RESERVED
+CVE-2021-41094 (Wire is an open source secure messenger. Users of Wire by Bund may byp ...)
+ TODO: check
+CVE-2021-41093 (Wire is an open source secure messenger. In affected versions if the a ...)
+ TODO: check
CVE-2021-41092
RESERVED
CVE-2021-41091
@@ -2864,8 +2875,8 @@ CVE-2021-40818 (scheme/webauthn.c in Glewlwyd SSO server through 2.5.3 has a buf
[bullseye] - glewlwyd <no-dsa> (Minor issue; can be fixed via point release)
[buster] - glewlwyd <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://github.com/babelouest/glewlwyd/commit/0efd112bb62f566877750ad62ee828bff579b4e2
-CVE-2021-40683
- RESERVED
+CVE-2021-40683 (In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4 ...)
+ TODO: check
CVE-2021-40682
RESERVED
CVE-2021-3779
@@ -4679,16 +4690,16 @@ CVE-2021-39902
RESERVED
CVE-2021-39901
RESERVED
-CVE-2021-39900
- RESERVED
-CVE-2021-39899
- RESERVED
+CVE-2021-39900 (Information disclosure from SendEntry in GitLab starting with 10.8 all ...)
+ TODO: check
+CVE-2021-39899 (In all versions of GitLab CE/EE, an attacker with physical access to a ...)
+ TODO: check
CVE-2021-39898
RESERVED
CVE-2021-39897
RESERVED
-CVE-2021-39896
- RESERVED
+CVE-2021-39896 (In all versions of GitLab CE/EE since version 8.0, when an admin uses ...)
+ TODO: check
CVE-2021-39895
RESERVED
CVE-2021-39894
@@ -4709,42 +4720,42 @@ CVE-2021-39887
RESERVED
CVE-2021-39886
RESERVED
-CVE-2021-39885
- RESERVED
+CVE-2021-39885 (A Stored XSS in merge request creation page in Gitlab EE version 13.5 ...)
+ TODO: check
CVE-2021-39884
RESERVED
-CVE-2021-39883
- RESERVED
+CVE-2021-39883 (Improper authorization checks in GitLab EE > 13.11 allows subgroup ...)
+ TODO: check
CVE-2021-39882
RESERVED
CVE-2021-39881
RESERVED
CVE-2021-39880
RESERVED
-CVE-2021-39879
- RESERVED
+CVE-2021-39879 (Missing authentication in all versions of GitLab CE/EE since version 7 ...)
+ TODO: check
CVE-2021-39878
RESERVED
-CVE-2021-39877
- RESERVED
+CVE-2021-39877 (A vulnerability was discovered in GitLab starting with version 12.2 th ...)
+ TODO: check
CVE-2021-39876
RESERVED
CVE-2021-39875
RESERVED
-CVE-2021-39874
- RESERVED
-CVE-2021-39873
- RESERVED
+CVE-2021-39874 (In all versions of GitLab CE/EE since version 11.0, the requirement to ...)
+ TODO: check
+CVE-2021-39873 (In all versions of GitLab CE/EE, there exists a content spoofing vulne ...)
+ TODO: check
CVE-2021-39872
RESERVED
-CVE-2021-39871
- RESERVED
+CVE-2021-39871 (In all versions of GitLab CE/EE since version 13.0, an instance that h ...)
+ TODO: check
CVE-2021-39870
RESERVED
CVE-2021-39869
RESERVED
-CVE-2021-39868
- RESERVED
+CVE-2021-39868 (In all versions of GitLab CE/EE since version 8.12, an authenticated l ...)
+ TODO: check
CVE-2021-39867
RESERVED
CVE-2021-39866
@@ -5606,8 +5617,8 @@ CVE-2021-39488
RESERVED
CVE-2021-39487
RESERVED
-CVE-2021-39486
- RESERVED
+CVE-2021-39486 (A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2. ...)
+ TODO: check
CVE-2021-39485
RESERVED
CVE-2021-39484
@@ -5926,8 +5937,8 @@ CVE-2021-39349
RESERVED
CVE-2021-39348
RESERVED
-CVE-2021-39347
- RESERVED
+CVE-2021-39347 (The Stripe for WooCommerce WordPress plugin is missing a capability ch ...)
+ TODO: check
CVE-2021-39346
RESERVED
CVE-2021-39345
@@ -7240,10 +7251,10 @@ CVE-2021-38825
RESERVED
CVE-2021-38824
RESERVED
-CVE-2021-38823
- RESERVED
-CVE-2021-38822
- RESERVED
+CVE-2021-38823 (The IceHrm 30.0.0 OS website was found vulnerable to Session Managemen ...)
+ TODO: check
+CVE-2021-38822 (A Stored Cross Site Scripting vulnerability via Malicious File Upload ...)
+ TODO: check
CVE-2021-38821
RESERVED
CVE-2021-38820
@@ -7671,8 +7682,8 @@ CVE-2021-38620
RESERVED
CVE-2021-38619 (openBaraza HCM 3.1.6 does not properly neutralize user-controllable in ...)
NOT-FOR-US: openBaraza HCM
-CVE-2021-38618
- RESERVED
+CVE-2021-38618 (In GFOS Workforce Management 4.8.272.1, the login page of application ...)
+ TODO: check
CVE-2021-38617 (In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ us ...)
NOT-FOR-US: Eigen
CVE-2021-38616 (In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/{us ...)
@@ -8191,24 +8202,24 @@ CVE-2021-38402 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks pro
NOT-FOR-US: Delta Electronic
CVE-2021-38401
RESERVED
-CVE-2021-38400
- RESERVED
+CVE-2021-38400 (An attacker with physical access to Boston Scientific Zoom Latitude Mo ...)
+ TODO: check
CVE-2021-38399
RESERVED
-CVE-2021-38398
- RESERVED
+CVE-2021-38398 (The affected device uses off-the-shelf software components that contai ...)
+ TODO: check
CVE-2021-38397
RESERVED
-CVE-2021-38396
- RESERVED
+CVE-2021-38396 (The programmer installation utility does not perform a cryptographic a ...)
+ TODO: check
CVE-2021-38395
RESERVED
-CVE-2021-38394
- RESERVED
+CVE-2021-38394 (An attacker with physical access to the device can extract the binary ...)
+ TODO: check
CVE-2021-38393 (A Blind SQL injection vulnerability exists in the /DataHandler/Handler ...)
NOT-FOR-US: Delta Electronics
-CVE-2021-38392
- RESERVED
+CVE-2021-38392 (A skilled attacker with physical access to the affected device can gai ...)
+ TODO: check
CVE-2021-38391 (A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_H ...)
NOT-FOR-US: Delta Electronics
CVE-2021-38390 (A Blind SQL injection vulnerability exists in the /DataHandler/Handler ...)
@@ -9781,8 +9792,8 @@ CVE-2021-37779
RESERVED
CVE-2021-37778
RESERVED
-CVE-2021-37777
- RESERVED
+CVE-2021-37777 (Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR ...)
+ TODO: check
CVE-2021-37776
RESERVED
CVE-2021-37775
@@ -10765,14 +10776,14 @@ CVE-2021-37335
RESERVED
CVE-2021-37334 (A security issue in Umbraco Forms 4.0.0 to and including 8.7.5 could l ...)
NOT-FOR-US: Umbraco Forms
-CVE-2021-37333
- RESERVED
+CVE-2021-37333 (Laravel Booking System Booking Core 2.0 is vulnerable to Session Manag ...)
+ TODO: check
CVE-2021-37332
RESERVED
-CVE-2021-37331
- RESERVED
-CVE-2021-37330
- RESERVED
+CVE-2021-37331 (Laravel Booking System Booking Core 2.0 is vulnerable to Incorrect Acc ...)
+ TODO: check
+CVE-2021-37330 (Laravel Booking System Booking Core 2.0 is vulnerable to Cross Site Sc ...)
+ TODO: check
CVE-2021-37329
RESERVED
CVE-2021-37328
@@ -11829,8 +11840,8 @@ CVE-2021-36852
RESERVED
CVE-2021-36851
RESERVED
-CVE-2021-36850
- RESERVED
+CVE-2021-36850 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress Media Fil ...)
+ TODO: check
CVE-2021-36849
RESERVED
CVE-2021-36848
@@ -13843,8 +13854,8 @@ CVE-2021-36053 (XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an
NOT-FOR-US: Adobe
CVE-2021-36052 (XMP Toolkit version 2020.1 (and earlier) is affected by a memory corru ...)
NOT-FOR-US: Adobe
-CVE-2021-36051
- RESERVED
+CVE-2021-36051 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...)
+ TODO: check
CVE-2021-36050 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...)
NOT-FOR-US: Adobe
CVE-2021-36049 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...)
@@ -15525,8 +15536,8 @@ CVE-2021-35298 (Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows re
- zammad <itp> (bug #841355)
CVE-2021-35297 (Scalabium dBase Viewer version 2.6 (Build 5.751) is vulnerable to remo ...)
NOT-FOR-US: Scalabium dBase Viewer
-CVE-2021-35296
- RESERVED
+CVE-2021-35296 (An issue in the administrator authentication panel of PTCL HG150-Ub v3 ...)
+ TODO: check
CVE-2021-35295
RESERVED
CVE-2021-35294
@@ -21522,8 +21533,7 @@ CVE-2021-32764 (Discourse is an open-source discussion platform. In Discourse ve
NOT-FOR-US: Discourse
CVE-2021-32763 (OpenProject is open-source, web-based project management software. In ...)
NOT-FOR-US: OpenProject
-CVE-2021-32762
- RESERVED
+CVE-2021-32762 (Redis is an open source, in-memory database that persists on disk. The ...)
- redis 5:6.0.16-1
NOTE: https://github.com/redis/redis/security/advisories/GHSA-833w-8v3m-8wwr
CVE-2021-32761 (Redis is an in-memory database that persists on disk. A vulnerability ...)
@@ -21728,8 +21738,7 @@ CVE-2021-32689 (Nextcloud Talk is a fully on-premises audio/video and chat commu
NOT-FOR-US: Nextcloud Talk
CVE-2021-32688 (Nextcloud Server is a Nextcloud package that handles data storage. Nex ...)
- nextcloud-server <itp> (bug #941708)
-CVE-2021-32687
- RESERVED
+CVE-2021-32687 (Redis is an open source, in-memory database that persists on disk. An ...)
- redis 5:6.0.16-1
NOTE: https://github.com/redis/redis/security/advisories/GHSA-m3mf-8x9w-r27q
CVE-2021-32686 (PJSIP is a free and open source multimedia communication library writt ...)
@@ -21765,16 +21774,14 @@ CVE-2021-32677 (FastAPI is a web framework for building APIs with Python 3.6+ ba
NOTE: https://github.com/tiangolo/fastapi/commit/fa7e3c996edf2d5482fff8f9d890ac2390dede4d (0.65.2)
CVE-2021-32676 (Nextcloud Talk is a fully on-premises audio/video and chat communicati ...)
NOT-FOR-US: Nextcloud Talk
-CVE-2021-32675
- RESERVED
+CVE-2021-32675 (Redis is an open source, in-memory database that persists on disk. Whe ...)
- redis 5:6.0.16-1
NOTE: https://github.com/redis/redis/security/advisories/GHSA-f6pw-v9gw-v64p
CVE-2021-32674 (Zope is an open-source web application server. This advisory extends t ...)
NOT-FOR-US: Zope
CVE-2021-32673 (reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot ...)
NOT-FOR-US: reg-keygen-git-hash-plugin
-CVE-2021-32672
- RESERVED
+CVE-2021-32672 (Redis is an open source, in-memory database that persists on disk. Whe ...)
- redis 5:6.0.16-1
NOTE: https://github.com/redis/redis/security/advisories/GHSA-9mj9-xx53-qmxm
CVE-2021-32671 (Flarum is a forum software for building communities. Flarum's translat ...)
@@ -21871,16 +21878,13 @@ CVE-2021-32630 (Admidio is a free, open source user management system for websit
NOT-FOR-US: Admidio
CVE-2021-32629 (Cranelift is an open-source code generator maintained by Bytecode Alli ...)
NOT-FOR-US: Cranelift
-CVE-2021-32628
- RESERVED
+CVE-2021-32628 (Redis is an open source, in-memory database that persists on disk. An ...)
- redis 5:6.0.16-1
NOTE: https://github.com/redis/redis/security/advisories/GHSA-vw22-qm3h-49pr
-CVE-2021-32627
- RESERVED
+CVE-2021-32627 (Redis is an open source, in-memory database that persists on disk. In ...)
- redis 5:6.0.16-1
NOTE: https://github.com/redis/redis/security/advisories/GHSA-f434-69fm-g45v
-CVE-2021-32626
- RESERVED
+CVE-2021-32626 (Redis is an open source, in-memory database that persists on disk. In ...)
- redis 5:6.0.16-1
NOTE: https://github.com/redis/redis/security/advisories/GHSA-p486-xggp-782c
CVE-2021-32625 (Redis is an open source (BSD licensed), in-memory data structure store ...)
@@ -38795,8 +38799,8 @@ CVE-2021-25966
RESERVED
CVE-2021-25965
RESERVED
-CVE-2021-25964
- RESERVED
+CVE-2021-25964 (In “Calibre-web” application, v0.6.0 to v0.6.12, are vulne ...)
+ TODO: check
CVE-2021-25963 (In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cr ...)
NOT-FOR-US: Shuup
CVE-2021-25962 (“Shuup” application in versions 0.4.2 to 2.10.8 is affecte ...)
@@ -41922,8 +41926,8 @@ CVE-2021-24689
RESERVED
CVE-2021-24688
RESERVED
-CVE-2021-24687
- RESERVED
+CVE-2021-24687 (The Modern Events Calendar Lite WordPress plugin before 5.22.2 does no ...)
+ TODO: check
CVE-2021-24686
RESERVED
CVE-2021-24685
@@ -41938,20 +41942,20 @@ CVE-2021-24681
RESERVED
CVE-2021-24680
RESERVED
-CVE-2021-24679
- RESERVED
-CVE-2021-24678
- RESERVED
+CVE-2021-24679 (The Bitcoin / AltCoin Payment Gateway for WooCommerce WordPress plugin ...)
+ TODO: check
+CVE-2021-24678 (The CM Tooltip Glossary WordPress plugin before 3.9.21 does not escape ...)
+ TODO: check
CVE-2021-24677
RESERVED
-CVE-2021-24676
- RESERVED
+CVE-2021-24676 (The Better Find and Replace WordPress plugin before 1.2.9 does not esc ...)
+ TODO: check
CVE-2021-24675
RESERVED
CVE-2021-24674
RESERVED
-CVE-2021-24673
- RESERVED
+CVE-2021-24673 (The Appointment Hour Booking WordPress plugin before 1.3.16 does not e ...)
+ TODO: check
CVE-2021-24672
RESERVED
CVE-2021-24671 (The MX Time Zone Clocks WordPress plugin before 3.4.1 does not escape ...)
@@ -41988,8 +41992,8 @@ CVE-2021-24656
RESERVED
CVE-2021-24655
RESERVED
-CVE-2021-24654
- RESERVED
+CVE-2021-24654 (The User Registration WordPress plugin before 2.0.2 does not properly ...)
+ TODO: check
CVE-2021-24653
RESERVED
CVE-2021-24652 (The PostX – Gutenberg Blocks for Post Grid WordPress plugin befo ...)
@@ -42366,8 +42370,8 @@ CVE-2021-24467 (The Leaflet Map WordPress plugin before 3.0.0 does not verify th
NOT-FOR-US: Wordpress plugin
CVE-2021-24466 (The Verse-O-Matic WordPress plugin through 4.1.1 does not have any CSR ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24465
- RESERVED
+CVE-2021-24465 (The Meow Gallery WordPress plugin before 4.1.9 does not sanitise, vali ...)
+ TODO: check
CVE-2021-24464 (The YouTube Embed, Playlist and Popup by WpDevArt WordPress plugin bef ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24463 (The get_sliders() function in the Image Slider by Ays- Responsive Slid ...)
@@ -43815,14 +43819,14 @@ CVE-2021-23860
RESERVED
CVE-2021-23859
RESERVED
-CVE-2021-23858
- RESERVED
-CVE-2021-23857
- RESERVED
-CVE-2021-23856
- RESERVED
-CVE-2021-23855
- RESERVED
+CVE-2021-23858 (Information disclosure: The main configuration, including users and th ...)
+ TODO: check
+CVE-2021-23857 (Login with hash: The login routine allows the client to log in to the ...)
+ TODO: check
+CVE-2021-23856 (The web server is vulnerable to reflected XSS and therefore an attacke ...)
+ TODO: check
+CVE-2021-23855 (The user and password data base is exposed by an unprotected web serve ...)
+ TODO: check
CVE-2021-23854 (An error in the handling of a page parameter in Bosch IP cameras may l ...)
NOT-FOR-US: Bosch
CVE-2021-23853 (In Bosch IP cameras, improper validation of the HTTP header allows an ...)
@@ -46820,8 +46824,8 @@ CVE-2021-22559
RESERVED
CVE-2021-22558
RESERVED
-CVE-2021-22557
- RESERVED
+CVE-2021-22557 (SLO generator allows for loading of YAML files that if crafted in a sp ...)
+ TODO: check
CVE-2021-22556
RESERVED
CVE-2021-22555 (A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was disco ...)
@@ -47423,8 +47427,8 @@ CVE-2021-22261
RESERVED
CVE-2021-22260
RESERVED
-CVE-2021-22259
- RESERVED
+CVE-2021-22259 (A potential DOS vulnerability was discovered in GitLab EE starting wit ...)
+ TODO: check
CVE-2021-22258
RESERVED
CVE-2021-22257
@@ -63975,8 +63979,8 @@ CVE-2020-28121
RESERVED
CVE-2020-28120
RESERVED
-CVE-2020-28119
- RESERVED
+CVE-2020-28119 (Cross site scripting vulnerability in 53KF < 2.0.0.2 that allows fo ...)
+ TODO: check
CVE-2020-28118
RESERVED
CVE-2020-28117
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f473a6f1778aae645e58b7d461236aefac84efe
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f473a6f1778aae645e58b7d461236aefac84efe
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211004/642f57e2/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list