[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Sep 23 21:10:30 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
34a9e870 by security tracker role at 2021-09-23T20:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2021-41572
+ RESERVED
+CVE-2021-41571
+ RESERVED
CVE-2021-41570
RESERVED
CVE-2021-41569
@@ -22,8 +26,8 @@ CVE-2021-41561
RESERVED
CVE-2021-3825
RESERVED
-CVE-2021-3824
- RESERVED
+CVE-2021-3824 (OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to in ...)
+ TODO: check
CVE-2021-3823
RESERVED
CVE-2021-3822
@@ -302,8 +306,8 @@ CVE-2021-41430
RESERVED
CVE-2021-41429
RESERVED
-CVE-2021-41428
- RESERVED
+CVE-2021-41428 (Insecure permissions in Update Manager <= 5.8.0.2300 and DFL <= ...)
+ TODO: check
CVE-2021-41427
RESERVED
CVE-2021-41426
@@ -397,8 +401,8 @@ CVE-2021-41383 (setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to e
NOT-FOR-US: Netgear
CVE-2021-41382 (Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server managem ...)
NOT-FOR-US: Plastic SCM
-CVE-2021-41381
- RESERVED
+CVE-2021-41381 (Payara Micro Community 5.2021.6 and below allows Directory Traversal. ...)
+ TODO: check
CVE-2021-3816
RESERVED
CVE-2021-41380 (RealVNC Viewer 6.21.406 allows remote VNC servers to cause a denial of ...)
@@ -6153,8 +6157,8 @@ CVE-2021-38879
RESERVED
CVE-2021-38878
RESERVED
-CVE-2021-38877
- RESERVED
+CVE-2021-38877 (IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross ...)
+ TODO: check
CVE-2021-38876
RESERVED
CVE-2021-38875
@@ -6167,8 +6171,8 @@ CVE-2021-38872
RESERVED
CVE-2021-38871
RESERVED
-CVE-2021-38870
- RESERVED
+CVE-2021-38870 (IBM Aspera Cloud is vulnerable to stored cross-site scripting. This vu ...)
+ TODO: check
CVE-2021-38869
RESERVED
CVE-2021-38868
@@ -6179,10 +6183,10 @@ CVE-2021-38866
RESERVED
CVE-2021-38865
RESERVED
-CVE-2021-38864
- RESERVED
-CVE-2021-38863
- RESERVED
+CVE-2021-38864 (IBM Security Verify Bridge 1.0.5.0 could allow a user to obtain sensit ...)
+ TODO: check
+CVE-2021-38863 (IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain cl ...)
+ TODO: check
CVE-2021-38862
RESERVED
CVE-2021-38861
@@ -10783,10 +10787,10 @@ CVE-2021-36875
RESERVED
CVE-2021-36874
RESERVED
-CVE-2021-36873
- RESERVED
-CVE-2021-36872
- RESERVED
+CVE-2021-36873 (Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in W ...)
+ TODO: check
+CVE-2021-36872 (Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in W ...)
+ TODO: check
CVE-2021-36871 (Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabi ...)
NOT-FOR-US: Wordpress plugin
CVE-2021-36870 (Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabi ...)
@@ -10883,8 +10887,8 @@ CVE-2021-36825
RESERVED
CVE-2021-36824
RESERVED
-CVE-2021-36823
- RESERVED
+CVE-2021-36823 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability in WordP ...)
+ TODO: check
CVE-2021-36822
RESERVED
CVE-2021-36821
@@ -19836,8 +19840,8 @@ CVE-2021-33037 (Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0
NOTE: https://github.com/apache/tomcat/commit/8874fa02e9b36baa9ca6b226c0882c0190ca5a02 (8.5.67)
CVE-2021-33036
RESERVED
-CVE-2021-33035
- RESERVED
+CVE-2021-33035 (Apache OpenOffice opens dBase/DBF documents and shows the contents as ...)
+ TODO: check
CVE-2021-33034 (In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use ...)
{DLA-2690-1 DLA-2689-1}
- linux 5.10.38-1
@@ -19915,8 +19919,8 @@ CVE-2021-33001
RESERVED
CVE-2021-33000 (Parsing a maliciously crafted project file may cause a heap-based buff ...)
NOT-FOR-US: WebAccess HMI Designer
-CVE-2021-32999
- RESERVED
+CVE-2021-32999 (Improper handling of exceptional conditions in SuiteLink server while ...)
+ TODO: check
CVE-2021-32998
RESERVED
CVE-2021-32997
@@ -19939,8 +19943,8 @@ CVE-2021-32989
RESERVED
CVE-2021-32988 (FATEK Automation WinProladder Versions 3.30 and prior are vulnerable t ...)
NOT-FOR-US: FATEK Automation WinProladder
-CVE-2021-32987
- RESERVED
+CVE-2021-32987 (Null pointer dereference in SuiteLink server while processing command ...)
+ TODO: check
CVE-2021-32986
RESERVED
CVE-2021-32985
@@ -19955,8 +19959,8 @@ CVE-2021-32981
RESERVED
CVE-2021-32980
RESERVED
-CVE-2021-32979
- RESERVED
+CVE-2021-32979 (Null pointer dereference in SuiteLink server while processing commands ...)
+ TODO: check
CVE-2021-32978
RESERVED
CVE-2021-32977
@@ -19971,8 +19975,8 @@ CVE-2021-32973
RESERVED
CVE-2021-32972 (Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacke ...)
NOT-FOR-US: Panasonic
-CVE-2021-32971
- RESERVED
+CVE-2021-32971 (Null pointer dereference in SuiteLink server while processing command ...)
+ TODO: check
CVE-2021-32970
RESERVED
CVE-2021-32969
@@ -19987,16 +19991,16 @@ CVE-2021-32965
RESERVED
CVE-2021-32964
RESERVED
-CVE-2021-32963
- RESERVED
+CVE-2021-32963 (Null pointer dereference in SuiteLink server while processing commands ...)
+ TODO: check
CVE-2021-32962
RESERVED
CVE-2021-32961
RESERVED
CVE-2021-32960
RESERVED
-CVE-2021-32959
- RESERVED
+CVE-2021-32959 (Heap-based buffer overflow in SuiteLink server while processing comman ...)
+ TODO: check
CVE-2021-32958
RESERVED
CVE-2021-32957
@@ -28118,10 +28122,10 @@ CVE-2021-29907 (IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticat
NOT-FOR-US: IBM
CVE-2021-29906
RESERVED
-CVE-2021-29905
- RESERVED
-CVE-2021-29904
- RESERVED
+CVE-2021-29905 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...)
+ TODO: check
+CVE-2021-29904 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...)
+ TODO: check
CVE-2021-29903
RESERVED
CVE-2021-29902
@@ -28262,10 +28266,10 @@ CVE-2021-29835
RESERVED
CVE-2021-29834
RESERVED
-CVE-2021-29833
- RESERVED
-CVE-2021-29832
- RESERVED
+CVE-2021-29833 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...)
+ TODO: check
+CVE-2021-29832 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...)
+ TODO: check
CVE-2021-29831 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...)
NOT-FOR-US: IBM
CVE-2021-29830
@@ -28296,20 +28300,20 @@ CVE-2021-29818 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_G
NOT-FOR-US: IBM
CVE-2021-29817 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...)
NOT-FOR-US: IBM
-CVE-2021-29816
- RESERVED
-CVE-2021-29815
- RESERVED
-CVE-2021-29814
- RESERVED
-CVE-2021-29813
- RESERVED
-CVE-2021-29812
- RESERVED
+CVE-2021-29816 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...)
+ TODO: check
+CVE-2021-29815 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...)
+ TODO: check
+CVE-2021-29814 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...)
+ TODO: check
+CVE-2021-29813 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...)
+ TODO: check
+CVE-2021-29812 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...)
+ TODO: check
CVE-2021-29811 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...)
NOT-FOR-US: IBM
-CVE-2021-29810
- RESERVED
+CVE-2021-29810 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...)
+ TODO: check
CVE-2021-29809 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...)
NOT-FOR-US: IBM
CVE-2021-29808 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...)
@@ -28328,8 +28332,8 @@ CVE-2021-29802 (IBM Security SOAR performs an operation at a privilege level tha
NOT-FOR-US: IBM
CVE-2021-29801 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user ...)
NOT-FOR-US: IBM
-CVE-2021-29800
- RESERVED
+CVE-2021-29800 (IBM Tivoli Netcool/OMNIbus_GUI and IBM Jazz for Service Management 1.1 ...)
+ TODO: check
CVE-2021-29799
RESERVED
CVE-2021-29798
@@ -35636,8 +35640,8 @@ CVE-2021-26796
RESERVED
CVE-2021-26795
RESERVED
-CVE-2021-26794
- RESERVED
+CVE-2021-26794 (Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows ...)
+ TODO: check
CVE-2021-26793
RESERVED
CVE-2021-26792
@@ -35724,8 +35728,8 @@ CVE-2021-26752 (NeDi 1.9C allows an authenticated user to execute operating syst
NOT-FOR-US: NeDi
CVE-2021-26751 (NeDi 1.9C allows an authenticated user to perform a SQL Injection in t ...)
NOT-FOR-US: NeDi
-CVE-2021-26750
- RESERVED
+CVE-2021-26750 (DLL hijacking in Panda Agent <=1.16.11 in Panda Security, S.L.U. Pa ...)
+ TODO: check
CVE-2021-26749
RESERVED
CVE-2021-26748
@@ -44711,18 +44715,18 @@ CVE-2021-22955
RESERVED
CVE-2021-22954
RESERVED
-CVE-2021-22953
- RESERVED
-CVE-2021-22952
- RESERVED
+CVE-2021-22953 (A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to c ...)
+ TODO: check
+CVE-2021-22952 (A vulnerability found in UniFi Talk application V1.12.3 and earlier pe ...)
+ TODO: check
CVE-2021-22951
RESERVED
-CVE-2021-22950
- RESERVED
-CVE-2021-22949
- RESERVED
-CVE-2021-22948
- RESERVED
+CVE-2021-22950 (Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachme ...)
+ TODO: check
+CVE-2021-22949 (A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to d ...)
+ TODO: check
+CVE-2021-22948 (Vulnerability in the generation of session IDs in revive-adserver < ...)
+ TODO: check
CVE-2021-22947 [STARTTLS protocol injection via MITM]
RESERVED
- curl <unfixed>
@@ -44733,8 +44737,7 @@ CVE-2021-22946 [Protocol downgrade required TLS bypassed]
- curl <unfixed>
NOTE: https://curl.se/docs/CVE-2021-22946.html
NOTE: Fixed by: https://github.com/curl/curl/commit/364f174724ef115c63d5e5dc1d3342c8a43b1cca (curl-7_79_0)
-CVE-2021-22945 [UAF and double-free in MQTT sending]
- RESERVED
+CVE-2021-22945 (When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 c ...)
- curl <unfixed>
[buster] - curl <not-affected> (Vulnerable code introduced later)
[stretch] - curl <not-affected> (Vulnerable code introduced later)
@@ -44751,8 +44754,8 @@ CVE-2021-22942 [ossible Open Redirect in Host Authorization Middleware]
[buster] - rails <not-affected> (Vulnerable code not present)
[stretch] - rails <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2021/08/20/1
-CVE-2021-22941
- RESERVED
+CVE-2021-22941 (Improper Access Control in Citrix ShareFile storage zones controller b ...)
+ TODO: check
CVE-2021-22940 (Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use aft ...)
- nodejs 12.22.5~dfsg-1
[bullseye] - nodejs <not-affected> (Incomplete fix for CVE-2021-22930 not applied)
@@ -46344,8 +46347,8 @@ CVE-2021-22278
RESERVED
CVE-2021-22277
RESERVED
-CVE-2021-22276
- RESERVED
+CVE-2021-22276 (The vulnerability allows a successful attacker to bypass the integrity ...)
+ TODO: check
CVE-2021-22275
RESERVED
CVE-2021-22274
@@ -46935,38 +46938,38 @@ CVE-2021-22022 (The vRealize Operations Manager API (8.x prior to 8.5) contains
NOT-FOR-US: VMware
CVE-2021-22021 (VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site S ...)
NOT-FOR-US: VMware
-CVE-2021-22020
- RESERVED
-CVE-2021-22019
- RESERVED
-CVE-2021-22018
- RESERVED
-CVE-2021-22017
- RESERVED
-CVE-2021-22016
- RESERVED
-CVE-2021-22015
- RESERVED
-CVE-2021-22014
- RESERVED
-CVE-2021-22013
- RESERVED
-CVE-2021-22012
- RESERVED
-CVE-2021-22011
- RESERVED
-CVE-2021-22010
- RESERVED
-CVE-2021-22009
- RESERVED
-CVE-2021-22008
- RESERVED
-CVE-2021-22007
- RESERVED
-CVE-2021-22006
- RESERVED
-CVE-2021-22005
- RESERVED
+CVE-2021-22020 (The vCenter Server contains a denial-of-service vulnerability in the A ...)
+ TODO: check
+CVE-2021-22019 (The vCenter Server contains a denial-of-service vulnerability in VAPI ...)
+ TODO: check
+CVE-2021-22018 (The vCenter Server contains an arbitrary file deletion vulnerability i ...)
+ TODO: check
+CVE-2021-22017 (Rhttproxy as used in vCenter Server contains a vulnerability due to im ...)
+ TODO: check
+CVE-2021-22016 (The vCenter Server contains a reflected cross-site scripting vulnerabi ...)
+ TODO: check
+CVE-2021-22015 (The vCenter Server contains multiple local privilege escalation vulner ...)
+ TODO: check
+CVE-2021-22014 (The vCenter Server contains an authenticated code execution vulnerabil ...)
+ TODO: check
+CVE-2021-22013 (The vCenter Server contains a file path traversal vulnerability leadin ...)
+ TODO: check
+CVE-2021-22012 (The vCenter Server contains an information disclosure vulnerability du ...)
+ TODO: check
+CVE-2021-22011 (vCenter Server contains an unauthenticated API endpoint vulnerability ...)
+ TODO: check
+CVE-2021-22010 (The vCenter Server contains a denial-of-service vulnerability in VPXD ...)
+ TODO: check
+CVE-2021-22009 (The vCenter Server contains multiple denial-of-service vulnerabilities ...)
+ TODO: check
+CVE-2021-22008 (The vCenter Server contains an information disclosure vulnerability in ...)
+ TODO: check
+CVE-2021-22007 (The vCenter Server contains a local information disclosure vulnerabili ...)
+ TODO: check
+CVE-2021-22006 (The vCenter Server contains a reverse proxy bypass vulnerability due t ...)
+ TODO: check
+CVE-2021-22005 (The vCenter Server contains an arbitrary file upload vulnerability in ...)
+ TODO: check
CVE-2021-22004 (An issue was discovered in SaltStack Salt before 3003.3. The salt mini ...)
- salt <unfixed> (bug #994016)
NOTE: https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/
@@ -46991,8 +46994,8 @@ CVE-2021-21995 (OpenSLP as used in ESXi has a denial-of-service vulnerability du
NOT-FOR-US: VMware
CVE-2021-21994 (SFCB (Small Footprint CIM Broker) as used in ESXi has an authenticatio ...)
NOT-FOR-US: VMware
-CVE-2021-21993
- RESERVED
+CVE-2021-21993 (The vCenter Server contains an SSRF (Server Side Request Forgery) vuln ...)
+ TODO: check
CVE-2021-21992 (The vCenter Server contains a denial-of-service vulnerability due to i ...)
NOT-FOR-US: VMware
CVE-2021-21991 (The vCenter Server contains a local privilege escalation vulnerability ...)
@@ -47167,8 +47170,8 @@ CVE-2021-21915
RESERVED
CVE-2021-21914
RESERVED
-CVE-2021-21913
- RESERVED
+CVE-2021-21913 (An information disclosure vulnerability exists in the WiFi Smart Mesh ...)
+ TODO: check
CVE-2021-21912
RESERVED
CVE-2021-21911
@@ -51998,8 +52001,8 @@ CVE-2021-20565 (IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6
NOT-FOR-US: IBM
CVE-2021-20564 (IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, ...)
NOT-FOR-US: IBM
-CVE-2021-20563
- RESERVED
+CVE-2021-20563 (IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote ...)
+ TODO: check
CVE-2021-20562 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 ...)
NOT-FOR-US: IBM
CVE-2021-20561
@@ -52154,10 +52157,10 @@ CVE-2021-20487 (IBM Power9 Self Boot Engine(SBE) could allow a privileged user t
NOT-FOR-US: IBM
CVE-2021-20486 (IBM Cloud Pak for Data 3.0 could allow an authenticated user to obtain ...)
NOT-FOR-US: IBM
-CVE-2021-20485
- RESERVED
-CVE-2021-20484
- RESERVED
+CVE-2021-20485 (IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote ...)
+ TODO: check
+CVE-2021-20484 (IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 is vulnerable to cro ...)
+ TODO: check
CVE-2021-20483 (IBM Security Identity Manager 6.0.2 is vulnerable to server-side reque ...)
NOT-FOR-US: IBM
CVE-2021-20482 (IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 are vulnerable to ...)
@@ -52254,10 +52257,10 @@ CVE-2021-20437
RESERVED
CVE-2021-20436
RESERVED
-CVE-2021-20435
- RESERVED
-CVE-2021-20434
- RESERVED
+CVE-2021-20435 (IBM Security Verify Bridge 1.0.5.0 does not properly validate a certif ...)
+ TODO: check
+CVE-2021-20434 (IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain cl ...)
+ TODO: check
CVE-2021-20433 (IBM Security Guardium 11.3 could allow a an authenticated user to obta ...)
NOT-FOR-US: IBM
CVE-2021-20432 (IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses Cross-Origin Reso ...)
@@ -52370,8 +52373,8 @@ CVE-2021-20379 (IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weak
NOT-FOR-US: IBM
CVE-2021-20378 (IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invali ...)
NOT-FOR-US: IBM
-CVE-2021-20377
- RESERVED
+CVE-2021-20377 (IBM Security Guardium 11.3 could allow a remote attacker to obtain sen ...)
+ TODO: check
CVE-2021-20376
RESERVED
CVE-2021-20375
@@ -72933,8 +72936,8 @@ CVE-2020-24329
RESERVED
CVE-2020-24328
RESERVED
-CVE-2020-24327
- RESERVED
+CVE-2020-24327 (Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2 ...)
+ TODO: check
CVE-2020-24326
RESERVED
CVE-2020-24325
@@ -82877,6 +82880,7 @@ CVE-2020-19611
CVE-2020-19610
RESERVED
CVE-2020-19609 (Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff ...)
+ {DLA-2765-1}
- mupdf 1.17.0+ds1-2 (bug #991401)
[buster] - mupdf <no-dsa> (Minor issue; can be fixed via point release)
NOTE: http://git.ghostscript.com/?p=mupdf.git;h=b7892cdc7fae62aa57d63ae62144e1f11b5f9275
@@ -121511,8 +121515,8 @@ CVE-2020-4943
RESERVED
CVE-2020-4942 (IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to ...)
NOT-FOR-US: IBM
-CVE-2020-4941
- RESERVED
+CVE-2020-4941 (IBM Edge 4.2 could reveal sensitive version information about the serv ...)
+ TODO: check
CVE-2020-4940
RESERVED
CVE-2020-4939
@@ -121775,20 +121779,20 @@ CVE-2020-4811 (IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.
NOT-FOR-US: IBM
CVE-2020-4810
RESERVED
-CVE-2020-4809
- RESERVED
+CVE-2020-4809 (IBM Edge 4.2 allows web pages to be stored locally which can be read b ...)
+ TODO: check
CVE-2020-4808
RESERVED
CVE-2020-4807
RESERVED
CVE-2020-4806
RESERVED
-CVE-2020-4805
- RESERVED
+CVE-2020-4805 (IBM Edge 4.2 allows web pages to be stored locally which can be read b ...)
+ TODO: check
CVE-2020-4804
RESERVED
-CVE-2020-4803
- RESERVED
+CVE-2020-4803 (IBM Edge 4.2 allows web pages to be stored locally which can be read b ...)
+ TODO: check
CVE-2020-4802
RESERVED
CVE-2020-4801
@@ -122016,8 +122020,8 @@ CVE-2020-4692 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.
NOT-FOR-US: IBM
CVE-2020-4691 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...)
NOT-FOR-US: IBM
-CVE-2020-4690
- RESERVED
+CVE-2020-4690 (IBM Security Guardium 11.3 contains hard-coded credentials, such as a ...)
+ TODO: check
CVE-2020-4689 (IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote pr ...)
NOT-FOR-US: IBM
CVE-2020-4688 (IBM Security Guardium 10.6 and 11.2 could allow a local attacker to ex ...)
@@ -216116,6 +216120,7 @@ CVE-2018-10291
CVE-2018-10290
RESERVED
CVE-2018-10289 (In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space functi ...)
+ {DLA-2765-1}
- mupdf 1.13.0+ds1-3 (unimportant; bug #896545)
[jessie] - mupdf <not-affected> (Vulnerable code introduced later)
[wheezy] - mupdf <not-affected> (Vulnerable code introduced later)
@@ -226384,6 +226389,7 @@ CVE-2018-1000037 (In MuPDF 1.12.0 and earlier, multiple reachable assertions in
NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=8a3257b01faa899dd9b5e35c6bb3403cd709c371;hp=de39f005f12a1afc6973c1f5cec362d6545f70cb
NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=b2e7d38e845c7d4922d05e6e41f3a2dc1bc1b14a;hp=f51836b9732c38d945b87fda0770009a77ba680c
CVE-2018-1000036 (In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser a ...)
+ {DLA-2765-1}
- mupdf 1.14.0+ds1-1 (unimportant; bug #900129)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5502
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699695
@@ -277708,12 +277714,14 @@ CVE-2016-10248 (The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before
NOTE: Not suitable for code injection, hardly denial of service
NOTE: https://github.com/mdadams/jasper/commit/2e82fa00466ae525339754bb3ab0a0474a31d4bd
CVE-2016-10247 (Buffer overflow in the my_getline function in jstest_main.c in Mujstes ...)
+ {DLA-2765-1}
- mupdf 1.11+ds1-1 (unimportant)
[wheezy] - mupdf <not-affected> (Vulnerable code not present)
NOTE: Although jstest_main.c compiled during build and mujstest is created
NOTE: it is not included in the produced binary packages
NOTE: https://www.openwall.com/lists/oss-security/2016/10/16/19
CVE-2016-10246 (Buffer overflow in the main function in jstest_main.c in Mujstest in A ...)
+ {DLA-2765-1}
- mupdf 1.11+ds1-1 (unimportant)
[wheezy] - mupdf <not-affected> (Vulnerable code not present)
NOTE: Although jstest_main.c compiled during build and mujstest is created
@@ -279961,6 +279969,7 @@ CVE-2016-10226 (JavaScriptCore in WebKit, as distributed in Safari Technology Pr
CVE-2017-6061 (Cross-site scripting (XSS) vulnerability in the help component of SAP ...)
NOT-FOR-US: SAP
CVE-2017-6060 (Stack-based buffer overflow in jstest_main.c in mujstest in Artifex So ...)
+ {DLA-2765-1}
- mupdf 1.12.0+ds1-1 (unimportant)
[wheezy] - mupdf <not-affected> (Vulnerable code not present)
NOTE: Although jstest_main.c compiled during build and mujstest is created
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34a9e870f22b8f8739c99a9b7ace0b92945b7997
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34a9e870f22b8f8739c99a9b7ace0b92945b7997
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210923/5eb350c8/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list