[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Sep 6 21:12:45 BST 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f471ae6b by security tracker role at 2023-09-06T20:12:28+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,38 +1,138 @@
-CVE-2023-41947
+CVE-2023-4809 (In pf packet processing with a 'scrub fragment reassemble' rule, a pac ...)
+	TODO: check
+CVE-2023-4634 (The Media Library Assistant plugin for WordPress is vulnerable to Loca ...)
+	TODO: check
+CVE-2023-4623 (A use-after-free vulnerability in the Linux kernel's net/sched: sch_hf ...)
+	TODO: check
+CVE-2023-4622 (A use-after-free vulnerability in the Linux kernel's af_unix component ...)
+	TODO: check
+CVE-2023-4621
+	REJECTED
+CVE-2023-4589 (Insufficient verification of data authenticity vulnerability in Deline ...)
+	TODO: check
+CVE-2023-4588 (File accessibility vulnerability in Delinea Secret Server, in its v10. ...)
+	TODO: check
+CVE-2023-4498 (Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated access ...)
+	TODO: check
+CVE-2023-4244 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...)
+	TODO: check
+CVE-2023-4208 (A use-after-free vulnerability in the Linux kernel's net/sched: cls_u3 ...)
+	TODO: check
+CVE-2023-4207 (A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw ...)
+	TODO: check
+CVE-2023-4206 (A use-after-free vulnerability in the Linux kernel's net/sched: cls_ro ...)
+	TODO: check
+CVE-2023-41601 (Multiple cross-site scripting (XSS) vulnerabilities in install/index.p ...)
+	TODO: check
+CVE-2023-41330 (knplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or PD ...)
+	TODO: check
+CVE-2023-41328 (Frappe is a low code web framework written in Python and Javascript. A ...)
+	TODO: check
+CVE-2023-41319 (Fides is an open-source privacy engineering platform for managing the  ...)
+	TODO: check
+CVE-2023-41150 (F-RevoCRM 7.3 series prior to version7.3.8 contains a cross-site scrip ...)
+	TODO: check
+CVE-2023-41149 (F-RevoCRM version7.3.7 and version7.3.8 contains an OS command injecti ...)
+	TODO: check
+CVE-2023-41050 (AccessControl provides a general security framework for use in Zope. P ...)
+	TODO: check
+CVE-2023-40601 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Estatik  ...)
+	TODO: check
+CVE-2023-40591 (go-ethereum (geth) is a golang execution layer implementation of the E ...)
+	TODO: check
+CVE-2023-40560 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Greg ...)
+	TODO: check
+CVE-2023-40554 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Blog2Soc ...)
+	TODO: check
+CVE-2023-40553 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Plausibl ...)
+	TODO: check
+CVE-2023-40552 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gurc ...)
+	TODO: check
+CVE-2023-40531 (Archer AX6000 firmware versions prior to 'Archer AX6000(JP)_V1_1.3.0 B ...)
+	TODO: check
+CVE-2023-40357 (Multiple TP-LINK products allow a network-adjacent authenticated attac ...)
+	TODO: check
+CVE-2023-40329 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPZe ...)
+	TODO: check
+CVE-2023-40328 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Carr ...)
+	TODO: check
+CVE-2023-40193 (Deco M4 firmware versions prior to 'Deco M4(JP)_V2_1.5.8 Build 2023061 ...)
+	TODO: check
+CVE-2023-40007 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ujwo ...)
+	TODO: check
+CVE-2023-39935 (Archer C5400 firmware versions prior to 'Archer C5400(JP)_V2_230506' a ...)
+	TODO: check
+CVE-2023-39511 (Cacti is an open source operational monitoring and fault management fr ...)
+	TODO: check
+CVE-2023-39265 (Apache Superset would allow for SQLite database connections to be inco ...)
+	TODO: check
+CVE-2023-39264 (By default, stack traces for errors were enabled, which resulted in th ...)
+	TODO: check
+CVE-2023-39224 (Archer C5 firmware all versions and Archer C7 firmware versions prior  ...)
+	TODO: check
+CVE-2023-38588 (Archer C3150 firmware versions prior to 'Archer C3150(JP)_V2_230511' a ...)
+	TODO: check
+CVE-2023-38568 (Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504' allow ...)
+	TODO: check
+CVE-2023-38563 (Archer C1200 firmware versions prior to 'Archer C1200(JP)_V2_230508' a ...)
+	TODO: check
+CVE-2023-38486 (A vulnerability in the secure boot implementation on affectedAruba 920 ...)
+	TODO: check
+CVE-2023-38485 (Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 900 ...)
+	TODO: check
+CVE-2023-38484 (Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 900 ...)
+	TODO: check
+CVE-2023-37941 (If an attacker gains write access to the Apache Superset metadata data ...)
+	TODO: check
+CVE-2023-37284 (Improper authentication vulnerability in Archer C20 firmware versions  ...)
+	TODO: check
+CVE-2023-36489 (Multiple TP-LINK products allow a network-adjacent unauthenticated att ...)
+	TODO: check
+CVE-2023-36388 (Improper REST API permission in Apache Superset up to and including 2. ...)
+	TODO: check
+CVE-2023-36387 (An improper default REST API permission for Gamma users in Apache Supe ...)
+	TODO: check
+CVE-2023-32672 (An Incorrect authorisation check in SQLLab in Apache Superset versions ...)
+	TODO: check
+CVE-2023-32619 (Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and A ...)
+	TODO: check
+CVE-2023-31188 (Multiple TP-LINK products allow a network-adjacent authenticated attac ...)
+	TODO: check
+CVE-2023-41947 (A missing permission check in Jenkins Frugal Testing Plugin 1.1 and ea ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-41946
+CVE-2023-41946 (A cross-site request forgery (CSRF) vulnerability in Jenkins Frugal Te ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-41945
+CVE-2023-41945 (Jenkins Assembla Auth Plugin 1.14 and earlier does not verify that the ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-41944
+CVE-2023-41944 (Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not esca ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-41943
+CVE-2023-41943 (Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perf ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-41942
+CVE-2023-41942 (A cross-site request forgery (CSRF) vulnerability in Jenkins AWS CodeC ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-41941
+CVE-2023-41941 (A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3. ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-41940
+CVE-2023-41940 (Jenkins TAP Plugin 2.3 and earlier does not escape TAP file contents,  ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-41939
+CVE-2023-41939 (Jenkins SSH2 Easy Plugin 1.4 and earlier does not verify that permissi ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-41938
+CVE-2023-41938 (A cross-site request forgery (CSRF) vulnerability in Jenkins Ivy Plugi ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-41937
+CVE-2023-41937 (Jenkins Bitbucket Push and Pull Request Plugin 2.4.0 through 2.8.3 (bo ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-41936
+CVE-2023-41936 (Jenkins Google Login Plugin 1.7 and earlier uses a non-constant time c ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-41935
+CVE-2023-41935 (Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380. ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-41934
+CVE-2023-41934 (Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earli ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-41933
+CVE-2023-41933 (Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earli ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-41932
+CVE-2023-41932 (Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earli ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-41931
+CVE-2023-41931 (Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earli ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-41930
+CVE-2023-41930 (Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earli ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2023-4779 (The User Submitted Posts plugin for WordPress is vulnerable to Stored  ...)
 	NOT-FOR-US: User Submitted Posts plugin for WordPress
@@ -418,12 +518,12 @@ CVE-2023-41164
 	NOTE: https://github.com/django/django/commit/3f41d6d62929dfe53eda8109b3b836f26645bdce (main)
 	NOTE: https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9 (4.2.5)
 	NOTE: https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e (3.2.21)
-CVE-2023-4015 [netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR]
+CVE-2023-4015 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...)
 	- linux 6.4.11-1
 	[bullseye] - linux <not-affected> (Vulnerable code not in a Debian released version)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/0a771f7b266b02d262900c75f1e175c7fe76fec2 (6.5-rc4)
-CVE-2023-3777 [netfilter: nf_tables: skip bound chain on rule flush]
+CVE-2023-3777 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...)
 	- linux 6.4.11-1
 	[bullseye] - linux 5.10.191-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
@@ -1276,7 +1376,7 @@ CVE-2023-39616 (AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid re
 	NOTE: Testcase: https://aomedia.googlesource.com/aom/+/d90659acbb1487949195006d46c4582c62f1b90f (3.7.0_rc2)
 	NOTE: For Debian this was initially fixed in Debian unstable with 3.7.0~rc3-1 but reverted with the
 	NOTE: 3.7.0~really3.6.1-1 upload re-introducing the issue.
-CVE-2023-39615 (Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer over ...)
+CVE-2023-39615 (Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds rea ...)
 	- libxml2 <unfixed> (bug #1051230)
 	[bookworm] - libxml2 <no-dsa> (Minor issue)
 	[bullseye] - libxml2 <no-dsa> (Minor issue)
@@ -27144,14 +27244,14 @@ CVE-2023-27530 (A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4
 	NOTE: https://github.com/rack/rack/commit/9aac3757fe19cdb0476504c9245170115bec9668 (v2.2.6.3)
 	NOTE: https://github.com/rack/rack/commit/b632718265fa5ffa547b060331341a1e216b4ffa (v2.1.4.3)
 	NOTE: https://github.com/rack/rack/commit/5f6e2fcbbdbff2dfaa21baa693e9d23d12ac1459 (v2.0.9.3)
-CVE-2023-27526
-	RESERVED
+CVE-2023-27526 (A non Admin authenticated user could incorrectly create resources usin ...)
+	TODO: check
 CVE-2023-27525 (An authenticated user with Gamma role authorization could have access  ...)
 	NOT-FOR-US: Apache Superset
 CVE-2023-27524 (Session Validation attacks in Apache Superset versions up to and inclu ...)
 	NOT-FOR-US: Apache Superset
-CVE-2023-27523
-	RESERVED
+CVE-2023-27523 (Improper data authorization check on Jinja templated queries in Apache ...)
+	TODO: check
 CVE-2023-27522 (HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_pr ...)
 	{DSA-5376-1 DLA-3401-1}
 	- apache2 2.4.56-1 (bug #1032476)
@@ -27514,7 +27614,7 @@ CVE-2023-1116 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/
 	NOT-FOR-US: pimcore
 CVE-2023-1115 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
 	NOT-FOR-US: pimcore
-CVE-2023-1114 (Improper Input Validation, Missing Authorization vulnerability in Esko ...)
+CVE-2023-1114 (Missing Authorization vulnerability in Eskom e-Belediye allows Informa ...)
 	NOT-FOR-US: Eskom Bilgisayar e-Belediye
 CVE-2023-1113 (A vulnerability was found in SourceCodester Simple Payroll System 1.0. ...)
 	NOT-FOR-US: SourceCodester Simple Payroll System
@@ -30883,8 +30983,8 @@ CVE-2023-26102 (All versions of the package rangy are vulnerable to Prototype Po
 	NOT-FOR-US: Node rangy
 CVE-2023-0926
 	RESERVED
-CVE-2023-0925
-	RESERVED
+CVE-2023-0925 (Version 10.11 of webMethods OneData runs an embedded instance of Azul  ...)
+	TODO: check
 CVE-2023-0924 (The ZYREX POPUP WordPress plugin through 1.0 does not validate the typ ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0923
@@ -56495,7 +56595,7 @@ CVE-2023-20902
 	RESERVED
 CVE-2023-20901
 	RESERVED
-CVE-2023-20900 (VMware Tools contains a SAML token signature bypass vulnerability.A ma ...)
+CVE-2023-20900 (A malicious actor that has been granted  Guest Operation Privileges ht ...)
 	- open-vm-tools 2:12.3.0-1 (bug #1050970)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/08/31/1
 	NOTE: https://github.com/vmware/open-vm-tools/blob/CVE-2023-20900.patch/CVE-2023-20900.patch
@@ -59332,8 +59432,8 @@ CVE-2023-20271
 	RESERVED
 CVE-2023-20270
 	RESERVED
-CVE-2023-20269
-	RESERVED
+CVE-2023-20269 (A vulnerability in the remote access VPN feature of Cisco Adaptive Sec ...)
+	TODO: check
 CVE-2023-20268
 	RESERVED
 CVE-2023-20267
@@ -59344,8 +59444,8 @@ CVE-2023-20265
 	RESERVED
 CVE-2023-20264
 	RESERVED
-CVE-2023-20263
-	RESERVED
+CVE-2023-20263 (A vulnerability in the web-based management interface of Cisco HyperFl ...)
+	TODO: check
 CVE-2023-20262
 	RESERVED
 CVE-2023-20261
@@ -59370,8 +59470,8 @@ CVE-2023-20252
 	RESERVED
 CVE-2023-20251
 	RESERVED
-CVE-2023-20250
-	RESERVED
+CVE-2023-20250 (A vulnerability in the web-based management interface of Cisco Small B ...)
+	TODO: check
 CVE-2023-20249
 	RESERVED
 CVE-2023-20248
@@ -59384,8 +59484,8 @@ CVE-2023-20245
 	RESERVED
 CVE-2023-20244
 	RESERVED
-CVE-2023-20243
-	RESERVED
+CVE-2023-20243 (A vulnerability in the RADIUS message processing feature of Cisco Iden ...)
+	TODO: check
 CVE-2023-20242 (A vulnerability in the web-based management interface of Cisco Unified ...)
 	NOT-FOR-US: Cisco
 CVE-2023-20241
@@ -59394,8 +59494,8 @@ CVE-2023-20240
 	RESERVED
 CVE-2023-20239
 	RESERVED
-CVE-2023-20238
-	RESERVED
+CVE-2023-20238 (A vulnerability in the single sign-on (SSO) implementation of Cisco Br ...)
+	TODO: check
 CVE-2023-20237 (A vulnerability in Cisco Intersight Virtual Appliance could allow an u ...)
 	NOT-FOR-US: Cisco
 CVE-2023-20236
@@ -145474,8 +145574,8 @@ CVE-2021-39861 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.00
 	NOT-FOR-US: Adobe
 CVE-2021-39860 (Acrobat Pro DC versions 2021.005.20060 (and earlier), 2020.004.30006 ( ...)
 	NOT-FOR-US: Adobe
-CVE-2021-39859
-	RESERVED
+CVE-2021-39859 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+	TODO: check
 CVE-2021-39858 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
 	NOT-FOR-US: Adobe
 CVE-2021-39857 (Adobe Acrobat Reader DC add-on for Internet Explorer versions 2021.005 ...)
@@ -153674,8 +153774,8 @@ CVE-2021-36647 (Use of a Broken or Risky Cryptographic Algorithm in the function
 	[bullseye] - mbedtls <no-dsa> (Minor issue)
 	[buster] - mbedtls <no-dsa> (Minor issue)
 	NOTE: https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/mbedtls-security-advisory-2021-07-1/
-CVE-2021-36646
-	RESERVED
+CVE-2021-36646 (A Cross Site Scrtpting (XSS) vulnerability in KodExplorer 4.45 allows  ...)
+	TODO: check
 CVE-2021-36645
 	RESERVED
 CVE-2021-36644
@@ -155168,8 +155268,8 @@ CVE-2021-36062 (Adobe Connect version 11.2.2 (and earlier) is affected by a Refl
 	NOT-FOR-US: Adobe
 CVE-2021-36061 (Adobe Connect version 11.2.2 (and earlier) is affected by a secure des ...)
 	NOT-FOR-US: Adobe
-CVE-2021-36060
-	RESERVED
+CVE-2021-36060 (Adobe Media Encoder version 15.2 (and earlier) is affected by an out-o ...)
+	TODO: check
 CVE-2021-36059 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...)
 	NOT-FOR-US: Adobe
 CVE-2021-36058 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Integer ...)
@@ -155281,8 +155381,8 @@ CVE-2021-36038 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and ear
 	NOT-FOR-US: Magento
 CVE-2021-36037 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier)  ...)
 	NOT-FOR-US: Magento
-CVE-2021-36036
-	RESERVED
+CVE-2021-36036 (Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 ...)
+	TODO: check
 CVE-2021-36035 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier)  ...)
 	NOT-FOR-US: Magento
 CVE-2021-36034 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier)  ...)
@@ -155307,12 +155407,12 @@ CVE-2021-36025 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and ear
 	NOT-FOR-US: Magento
 CVE-2021-36024 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier)  ...)
 	NOT-FOR-US: Magento
-CVE-2021-36023
-	RESERVED
+CVE-2021-36023 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier)  ...)
+	TODO: check
 CVE-2021-36022 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier)  ...)
 	NOT-FOR-US: Magento
-CVE-2021-36021
-	RESERVED
+CVE-2021-36021 (Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 ...)
+	TODO: check
 CVE-2021-36020 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier)  ...)
 	NOT-FOR-US: Magento
 CVE-2021-36019 (Adobe After Effects version 18.2.1 (and earlier) is affected by an Out ...)
@@ -155393,8 +155493,8 @@ CVE-2021-35982 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.00
 	NOT-FOR-US: Adobe
 CVE-2021-35981 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
 	NOT-FOR-US: Adobe
-CVE-2021-35980
-	RESERVED
+CVE-2021-35980 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+	TODO: check
 CVE-2021-35979 (An issue was discovered in Digi RealPort through 4.8.488.0. The 'encry ...)
 	NOT-FOR-US: Digi RealPort
 CVE-2021-35978 (An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ...)
@@ -174488,8 +174588,8 @@ CVE-2021-3445 (A flaw was found in libdnf's signature verification functionality
 	- libdnf 0.55.2-6 (bug #986802)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1932079
 	NOTE: https://github.com/rpm-software-management/libdnf/commit/930f2582f91077b3f338b84cf9567559d52713de
-CVE-2021-28644
-	RESERVED
+CVE-2021-28644 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+	TODO: check
 CVE-2021-28643 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
 	NOT-FOR-US: Adobe
 CVE-2021-28642 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
@@ -194586,8 +194686,8 @@ CVE-2021-21090 (Adobe InCopy version 16.0 (and earlier) is affected by an path t
 	NOT-FOR-US: Adobe
 CVE-2021-21089 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
 	NOT-FOR-US: Acrobat
-CVE-2021-21088
-	RESERVED
+CVE-2021-21088 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+	TODO: check
 CVE-2021-21087 (Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 1 ...)
 	NOT-FOR-US: Adobe
 CVE-2021-21086 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
@@ -252478,14 +252578,14 @@ CVE-2020-10134 (Pairing in Bluetooth\xae Core v5.2 and earlier may permit an una
 	NOTE: Bluetooth protocol issue
 CVE-2020-10133
 	RESERVED
-CVE-2020-10132
-	RESERVED
-CVE-2020-10131
-	RESERVED
-CVE-2020-10130
-	RESERVED
-CVE-2020-10129
-	RESERVED
+CVE-2020-10132 (SearchBlox before Version 9.1 is vulnerable to cross-origin resource s ...)
+	TODO: check
+CVE-2020-10131 (SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection i ...)
+	TODO: check
+CVE-2020-10130 (SearchBlox before Version 9.1 is vulnerable to business logic bypass w ...)
+	TODO: check
+CVE-2020-10129 (SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation ...)
+	TODO: check
 CVE-2020-10128 (SearchBlox product with version before 9.2.1 is vulnerable to stored c ...)
 	TODO: check
 CVE-2020-10127



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f471ae6bee250a0033be3fdc67d7154835b0df37

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f471ae6bee250a0033be3fdc67d7154835b0df37
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230906/354ac41b/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list