Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bf72822b by security tracker role at 2021-06-01T20:10:38+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2021-3573
+ RESERVED
+CVE-2021-33795
+ RESERVED
+CVE-2021-33794
+ RESERVED
+CVE-2021-33793
+ RESERVED
+CVE-2021-33792
+ RESERVED
CVE-2021-3572
RESERVED
CVE-2021-33791
@@ -1384,16 +1394,16 @@ CVE-2021-33186
RESERVED
CVE-2021-33185
RESERVED
-CVE-2021-33184
- RESERVED
-CVE-2021-33183
- RESERVED
-CVE-2021-33182
- RESERVED
-CVE-2021-33181
- RESERVED
-CVE-2021-33180
- RESERVED
+CVE-2021-33184 (Server-Side request forgery (SSRF) vulnerability in task
management co ...)
+ TODO: check
+CVE-2021-33183 (Improper limitation of a pathname to a restricted directory
('Path Tra ...)
+ TODO: check
+CVE-2021-33182 (Improper limitation of a pathname to a restricted directory
('Path Tra ...)
+ TODO: check
+CVE-2021-33181 (Server-Side Request Forgery (SSRF) vulnerability in webapi
component i ...)
+ TODO: check
+CVE-2021-33180 (Improper neutralization of special elements used in an SQL
command ('S ...)
+ TODO: check
CVE-2021-33179
RESERVED
CVE-2021-33178
@@ -1930,8 +1940,8 @@ CVE-2021-3550
RESERVED
CVE-2021-32925 (admin/user_import.php in Chamilo 1.11.14 reads XML data
without disabl ...)
NOT-FOR-US: Chamilo
-CVE-2021-32924
- RESERVED
+CVE-2021-32924 (Invision Community (aka IPS Community Suite) before 4.6.0
allows eval- ...)
+ TODO: check
CVE-2021-32923
RESERVED
CVE-2021-32922
@@ -2505,10 +2515,10 @@ CVE-2021-32654
RESERVED
CVE-2021-32653
RESERVED
-CVE-2021-32652
- RESERVED
-CVE-2021-32651
- RESERVED
+CVE-2021-32652 (Nextcloud Mail is a mail app for the Nextcloud platform. A
missing per ...)
+ TODO: check
+CVE-2021-32651 (OneDev is a development operations platform. If the LDAP
external auth ...)
+ TODO: check
CVE-2021-32650
RESERVED
CVE-2021-32649
@@ -2724,8 +2734,7 @@ CVE-2021-3548 (A flaw was found in dmg2img through
20170502. dmg2img did not val
- dmg2img <unfixed> (unimportant)
NOTE: https://github.com/Lekensteyn/dmg2img/issues/9
NOTE: Crash in CLI tool, no security impact
-CVE-2021-3543 [nitro_enclaves stale file descriptors on failed usercopy]
- RESERVED
+CVE-2021-3543 (A flaw null pointer dereference in the Nitro Enclaves kernel
driver wa ...)
- linux 5.10.38-1 (unimportant)
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -4008,8 +4017,7 @@ CVE-2021-32028
- postgresql-9.6 <removed>
NOTE:
https://www.postgresql.org/about/news/postgresql-133-127-1112-1017-and-9622-released-2210/
NOTE:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=4a8656a7ee0c155b0249376af58eb3fc3a90415f
(REL_13_3)
-CVE-2021-32027
- RESERVED
+CVE-2021-32027 (A flaw was found in postgresql in versions before 13.3, before
12.7, b ...)
{DSA-4915-1 DLA-2662-1}
- postgresql-13 13.3-1
- postgresql-11 <removed>
@@ -4564,15 +4572,13 @@ CVE-2021-3517 (There is a flaw in the xml entity
encoding functionality of libxm
[buster] - libxml2 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/235
NOTE:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2
-CVE-2021-3516 [use-after-free in xmlEncodeEntitiesInternal() in entities.c]
- RESERVED
+CVE-2021-3516 (There's a flaw in libxml2's xmllint in versions before 2.9.11.
An atta ...)
{DLA-2653-1}
- libxml2 2.9.10+dfsg-6.6 (bug #987739)
[buster] - libxml2 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/230
NOTE:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/1358d157d0bd83be1dfe356a69213df9fac0b539
-CVE-2021-3515
- RESERVED
+CVE-2021-3515 (A shell injection flaw was found in pglogical in versions
before 2.3.4 ...)
- pglogical 2.3.3-3 (bug #988735)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1954112
NOTE:
https://github.com/2ndQuadrant/pglogical/commit/95c0e8981485e09efab6821cf55a4e27b086efe5
@@ -4685,6 +4691,7 @@ CVE-2021-31810
CVE-2021-31809
RESERVED
CVE-2021-31808 (An issue was discovered in Squid before 4.15 and 5.x before
5.0.6. Due ...)
+ {DSA-4924-1}
- squid 4.13-10 (bug #989043)
- squid3 <removed>
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1185916
@@ -4692,12 +4699,14 @@ CVE-2021-31808 (An issue was discovered in Squid before
4.15 and 5.x before 5.0.
NOTE:
http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch
CVE-2021-31807
RESERVED
+ {DSA-4924-1}
- squid 4.13-10 (bug #989043)
- squid3 <removed>
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1185916
NOTE:
https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf
NOTE:
http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch
CVE-2021-31806 (An issue was discovered in Squid before 4.15 and 5.x before
5.0.6. Due ...)
+ {DSA-4924-1}
- squid 4.13-10 (bug #989043)
- squid3 <removed>
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1185916
@@ -5052,12 +5061,12 @@ CVE-2021-31645
RESERVED
CVE-2021-31644
RESERVED
-CVE-2021-31643
- RESERVED
-CVE-2021-31642
- RESERVED
-CVE-2021-31641
- RESERVED
+CVE-2021-31643 (An XSS vulnerability exists in several IoT devices from CHIYU
Technolo ...)
+ TODO: check
+CVE-2021-31642 (A denial of service condition exists after an integer overflow
in seve ...)
+ TODO: check
+CVE-2021-31641 (An unauthenticated XSS vulnerability exists in several IoT
devices fro ...)
+ TODO: check
CVE-2021-31640
RESERVED
CVE-2021-31639
@@ -7660,8 +7669,7 @@ CVE-2021-30503 (The unofficial GLSL Linting extension
before 1.4.0 for Visual St
NOT-FOR-US: GLSL Linting extension for Visual Studio Code
CVE-2021-30502 (The unofficial vscode-ghc-simple (aka Simple Glasgow Haskell
Compiler) ...)
NOT-FOR-US: vscode-ghc-simple extension for Visual Studio Code
-CVE-2021-3495
- RESERVED
+CVE-2021-3495 (An incorrect access control flaw was found in the
kiali-operator in ve ...)
NOT-FOR-US: kiali-operator
CVE-2021-3494 (A smart proxy that provides a restful API to various
sub-systems of th ...)
- foreman <itp> (bug #663101)
@@ -9501,8 +9509,8 @@ CVE-2021-29742
RESERVED
CVE-2021-29741
RESERVED
-CVE-2021-29740
- RESERVED
+CVE-2021-29740 (IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through
5.1.0.3 sys ...)
+ TODO: check
CVE-2021-29739
RESERVED
CVE-2021-29738
@@ -11128,16 +11136,16 @@ CVE-2021-29093 (A use-after-free vulnerability when
parsing a specially crafted
CVE-2021-3461
RESERVED
NOT-FOR-US: Keycloak
-CVE-2021-29092
- RESERVED
+CVE-2021-29092 (Unrestricted upload of file with dangerous type vulnerability
in file ...)
+ TODO: check
CVE-2021-29091
RESERVED
CVE-2021-29090
RESERVED
CVE-2021-29089
RESERVED
-CVE-2021-29088
- RESERVED
+CVE-2021-29088 (Improper limitation of a pathname to a restricted directory
('Path Tra ...)
+ TODO: check
CVE-2021-29087
RESERVED
CVE-2021-29086
@@ -12122,6 +12130,7 @@ CVE-2021-28664 (The Arm Mali GPU kernel driver allows
privilege escalation or a
CVE-2021-28663 (The Arm Mali GPU kernel driver allows privilege escalation or
informat ...)
NOT-FOR-US: ARM components for Android
CVE-2021-28662 (An issue was discovered in Squid 4.x before 4.15 and 5.x
before 5.0.6. ...)
+ {DSA-4924-1}
- squid 4.13-10 (bug #988891)
NOTE:
https://github.com/squid-cache/squid/security/advisories/GHSA-jjq6-mh2h-g39h
NOTE:
http://www.squid-cache.org/Versions/v4/changesets/squid-4-b1c37c9e7b30d0efb5e5ccf8200f2a646b9c36f8.patch
@@ -12173,11 +12182,13 @@ CVE-2021-28654
CVE-2021-28653 (The iOS and macOS apps before 1.4.1 for the Western Digital
G-Technolo ...)
NOT-FOR-US: iOS and macOS apps for the Western Digital G-Technology
ArmorLock NVMe SSD
CVE-2021-28652 (An issue was discovered in Squid before 4.15 and 5.x before
5.0.6. Due ...)
+ {DSA-4924-1}
- squid 4.13-10 (bug #988892)
- squid3 <removed>
NOTE:
https://github.com/squid-cache/squid/security/advisories/GHSA-m47m-9hvw-7447
NOTE:
http://www.squid-cache.org/Versions/v4/changesets/squid-4-0003e3518dc95e4b5ab46b5140af79b22253048e.patch
CVE-2021-28651 (An issue was discovered in Squid before 4.15 and 5.x before
5.0.6. Due ...)
+ {DSA-4924-1}
- squid 4.13-10 (bug #988893)
- squid3 <removed>
NOTE:
https://github.com/squid-cache/squid/security/advisories/GHSA-ch36-9jhx-phm4
@@ -13474,8 +13485,7 @@ CVE-2021-3426 (There's a flaw in Python 3's pydoc. A
local or adjacent attacker
NOTE: https://github.com/python/cpython/pull/24337
NOTE: https://github.com/python/cpython/pull/24285
TODO: check, upload of pypy/7.3.5+dfsg-1 to experimental claims this
affects src:pypy
-CVE-2021-3425
- RESERVED
+CVE-2021-3425 (A flaw was found in the AMQ Broker that discloses JDBC
encrypted usern ...)
NOT-FOR-US: Red Hat AMQ Broker
CVE-2021-28108
RESERVED
@@ -13551,8 +13561,7 @@ CVE-2021-28093
RESERVED
CVE-2021-28092 (The is-svg package 2.1.0 through 4.2.1 for Node.js uses a
regular expr ...)
NOT-FOR-US: Node is-svg
-CVE-2021-3424
- RESERVED
+CVE-2021-3424 (A flaw was found in keycloak as shipped in Red Hat Single
Sign-On 7.4 ...)
NOT-FOR-US: Keycloak
CVE-2021-28091 [XML signature wrapping vulnerability when parsing SAML
responses]
RESERVED
@@ -14187,8 +14196,8 @@ CVE-2021-27830
RESERVED
CVE-2021-27829
RESERVED
-CVE-2021-27828
- RESERVED
+CVE-2021-27828 (SQL injection in In4Suite ERP 3.2.74.1370 allows attackers to
modify o ...)
+ TODO: check
CVE-2021-27827
RESERVED
CVE-2021-27826
@@ -15127,8 +15136,7 @@ CVE-2019-25020 (An issue was discovered in Scytl sVote
2.1. Because the sdm-ws-r
NOT-FOR-US: Scytl sVote
CVE-2021-3413 (A flaw was found in Red Hat Satellite in
tfm-rubygem-foreman_azure_rm ...)
NOT-FOR-US: Red Hat Satellite
-CVE-2021-3412
- RESERVED
+CVE-2021-3412 (It was found that all versions of 3Scale developer portal
lacked brute ...)
NOT-FOR-US: Red Hat 3scale API Management
CVE-2021-27399
RESERVED
@@ -18660,8 +18668,8 @@ CVE-2021-25934 (In OpenNMS Horizon, versions
opennms-18.0.0-1 through opennms-27
NOT-FOR-US: OpenNMS
CVE-2021-25933 (In OpenNMS Horizon, versions opennms-1-0-stable through
opennms-27.1.0 ...)
NOT-FOR-US: OpenNMS
-CVE-2021-25932
- RESERVED
+CVE-2021-25932 (In OpenNMS Horizon, versions opennms-1-0-stable through
opennms-27.1.0 ...)
+ TODO: check
CVE-2021-25931 (In OpenNMS Horizon, versions opennms-1-0-stable through
opennms-27.1.0 ...)
NOT-FOR-US: OpenNMS
CVE-2021-25930 (In OpenNMS Horizon, versions opennms-1-0-stable through
opennms-27.1.0 ...)
@@ -22406,22 +22414,22 @@ CVE-2021-24337
RESERVED
CVE-2021-24336
RESERVED
-CVE-2021-24335
- RESERVED
-CVE-2021-24334
- RESERVED
-CVE-2021-24333
- RESERVED
+CVE-2021-24335 (The Car Repair Services & Auto Mechanic WordPress theme
before 4.0 ...)
+ TODO: check
+CVE-2021-24334 (The Instant Images – One Click Unsplash Uploads
WordPress plugin ...)
+ TODO: check
+CVE-2021-24333 (The Content Copy Protection & Prevent Image Save WordPress
plugin ...)
+ TODO: check
CVE-2021-24332 (The Autoptimize WordPress plugin before 2.8.4 was missing
proper escap ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24331
- RESERVED
-CVE-2021-24330
- RESERVED
-CVE-2021-24329
- RESERVED
-CVE-2021-24328
- RESERVED
+CVE-2021-24331 (The Smooth Scroll Page Up/Down Buttons WordPress plugin before
1.4 did ...)
+ TODO: check
+CVE-2021-24330 (The Funnel Builder by CartFlows – Create High Converting
Sales F ...)
+ TODO: check
+CVE-2021-24329 (The WP Super Cache WordPress plugin before 1.7.3 did not
properly sani ...)
+ TODO: check
+CVE-2021-24328 (The WP Login Security and History WordPress plugin through 1.0
did not ...)
+ TODO: check
CVE-2021-24327 (The SEO Redirection Plugin – 301 Redirect Manager
WordPress plug ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24326 (The tab parameter of the settings page of the All 404 Redirect
to Home ...)
@@ -22432,34 +22440,34 @@ CVE-2021-24324 (The 404 SEO Redirection WordPress
plugin through 1.3 is lacking
NOT-FOR-US: WordPress plugin
CVE-2021-24323 (When taxes are enabled, the "Additional tax classes" field was
not pro ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24322
- RESERVED
-CVE-2021-24321
- RESERVED
-CVE-2021-24320
- RESERVED
-CVE-2021-24319
- RESERVED
-CVE-2021-24318
- RESERVED
-CVE-2021-24317
- RESERVED
-CVE-2021-24316
- RESERVED
+CVE-2021-24322 (The Database Backup for WordPress plugin before 2.4 did not
escape the ...)
+ TODO: check
+CVE-2021-24321 (The Bello - Directory & Listing WordPress theme before
1.6.0 did n ...)
+ TODO: check
+CVE-2021-24320 (The Bello - Directory & Listing WordPress theme before
1.6.0 did n ...)
+ TODO: check
+CVE-2021-24319 (The Bello - Directory & Listing WordPress theme before
1.6.0 did n ...)
+ TODO: check
+CVE-2021-24318 (The Listeo WordPress theme before 1.6.11 did not ensure that
the Post/ ...)
+ TODO: check
+CVE-2021-24317 (The Listeo WordPress theme before 1.6.11 did not properly
sanitise som ...)
+ TODO: check
+CVE-2021-24316 (The search feature of the Mediumish WordPress theme through
1.0.47 doe ...)
+ TODO: check
CVE-2021-24315 (The GiveWP – Donation Plugin and Fundraising Platform
WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24314 (The Goto WordPress theme before 2.1 did not sanitise, validate
of esca ...)
NOT-FOR-US: WordPress theme
-CVE-2021-24313
- RESERVED
-CVE-2021-24312
- RESERVED
-CVE-2021-24311
- RESERVED
-CVE-2021-24310
- RESERVED
-CVE-2021-24309
- RESERVED
+CVE-2021-24313 (The WP Prayer WordPress plugin before 1.6.2 provides the
functionality ...)
+ TODO: check
+CVE-2021-24312 (The parameters $cache_path, $wp_cache_debug_ip,
$wp_super_cache_front_ ...)
+ TODO: check
+CVE-2021-24311 (The wp_ajax_upload-remote-file AJAX action of the External
Media WordP ...)
+ TODO: check
+CVE-2021-24310 (The Photo Gallery by 10Web - Mobile-Friendly Image Gallery
WordPress p ...)
+ TODO: check
+CVE-2021-24309 (The "Schedule Name" input in the Weekly Schedule WordPress
plugin befo ...)
+ TODO: check
CVE-2021-24308 (The 'State' field of the Edit profile page of the LMS by
LifterLMS  ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24307 (The All in One SEO – Best WordPress SEO Plugin –
Easily Im ...)
@@ -25368,16 +25376,15 @@ CVE-2021-23023
RESERVED
CVE-2021-23022
RESERVED
-CVE-2021-23021
- RESERVED
-CVE-2021-23020
- RESERVED
-CVE-2021-23019
- RESERVED
-CVE-2021-23018
- RESERVED
-CVE-2021-23017
- RESERVED
+CVE-2021-23021 (The Nginx Controller 3.x before 3.7.0 agent configuration file
/etc/co ...)
+ TODO: check
+CVE-2021-23020 (The NAAS 3.x before 3.10.0 API keys were generated using an
insecure p ...)
+ TODO: check
+CVE-2021-23019 (The NGINX Controller 2.0.0 thru 2.9.0 and 3.x before 3.15.0
Administra ...)
+ TODO: check
+CVE-2021-23018 (Intra-cluster communication does not use TLS. The services
within the ...)
+ TODO: check
+CVE-2021-23017 (A security issue in nginx resolver was identified, which might
allow a ...)
{DSA-4921-1 DLA-2670-1}
- nginx 1.18.0-6.1 (bug #989095)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/25/5
@@ -32983,8 +32990,7 @@ CVE-2021-20307 (Format string vulnerability in
panoFileOutputNamesCreate() in li
- libpano13 2.9.20~rc3+dfsg-1 (bug #985249)
[buster] - libpano13 2.9.19+dfsg-3+deb10u1
NOTE:
https://sourceforge.net/projects/panotools/files/libpano13/libpano13-2.9.20/
-CVE-2021-20306
- RESERVED
+CVE-2021-20306 (A flaw was found in the BPMN editor in version jBPM
7.51.0.Final. Any ...)
NOT-FOR-US: Red Hat Business Central
CVE-2021-20305 (A flaw was found in Nettle in versions before 3.7.2, where
several Net ...)
- nettle 3.7.2-1 (bug #985652)
@@ -40590,7 +40596,7 @@ CVE-2021-1076 (NVIDIA GPU Display Driver for Windows
and Linux, all versions, co
- nvidia-graphics-drivers-tesla-460 460.73.01-1 (bug #987222)
CVE-2021-1075 (NVIDIA Windows GPU Display Driver for Windows, all versions,
contains ...)
NOT-FOR-US: NVIDIA Windows GPU Display Driver for Windows
-CVE-2021-1074 (NVIDIA Windows GPU Display Driver for Windows, R390 driver
branch, con ...)
+CVE-2021-1074 (NVIDIA GPU Display Driver for Windows installer contains a
vulnerabili ...)
NOT-FOR-US: NVIDIA Windows GPU Display Driver for Windows
CVE-2021-1073
RESERVED
@@ -44541,8 +44547,7 @@ CVE-2020-27749 (A flaw was found in grub2 in versions
prior to 2.06. Variable na
{DSA-4867-1}
- grub2 2.04-16
[stretch] - grub2 <ignored> (No SecureBoot support in stretch)
-CVE-2020-27748 [local file inclusion vulnerability]
- RESERVED
+CVE-2020-27748 (A flaw was found in the xdg-email component of
xdg-utils-1.1.0-rc1 and ...)
- xdg-utils <unfixed> (bug #975370)
[bullseye] - xdg-utils <postponed> (Minor issue; regression potential;
revisit when fixed upstream)
[buster] - xdg-utils <postponed> (Minor issue; regression potential;
revisit when fixed upstream)
@@ -45786,8 +45791,8 @@ CVE-2020-27379
RESERVED
CVE-2020-27378
RESERVED
-CVE-2020-27377
- RESERVED
+CVE-2020-27377 (A cross-site scripting (XSS) vulnerability was discovered in
the Admin ...)
+ TODO: check
CVE-2020-27376
RESERVED
CVE-2020-27375
@@ -47354,8 +47359,8 @@ CVE-2020-26695
RESERVED
CVE-2020-26694
RESERVED
-CVE-2020-26693
- RESERVED
+CVE-2020-26693 (A stored cross-site scripting (XSS) vulnerability was
discovered in pf ...)
+ TODO: check
CVE-2020-26692
RESERVED
CVE-2020-26691
@@ -47404,12 +47409,12 @@ CVE-2020-26672 (Testimonial Rotator Wordpress Plugin
3.0.2 is affected by Cross
NOT-FOR-US: Testimonial Rotator Wordpress Plugin
CVE-2020-26671
RESERVED
-CVE-2020-26670
- RESERVED
-CVE-2020-26669
- RESERVED
-CVE-2020-26668
- RESERVED
+CVE-2020-26670 (A vulnerability has been discovered in BigTree CMS 4.4.10 and
earlier ...)
+ TODO: check
+CVE-2020-26669 (A stored cross-site scripting (XSS) vulnerability was
discovered in Bi ...)
+ TODO: check
+CVE-2020-26668 (A SQL injection vulnerability was discovered in
/core/feeds/custom.php ...)
+ TODO: check
CVE-2020-26667
RESERVED
CVE-2020-26666
@@ -57730,11 +57735,11 @@ CVE-2020-22038
RESERVED
CVE-2020-22037
RESERVED
-CVE-2020-22036
- RESERVED
-CVE-2020-22035
- RESERVED
-CVE-2020-22034 (A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2
atlibavfi ...)
+CVE-2020-22036 (A heap-based Buffer Overflow vulnerability exists in FFmpeg
4.2 in fil ...)
+ TODO: check
+CVE-2020-22035 (A heap-based Buffer Overflow vulnerability exists in FFmpeg
4.2 in get ...)
+ TODO: check
+CVE-2020-22034 (A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2
at libavf ...)
- ffmpeg 7:4.3-2
[buster] - ffmpeg <postponed> (Wait for 4.1.7)
NOTE: https://trac.ffmpeg.org/ticket/8236
@@ -66832,8 +66837,8 @@ CVE-2020-17543
RESERVED
CVE-2020-17542 (Cross Site Scripting (XSS) in dotCMS v5.1.5 allows remote
attackers to ...)
NOT-FOR-US: dotCMS
-CVE-2020-17541
- RESERVED
+CVE-2020-17541 (Libjpeg-turbo all version have a stack-based buffer overflow
in the "t ...)
+ TODO: check
CVE-2020-17540
RESERVED
CVE-2020-17539
@@ -109398,8 +109403,8 @@ CVE-2020-1922
RESERVED
CVE-2020-1921 (In the crypt function, we attempt to null terminate a buffer
using the ...)
- hhvm <removed>
-CVE-2020-1920
- RESERVED
+CVE-2020-1920 (A regular expression denial of service (ReDoS) vulnerability in
the va ...)
+ TODO: check
CVE-2020-1919 (Incorrect bounds calculations in substr_compare could lead to
an out-o ...)
- hhvm <removed>
CVE-2020-1918 (In-memory file operations (ie: using fopen on a data URI) did
not prop ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf72822b2a68b093b61f621ebc4d60b5090bd4ab
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf72822b2a68b093b61f621ebc4d60b5090bd4ab
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
