Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bda8de7f by security tracker role at 2021-06-28T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,31 @@
+CVE-2021-3624
+ RESERVED
+CVE-2021-3623
+ RESERVED
+CVE-2021-35525 (PostSRSd before 1.11 allows a denial of service (subprocess
hang) if P ...)
+ TODO: check
+CVE-2021-35524
+ RESERVED
+CVE-2021-35523 (Securepoint SSL VPN Client v2 before 2.0.32 on Windows has
unsafe conf ...)
+ TODO: check
+CVE-2021-35522
+ RESERVED
+CVE-2021-35521
+ RESERVED
+CVE-2021-35520
+ RESERVED
+CVE-2021-35519
+ RESERVED
+CVE-2021-35518
+ RESERVED
CVE-2021-35517
RESERVED
CVE-2021-35516
RESERVED
CVE-2021-35515
RESERVED
-CVE-2021-35514
- RESERVED
+CVE-2021-35514 (Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection
via the t ...)
+ TODO: check
CVE-2021-35513 (Mermaid before 8.11.0 allows XSS when the antiscript feature
is used. ...)
- node-mermaid <unfixed>
NOTE: https://github.com/mermaid-js/mermaid/issues/2122
@@ -148,8 +168,8 @@ CVE-2021-35458
RESERVED
CVE-2021-35457
RESERVED
-CVE-2021-35456
- RESERVED
+CVE-2021-35456 (Online Pet Shop We App 1.0 is vulnerable to remote SQL
injection and s ...)
+ TODO: check
CVE-2021-35455
RESERVED
CVE-2021-35454
@@ -455,18 +475,18 @@ CVE-2021-35305
RESERVED
CVE-2021-35304
RESERVED
-CVE-2021-35303
- RESERVED
-CVE-2021-35302
- RESERVED
-CVE-2021-35301
- RESERVED
-CVE-2021-35300
- RESERVED
-CVE-2021-35299
- RESERVED
-CVE-2021-35298
- RESERVED
+CVE-2021-35303 (Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows
remote a ...)
+ TODO: check
+CVE-2021-35302 (Incorrect Access Control for linked Tickets in Zammad 1.0.x up
to 4.0. ...)
+ TODO: check
+CVE-2021-35301 (Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows
remote att ...)
+ TODO: check
+CVE-2021-35300 (Text injection/Content Spoofing in 404 page in Zammad 1.0.x up
to 4.0. ...)
+ TODO: check
+CVE-2021-35299 (Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows
attackers ...)
+ TODO: check
+CVE-2021-35298 (Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows
remote a ...)
+ TODO: check
CVE-2021-35297
RESERVED
CVE-2021-35296
@@ -2782,8 +2802,8 @@ CVE-2021-34256
RESERVED
CVE-2021-34255
RESERVED
-CVE-2021-34254
- RESERVED
+CVE-2021-34254 (Umbraco CMS before 7.15.7 is vulnerable to Open Redirection
due to ins ...)
+ TODO: check
CVE-2021-34253
RESERVED
CVE-2021-34252
@@ -2916,8 +2936,8 @@ CVE-2021-34189
RESERVED
CVE-2021-34188
RESERVED
-CVE-2021-34187
- RESERVED
+CVE-2021-34187 (main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows
SQL Inj ...)
+ TODO: check
CVE-2021-34186
RESERVED
CVE-2021-34185 (Miniaudio 0.10.35 has an integer-based buffer overflow caused
by an ou ...)
@@ -4475,8 +4495,7 @@ CVE-2021-33516 (An issue was discovered in GUPnP before
1.0.7 and 1.1.x and 1.2.
NOTE: https://gitlab.gnome.org/GNOME/gupnp/-/issues/24
NOTE:
https://gitlab.gnome.org/GNOME/gupnp/-/commit/05e964d48322ff23a65c6026d656e4494ace6ff9
(gupnp-1.0)
NOTE:
https://gitlab.gnome.org/GNOME/gupnp/-/commit/ca6ec9dcb26fd7a2a630eb6a68118659b589afac
(master)
-CVE-2021-33515 [SMTP Submission service STARTTLS injection]
- RESERVED
+CVE-2021-33515 (The submission service in Dovecot before 2.3.15 allows
STARTTLS comman ...)
- dovecot <unfixed>
[stretch] - dovecot <not-affected> (Vulnerable code
(smtp_server_command queue) introduced later)
NOTE: https://dovecot.org/pipermail/dovecot-news/2021-June/000462.html
@@ -5142,7 +5161,7 @@ CVE-2021-3557
RESERVED
NOT-FOR-US: Argo CD
CVE-2021-3556
- RESERVED
+ REJECTED
CVE-2021-33204 (In the pg_partman (aka PG Partition Manager) extension before
4.5.1 fo ...)
- pg-partman 4.5.1-1 (bug #988917)
[stretch] - pg-partman <no-dsa> (Minor issue)
@@ -6258,12 +6277,12 @@ CVE-2021-32722
RESERVED
CVE-2021-32721
RESERVED
-CVE-2021-32720
- RESERVED
-CVE-2021-32719
- RESERVED
-CVE-2021-32718
- RESERVED
+CVE-2021-32720 (Sylius is an Open Source eCommerce platform on top of Symfony.
In vers ...)
+ TODO: check
+CVE-2021-32719 (RabbitMQ is a multi-protocol messaging broker. In
rabbitmq-server prio ...)
+ TODO: check
+CVE-2021-32718 (RabbitMQ is a multi-protocol messaging broker. In
rabbitmq-server prio ...)
+ TODO: check
CVE-2021-32717 (Shopware is an open source eCommerce platform. In versions
prior to 6. ...)
NOT-FOR-US: Shopware
CVE-2021-32716 (Shopware is an open source eCommerce platform. In versions
prior to 6. ...)
@@ -6793,8 +6812,8 @@ CVE-2021-32498
RESERVED
CVE-2021-32497
RESERVED
-CVE-2021-32496
- RESERVED
+CVE-2021-32496 (SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to
an Inad ...)
+ TODO: check
CVE-2021-32495
RESERVED
CVE-2021-32494
@@ -8285,21 +8304,25 @@ CVE-2021-31875 (In mjs_json.c in Cesanta MongooseOS mJS
1.26, a maliciously form
CVE-2021-31874
RESERVED
CVE-2021-31873 (An issue was discovered in klibc before 2.0.9. Additions in
the malloc ...)
+ {DLA-2695-1}
- klibc 2.0.8-6 (bug #989505)
[buster] - klibc 2.0.6-1+deb10u1
NOTE:
https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=a31ae8c508fc8d1bca4f57e9f9f88127572d5202
NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1
CVE-2021-31872 (An issue was discovered in klibc before 2.0.9. Multiple
possible integ ...)
+ {DLA-2695-1}
- klibc 2.0.8-6 (bug #989505)
[buster] - klibc 2.0.6-1+deb10u1
NOTE:
https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=9b1c91577aef7f2e72c3aa11a27749160bd278ff
NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1
CVE-2021-31871 (An issue was discovered in klibc before 2.0.9. An integer
overflow in ...)
+ {DLA-2695-1}
- klibc 2.0.8-6 (bug #989505)
[buster] - klibc 2.0.6-1+deb10u1
NOTE:
https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=2e48a12ab1e30d43498c2d53e878a11a1b5102d5
NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1
CVE-2021-31870 (An issue was discovered in klibc before 2.0.9. Multiplication
in the c ...)
+ {DLA-2695-1}
- klibc 2.0.8-6 (bug #989505)
[buster] - klibc 2.0.6-1+deb10u1
NOTE:
https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=292650f04c2b5348b4efbad61fb014ed09b4f3f2
@@ -9735,8 +9758,8 @@ CVE-2021-31339 (A vulnerability has been identified in
Mendix Excel Importer Mod
NOT-FOR-US: Mendix Excel Importer Module
CVE-2021-31338
RESERVED
-CVE-2021-31337
- RESERVED
+CVE-2021-31337 (The Telnet service of the SIMATIC HMI Comfort Panels system
component ...)
+ TODO: check
CVE-2021-31336
RESERVED
CVE-2021-31335
@@ -13488,8 +13511,8 @@ CVE-2021-29777 (IBM Db2 for Linux, UNIX and Windows
(includes Db2 Connect Server
NOT-FOR-US: IBM
CVE-2021-29776
RESERVED
-CVE-2021-29775
- RESERVED
+CVE-2021-29775 (IBM Business Automation Workflow 19.0.03 and 20.0 and IBM
Cloud Pak fo ...)
+ TODO: check
CVE-2021-29774
RESERVED
CVE-2021-29773
@@ -13536,8 +13559,8 @@ CVE-2021-29753
RESERVED
CVE-2021-29752
RESERVED
-CVE-2021-29751
- RESERVED
+CVE-2021-29751 (IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM
Business ...)
+ TODO: check
CVE-2021-29750
RESERVED
CVE-2021-29749
@@ -13652,8 +13675,8 @@ CVE-2021-29695 (IBM Host firmware for LC-class Systems
could allow a remote atta
NOT-FOR-US: IBM
CVE-2021-29694 (IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker
than expec ...)
NOT-FOR-US: IBM
-CVE-2021-29693
- RESERVED
+CVE-2021-29693 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user that
is in the ...)
+ TODO: check
CVE-2021-29692 (IBM Security Identity Manager 7.0.2 could allow a remote
attacker to o ...)
NOT-FOR-US: IBM
CVE-2021-29691 (IBM Security Identity Manager 7.0.2 contains hard-coded
credentials, s ...)
@@ -15040,8 +15063,7 @@ CVE-2021-29159 (A cross-site scripting (XSS)
vulnerability has been discovered i
NOT-FOR-US: Nexus Repository Manager
CVE-2021-29158 (Sonatype Nexus Repository Manager 3 Pro up to and including
3.30.0 has ...)
NOT-FOR-US: Sonatype Nexus Repository Manager
-CVE-2021-29157 [oauth2 JWT local validation path traversal]
- RESERVED
+CVE-2021-29157 (Dovecot before 2.3.15 allows ../ Path Traversal. An attacker
with acce ...)
- dovecot <unfixed>
[buster] - dovecot <not-affected> (Vulnerable code introduced later)
[stretch] - dovecot <not-affected> (Vulnerable code introduced later)
@@ -16388,8 +16410,8 @@ CVE-2021-28625
RESERVED
CVE-2021-28624
RESERVED
-CVE-2021-28623
- RESERVED
+CVE-2021-28623 (Adobe Premiere Elements version 5.2 (and earlier) is affected
by an in ...)
+ TODO: check
CVE-2021-28622
RESERVED
CVE-2021-28621
@@ -16440,8 +16462,8 @@ CVE-2021-28599
RESERVED
CVE-2021-28598
RESERVED
-CVE-2021-28597
- RESERVED
+CVE-2021-28597 (Adobe Photoshop Elements version 5.2 (and earlier) is affected
by an i ...)
+ TODO: check
CVE-2021-28596
RESERVED
CVE-2021-28595
@@ -16458,44 +16480,44 @@ CVE-2021-28590
RESERVED
CVE-2021-28589
RESERVED
-CVE-2021-28588
- RESERVED
-CVE-2021-28587
- RESERVED
-CVE-2021-28586
- RESERVED
-CVE-2021-28585
- RESERVED
-CVE-2021-28584
- RESERVED
-CVE-2021-28583
- RESERVED
+CVE-2021-28588 (Adobe RoboHelp Server version 2019.0.9 (and earlier) is
affected by a ...)
+ TODO: check
+CVE-2021-28587 (After Effects versions 18.0 (and earlier) are affected by an
out-of-bo ...)
+ TODO: check
+CVE-2021-28586 (After Effects version 18.0 (and earlier) are affected by an
out-of-bou ...)
+ TODO: check
+CVE-2021-28585 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier)
and 2.3.6 ...)
+ TODO: check
+CVE-2021-28584 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier)
and 2.3.6 ...)
+ TODO: check
+CVE-2021-28583 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier)
and 2.3.6 ...)
+ TODO: check
CVE-2021-28582
RESERVED
CVE-2021-28581
RESERVED
CVE-2021-28580
RESERVED
-CVE-2021-28579
- RESERVED
+CVE-2021-28579 (Adobe Connect version 11.2.1 (and earlier) is affected by an
Improper ...)
+ TODO: check
CVE-2021-28578
RESERVED
CVE-2021-28577
RESERVED
-CVE-2021-28576
- RESERVED
-CVE-2021-28575
- RESERVED
-CVE-2021-28574
- RESERVED
-CVE-2021-28573
- RESERVED
+CVE-2021-28576 (Adobe Animate version 21.0.5 (and earlier) is affected by an
Out-of-bo ...)
+ TODO: check
+CVE-2021-28575 (Adobe Animate version 21.0.5 (and earlier) is affected by an
Out-of-bo ...)
+ TODO: check
+CVE-2021-28574 (Adobe Animate version 21.0.5 (and earlier) is affected by an
Out-of-bo ...)
+ TODO: check
+CVE-2021-28573 (Adobe Animate version 21.0.5 (and earlier) is affected by an
Out-of-bo ...)
+ TODO: check
CVE-2021-28572
RESERVED
CVE-2021-28571
RESERVED
-CVE-2021-28570
- RESERVED
+CVE-2021-28570 (Adobe After Effects version 18.1 (and earlier) is affected by
an Uncon ...)
+ TODO: check
CVE-2021-28569
RESERVED
CVE-2021-28568
@@ -16508,10 +16530,10 @@ CVE-2021-28565
RESERVED
CVE-2021-28564
RESERVED
-CVE-2021-28563
- RESERVED
-CVE-2021-28562
- RESERVED
+CVE-2021-28563 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier)
and 2.3.6 ...)
+ TODO: check
+CVE-2021-28562 (Acrobat Reader DC versions versions 2021.001.20150 (and
earlier), 2020 ...)
+ TODO: check
CVE-2021-28561
RESERVED
CVE-2021-28560
@@ -16522,8 +16544,8 @@ CVE-2021-28558
RESERVED
CVE-2021-28557
RESERVED
-CVE-2021-28556
- RESERVED
+CVE-2021-28556 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier)
and 2.3.6 ...)
+ TODO: check
CVE-2021-28555
RESERVED
CVE-2021-28554
@@ -22830,9 +22852,9 @@ CVE-2021-25951
RESERVED
CVE-2021-25950
REJECTED
-CVE-2021-25949 (Prototype pollution vulnerability in ‘set-getter’
version ...)
+CVE-2021-25949 (Prototype pollution vulnerability in 'set-getter' version
0.1.0 allows ...)
NOT-FOR-US: Node set-getter
-CVE-2021-25948 (Prototype pollution vulnerability in ‘expand-hash’
version ...)
+CVE-2021-25948 (Prototype pollution vulnerability in 'expand-hash' versions
0.1.0 thro ...)
NOT-FOR-US: Node expand-hash
CVE-2021-25947 (Prototype pollution vulnerability in 'nestie' versions 0.0.0
through 1 ...)
NOT-FOR-US: Node nestie
@@ -28766,8 +28788,8 @@ CVE-2021-23401
RESERVED
CVE-2021-23400
RESERVED
-CVE-2021-23399
- RESERVED
+CVE-2021-23399 (This affects all versions of package wincred. If
attacker-controlled u ...)
+ TODO: check
CVE-2021-23398 (All versions of package react-bootstrap-table are vulnerable
to Cross- ...)
NOT-FOR-US: react-bootstrap-table
CVE-2021-23397
@@ -35534,16 +35556,16 @@ CVE-2021-21104
RESERVED
CVE-2021-21103
RESERVED
-CVE-2021-21102
- RESERVED
-CVE-2021-21101
- RESERVED
+CVE-2021-21102 (Adobe Illustrator version 25.2 (and earlier) is affected by a
Path Tra ...)
+ TODO: check
+CVE-2021-21101 (Adobe Illustrator version 25.2 (and earlier) is affected by an
Out-of- ...)
+ TODO: check
CVE-2021-21100 (Adobe Digital Editions version 4.5.11.187245 (and earlier) is
affected ...)
NOT-FOR-US: Adobe
-CVE-2021-21099
- RESERVED
-CVE-2021-21098
- RESERVED
+CVE-2021-21099 (Adobe InDesign version 16.0 (and earlier) is affected by an
Out-of-bou ...)
+ TODO: check
+CVE-2021-21098 (Adobe InDesign version 16.0 (and earlier) is affected by an
Out-of-bou ...)
+ TODO: check
CVE-2021-21097
RESERVED
CVE-2021-21096 (Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and
earlier) ar ...)
@@ -35558,8 +35580,8 @@ CVE-2021-21092 (Adobe Bridge versions 10.1.1 (and
earlier) and 11.0.1 (and earli
NOT-FOR-US: Adobe
CVE-2021-21091 (Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and
earlier) ar ...)
NOT-FOR-US: Adobe
-CVE-2021-21090
- RESERVED
+CVE-2021-21090 (Adobe InCopy version 16.0 (and earlier) is affected by an path
travers ...)
+ TODO: check
CVE-2021-21089
RESERVED
CVE-2021-21088
@@ -35570,10 +35592,10 @@ CVE-2021-21086
RESERVED
CVE-2021-21085 (Adobe Connect version 11.0.7 (and earlier) is affected by an
Input Val ...)
NOT-FOR-US: Adobe
-CVE-2021-21084
- RESERVED
-CVE-2021-21083
- RESERVED
+CVE-2021-21084 (AEM's Cloud Service offering, as well as versions 6.5.7.0 (and
below), ...)
+ TODO: check
+CVE-2021-21083 (AEM's Cloud Service offering, as well as versions 6.5.7.0 (and
below), ...)
+ TODO: check
CVE-2021-21082 (Adobe Photoshop versions 21.2.5 (and earlier) and 22.2 (and
earlier) a ...)
NOT-FOR-US: Adobe
CVE-2021-21081
@@ -35652,9 +35674,9 @@ CVE-2021-21045 (Acrobat Reader DC versions versions
2020.013.20074 (and earlier)
NOT-FOR-US: Adobe
CVE-2021-21044 (Acrobat Reader DC versions versions 2020.013.20074 (and
earlier), 2020 ...)
NOT-FOR-US: Adobe
-CVE-2021-21043 (ACS Commons version 4.9.2 (and earlier) suffers from a
Reflected Cross ...)
+CVE-2021-21043 (Acrobat InDesign version 16.0 (and earlier) is affected by an
Out-of-b ...)
NOT-FOR-US: Adobe
-CVE-2021-21042 (Acrobat Reader DC versions versions 2020.013.20074 (and
earlier), 2020 ...)
+CVE-2021-21042 (Acrobat Reader DC versions 2020.013.20074 (and earlier),
2020.001.3001 ...)
NOT-FOR-US: Adobe
CVE-2021-21041 (Acrobat Reader DC versions versions 2020.013.20074 (and
earlier), 2020 ...)
NOT-FOR-US: Adobe
@@ -36644,12 +36666,12 @@ CVE-2021-20576 (IBM Security Verify Access 20.07
could allow a remote attacker t
NOT-FOR-US: IBM
CVE-2021-20575 (IBM Security Verify Access 20.07 allows web pages to be stored
locally ...)
NOT-FOR-US: IBM
-CVE-2021-20574
- RESERVED
-CVE-2021-20573
- RESERVED
-CVE-2021-20572
- RESERVED
+CVE-2021-20574 (IBM Security Identity Manager Adapters 6.0 and 7.0 could allow
a remot ...)
+ TODO: check
+CVE-2021-20573 (IBM Security Identity Manager Adapters 6.0 and 7.0 are
vulnerable to a ...)
+ TODO: check
+CVE-2021-20572 (IBM Security Identity Manager Adapters 6.0 and 7.0 are
vulnerable to a ...)
+ TODO: check
CVE-2021-20571
RESERVED
CVE-2021-20570
@@ -36804,8 +36826,8 @@ CVE-2021-20496
RESERVED
CVE-2021-20495
RESERVED
-CVE-2021-20494
- RESERVED
+CVE-2021-20494 (IBM Security Identity Manager Adapters 6.0 and 7.0 are
vulnerable to a ...)
+ TODO: check
CVE-2021-20493
RESERVED
CVE-2021-20492 (IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty
Java Batch ...)
@@ -36966,8 +36988,8 @@ CVE-2021-20415
RESERVED
CVE-2021-20414
RESERVED
-CVE-2021-20413
- RESERVED
+CVE-2021-20413 (IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a
remote attack ...)
+ TODO: check
CVE-2021-20412 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 contains
hard-co ...)
NOT-FOR-US: IBM
CVE-2021-20411 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could
allow a us ...)
@@ -37991,10 +38013,10 @@ CVE-2021-20102
RESERVED
CVE-2021-20101
RESERVED
-CVE-2021-20100
- RESERVED
-CVE-2021-20099
- RESERVED
+CVE-2021-20100 (Nessus Agent 8.2.4 and earlier for Windows were found to
contain multi ...)
+ TODO: check
+CVE-2021-20099 (Nessus Agent 8.2.4 and earlier for Windows were found to
contain multi ...)
+ TODO: check
CVE-2021-20098
RESERVED
CVE-2021-20097
@@ -47253,8 +47275,7 @@ CVE-2020-28202
RESERVED
CVE-2020-28201
RESERVED
-CVE-2020-28200 [Sieve excessive resource usage]
- RESERVED
+CVE-2020-28200 (The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled
Resource ...)
- dovecot <unfixed>
[stretch] - dovecot <no-dsa> (Minor issue)
NOTE: https://dovecot.org/pipermail/dovecot-news/2021-June/000460.html
@@ -58628,18 +58649,18 @@ CVE-2020-23717
RESERVED
CVE-2020-23716
RESERVED
-CVE-2020-23715
- RESERVED
+CVE-2020-23715 (Directory Traversal vulnerability in Webport CMS 1.19.10.17121
via the ...)
+ TODO: check
CVE-2020-23714
RESERVED
CVE-2020-23713
RESERVED
CVE-2020-23712
RESERVED
-CVE-2020-23711
- RESERVED
-CVE-2020-23710
- RESERVED
+CVE-2020-23711 (SQL Injection vulnerability in NavigateCMS 2.9 via the URL
encoded GET ...)
+ TODO: check
+CVE-2020-23710 (Cross Site Scripting (XSS) vulneraiblity in LimeSurvey 4.2.5
on textbo ...)
+ TODO: check
CVE-2020-23709
RESERVED
CVE-2020-23708
@@ -60855,12 +60876,12 @@ CVE-2020-22611
RESERVED
CVE-2020-22610
RESERVED
-CVE-2020-22609
- RESERVED
-CVE-2020-22608
- RESERVED
-CVE-2020-22607
- RESERVED
+CVE-2020-22609 (Cross Site Scripting (XSS) vulnerability in Enhancesoft
osTicket befor ...)
+ TODO: check
+CVE-2020-22608 (Cross Site Scripting vulnerability in Enhancesoft osTicket
before v1.1 ...)
+ TODO: check
+CVE-2020-22607 (Cross Site Scripting vulnerabilty in LimeSurvey 4.1.11+200316
via the ...)
+ TODO: check
CVE-2020-22606
RESERVED
CVE-2020-22605
@@ -64914,8 +64935,8 @@ CVE-2020-20642
RESERVED
CVE-2020-20641
RESERVED
-CVE-2020-20640
- RESERVED
+CVE-2020-20640 (Cross Site Scripting (XSS) vulnerability in ECShop 4.0 due to
security ...)
+ TODO: check
CVE-2020-20639
RESERVED
CVE-2020-20638
@@ -76577,8 +76598,8 @@ CVE-2020-15304 (An issue was discovered in OpenEXR
before 2.5.2. An invalid tile
NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/727
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/commit/36e05c14c612a89c43d4e0b013669ecd7f8e3440
(v3.0.4)
NOTE: Introduced by
https://github.com/AcademySoftwareFoundation/openexr/commit/e79d2296496a50826a15c667bf92bdc5a05518b4
(v2.4.1)
-CVE-2020-15303
- RESERVED
+CVE-2020-15303 (Infoblox NIOS before 8.5.2 allows entity expansion during an
XML uploa ...)
+ TODO: check
CVE-2020-15302 (In Argent RecoveryManager before
0xdc350d09f71c48c5D22fBE2741e4d6A0397 ...)
NOT-FOR-US: Argent RecoveryManager
CVE-2020-15301 (SuiteCRM through 7.11.13 allows CSV Injection via registration
fields ...)
@@ -226432,7 +226453,7 @@ CVE-2018-1139 (A flaw was found in the way samba
before 4.7.9 and 4.8.4 allowed
[jessie] - samba <not-affected> (Issue introduced in 4.7.0)
NOTE: https://www.samba.org/samba/security/CVE-2018-1139.html
CVE-2018-1138
- RESERVED
+ REJECTED
CVE-2018-1137 (An issue was discovered in Moodle 3.x. By substituting URLs in
portfol ...)
- moodle <removed>
CVE-2018-1136 (An issue was discovered in Moodle 3.x. An authenticated user is
allowe ...)
@@ -310047,7 +310068,7 @@ CVE-2015-8567 (Memory leak in net/vmxnet3.c in QEMU
allows remote attackers to c
- qemu-kvm <not-affected> (Vulnerable code not present)
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02299.html
NOTE: https://www.openwall.com/lists/oss-security/2015/12/15/4
-CVE-2015-8559 (The knife bootstrap command in chef leaks the validator.pem
private RS ...)
+CVE-2015-8559 (The knife bootstrap command in chef Infra client before version
15.4.4 ...)
- chef <removed> (low; bug #809670)
[buster] - chef <ignored> (Minor issue; workaround using validatorless
bootstrapping)
[stretch] - chef <ignored> (Minor issue; workaround using validatorless
bootstrapping)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bda8de7f8d986a6d54fd9b2b45c1ce99da91ddd6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bda8de7f8d986a6d54fd9b2b45c1ce99da91ddd6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
