Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f569e757 by security tracker role at 2021-08-03T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2021-3680
+ RESERVED
+CVE-2021-3679
+ RESERVED
+CVE-2021-3678
+ RESERVED
CVE-2021-37931
RESERVED
CVE-2021-37930
@@ -207,10 +213,10 @@ CVE-2021-37835
RESERVED
CVE-2021-37834
RESERVED
-CVE-2021-37833
- RESERVED
-CVE-2021-37832
- RESERVED
+CVE-2021-37833 (A reflected cross-site scripting (XSS) vulnerability exists in
multipl ...)
+ TODO: check
+CVE-2021-37832 (A SQL injection vulnerability exists in version 3.0.2 of Hotel
Druid w ...)
+ TODO: check
CVE-2021-37831
RESERVED
CVE-2021-37830
@@ -783,12 +789,12 @@ CVE-2021-37560
RESERVED
CVE-2021-37559
RESERVED
-CVE-2021-37558
- RESERVED
-CVE-2021-37557
- RESERVED
-CVE-2021-37556
- RESERVED
+CVE-2021-37558 (A SQL injection vulnerability in a MediaWiki script in
Centreon before ...)
+ TODO: check
+CVE-2021-37557 (A SQL injection vulnerability in image generation in Centreon
before 2 ...)
+ TODO: check
+CVE-2021-37556 (A SQL injection vulnerability in reporting export in Centreon
before 2 ...)
+ TODO: check
CVE-2021-37555 (TX9 Automatic Food Dispenser v3.2.57 devices allow access to a
shell a ...)
NOT-FOR-US: TX9 Automatic Food Dispenser
CVE-2021-37554
@@ -2535,8 +2541,8 @@ CVE-2021-36765
RESERVED
CVE-2021-36764
RESERVED
-CVE-2021-36763
- RESERVED
+CVE-2021-36763 (In CODESYS V3 web server before 3.5.17.10, files or
directories are ac ...)
+ TODO: check
CVE-2021-36762
RESERVED
CVE-2021-36761
@@ -2695,12 +2701,12 @@ CVE-2021-36705
RESERVED
CVE-2021-36704
RESERVED
-CVE-2021-36703
- RESERVED
-CVE-2021-36702
- RESERVED
-CVE-2021-36701
- RESERVED
+CVE-2021-36703 (The "blog title" field in the "Settings" menu "config" page of
"dashbo ...)
+ TODO: check
+CVE-2021-36702 (The "content" field in the "regular post" page of the "add
content" me ...)
+ TODO: check
+CVE-2021-36701 (In htmly version 2.8.1, is vulnerable to an Arbitrary File
Deletion on ...)
+ TODO: check
CVE-2021-36700
RESERVED
CVE-2021-36699
@@ -2793,8 +2799,8 @@ CVE-2021-36656
RESERVED
CVE-2021-36655
RESERVED
-CVE-2021-36654
- RESERVED
+CVE-2021-36654 (CMSuno 1.7 is vulnerable to an authenticated stored cross site
scripti ...)
+ TODO: check
CVE-2021-36653
RESERVED
CVE-2021-36652
@@ -2855,10 +2861,10 @@ CVE-2021-36625
RESERVED
CVE-2021-36624 (Sourcecodester Phone Shop Sales Managements System version 1.0
suffers ...)
NOT-FOR-US: Sourcecodester
-CVE-2021-36623
- RESERVED
-CVE-2021-36622
- RESERVED
+CVE-2021-36623 (Arbitrary File Upload in Sourcecodester Phone Shop Sales
Management Sy ...)
+ TODO: check
+CVE-2021-36622 (Sourcecodester Online Covid Vaccination Scheduler System 1.0
is affect ...)
+ TODO: check
CVE-2021-36621 (Sourcecodester Online Covid Vaccination Scheduler System 1.0
is vulner ...)
NOT-FOR-US: Sourcecodester
CVE-2021-36620
@@ -3015,10 +3021,10 @@ CVE-2021-36545
RESERVED
CVE-2021-36544
RESERVED
-CVE-2021-36543
- RESERVED
-CVE-2021-36542
- RESERVED
+CVE-2021-36543 (Cross-Site Request Forgery (CSRF) vulnerability in the
/op/op.UnlockDo ...)
+ TODO: check
+CVE-2021-36542 (Cross-Site Request Forgery (CSRF) vulnerability in the
/op/op.LockDocu ...)
+ TODO: check
CVE-2021-36541
RESERVED
CVE-2021-36540
@@ -3352,7 +3358,7 @@ CVE-2021-36381 (In Edifecs Transaction Management through
2021-07-12, an unauthe
CVE-2021-36380
RESERVED
CVE-2021-36379
- RESERVED
+ REJECTED
CVE-2021-36378
RESERVED
CVE-2021-36377 (Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the
hostname ...)
@@ -3835,14 +3841,14 @@ CVE-2021-36161
RESERVED
CVE-2021-36160
RESERVED
-CVE-2021-36159
- RESERVED
+CVE-2021-36159 (libfetch before 2021-07-26, as used in apk-tools, xbps, and
other prod ...)
+ TODO: check
CVE-2021-36158 (In the xrdp package (in branches through 3.14) for Alpine
Linux, RDP s ...)
- xrdp <not-affected> (xrdp as packaged in Alpine)
-CVE-2021-36157
- RESERVED
-CVE-2021-36156
- RESERVED
+CVE-2021-36157 (An issue was discovered in Grafana Cortex through 1.9.0. The
header va ...)
+ TODO: check
+CVE-2021-36156 (An issue was discovered in Grafana Loki through 2.2.1. The
header valu ...)
+ TODO: check
CVE-2021-36155 (LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier
allocates ...)
NOT-FOR-US: gRPC Swift
CVE-2021-36154 (HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier
allows remot ...)
@@ -5764,8 +5770,8 @@ CVE-2021-35345
RESERVED
CVE-2021-35344
RESERVED
-CVE-2021-35343
- RESERVED
+CVE-2021-35343 (Cross-Site Request Forgery (CSRF) vulnerability in the
/op/op.Ajax.php ...)
+ TODO: check
CVE-2021-35342
RESERVED
CVE-2021-35341
@@ -5926,8 +5932,8 @@ CVE-2021-35267
RESERVED
CVE-2021-35266
RESERVED
-CVE-2021-35265
- RESERVED
+CVE-2021-35265 (A reflected cross-site scripting (XSS) vulnerability in
MaxSite CMS be ...)
+ TODO: check
CVE-2021-35264
RESERVED
CVE-2021-35263
@@ -10026,10 +10032,10 @@ CVE-2021-33488
RESERVED
CVE-2021-33487
RESERVED
-CVE-2021-33486
- RESERVED
-CVE-2021-33485
- RESERVED
+CVE-2021-33486 (All versions of the CODESYS V3 Runtime Toolkit for VxWorks
from versio ...)
+ TODO: check
+CVE-2021-33485 (CODESYS Control Runtime system before 3.5.17.10 has a
Heap-based Buffe ...)
+ TODO: check
CVE-2021-3562
RESERVED
CVE-2021-33484
@@ -10351,28 +10357,28 @@ CVE-2021-33332
RESERVED
CVE-2021-33331
RESERVED
-CVE-2021-33330
- RESERVED
+CVE-2021-33330 (Liferay Portal 7.2.0 through 7.3.2, and Liferay DXP 7.2 before
fix pac ...)
+ TODO: check
CVE-2021-33329
RESERVED
-CVE-2021-33328
- RESERVED
-CVE-2021-33327
- RESERVED
-CVE-2021-33326
- RESERVED
-CVE-2021-33325
- RESERVED
-CVE-2021-33324
- RESERVED
-CVE-2021-33323
- RESERVED
-CVE-2021-33322
- RESERVED
-CVE-2021-33321
- RESERVED
-CVE-2021-33320
- RESERVED
+CVE-2021-33328 (Cross-site scripting (XSS) vulnerability in the Asset module's
edit vo ...)
+ TODO: check
+CVE-2021-33327 (The Portlet Configuration module in Liferay Portal 7.2.0
through 7.3.3 ...)
+ TODO: check
+CVE-2021-33326 (Cross-site scripting (XSS) vulnerability in the Frontend JS
module in ...)
+ TODO: check
+CVE-2021-33325 (The Portal Workflow module in Liferay Portal 7.3.2 and
earlier, and Li ...)
+ TODO: check
+CVE-2021-33324 (The Layout module in Liferay Portal 7.1.0 through 7.3.1, and
Liferay D ...)
+ TODO: check
+CVE-2021-33323 (The Dynamic Data Mapping module in Liferay Portal 7.1.0
through 7.3.2, ...)
+ TODO: check
+CVE-2021-33322 (In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.0
before fix pa ...)
+ TODO: check
+CVE-2021-33321 (Insecure default configuration in Liferay Portal 6.2.3 through
7.3.2, ...)
+ TODO: check
+CVE-2021-33320 (The Flags module in Liferay Portal 7.3.1 and earlier, and
Liferay DXP ...)
+ TODO: check
CVE-2021-33319
RESERVED
CVE-2021-33318
@@ -11567,8 +11573,8 @@ CVE-2021-32816 (ProtonMail Web Client is the official
AngularJS web client for t
NOT-FOR-US: ProtonMail Web Client
CVE-2021-32815
RESERVED
-CVE-2021-32814
- RESERVED
+CVE-2021-32814 (Skytable is a NoSQL database with automated snapshots and TLS.
Version ...)
+ TODO: check
CVE-2021-32813
RESERVED
CVE-2021-32812 (Monkshu is an enterprise application server for mobile apps
(iOS and A ...)
@@ -11589,8 +11595,8 @@ CVE-2021-32805
RESERVED
CVE-2021-32804
RESERVED
-CVE-2021-32803
- RESERVED
+CVE-2021-32803 (The npm package "tar" (aka node-tar) before versions 6.1.2,
5.0.7, 4.4 ...)
+ TODO: check
CVE-2021-32802
RESERVED
CVE-2021-32801
@@ -11672,8 +11678,8 @@ CVE-2021-32773 (Racket is a general-purpose programming
language and an ecosyste
[buster] - racket <no-dsa> (Minor issue)
[stretch] - racket <no-dsa> (Minor issue)
NOTE:
https://github.com/racket/racket/security/advisories/GHSA-cgrw-p7p7-937c
-CVE-2021-32772
- RESERVED
+CVE-2021-32772 (Poddycast is a podcast app made with Electron. Prior to
version 0.8.1, ...)
+ TODO: check
CVE-2021-32771
RESERVED
CVE-2021-32770 (Gatsby is a framework for building websites. The
gatsby-source-wordpre ...)
@@ -13516,12 +13522,12 @@ CVE-2021-32020 (The kernel in Amazon Web Services
FreeRTOS before 10.4.3 has ins
NOT-FOR-US: kernel in Amazon Web Services FreeRTOS
CVE-2021-32019 (There is missing input validation of host names displayed in
OpenWrt b ...)
TODO: check
-CVE-2021-32018
- RESERVED
-CVE-2021-32017
- RESERVED
-CVE-2021-32016
- RESERVED
+CVE-2021-32018 (An issue was discovered in JUMP AMS 3.6.0.04.009-2487. The
JUMP SOAP A ...)
+ TODO: check
+CVE-2021-32017 (An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP
SOAP end ...)
+ TODO: check
+CVE-2021-32016 (An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP
SOAP end ...)
+ TODO: check
CVE-2021-32015 (In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local
authenticated mal ...)
NOT-FOR-US: Nuvoton NPCT75x TPM 1.2 firmware
CVE-2021-32014 (SheetJS and SheetJS Pro through 0.16.9 allows attackers to
cause a den ...)
@@ -14610,8 +14616,8 @@ CVE-2021-31632
RESERVED
CVE-2021-31631
RESERVED
-CVE-2021-31630
- RESERVED
+CVE-2021-31630 (Command Injection in Open PLC Webserver v3 allows remote
attackers to ...)
+ TODO: check
CVE-2021-31629
RESERVED
CVE-2021-31628
@@ -14990,10 +14996,10 @@ CVE-2021-31506 (This vulnerability allows remote
attackers to disclose sensitive
NOT-FOR-US: OpenText Brava! Desktop
CVE-2021-31505 (This vulnerability allows attackers with physical access to
escalate p ...)
NOT-FOR-US: Arlo Q Plus
-CVE-2021-31504
- RESERVED
-CVE-2021-31503
- RESERVED
+CVE-2021-31504 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-31503 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
CVE-2021-31502 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
NOT-FOR-US: OpenText Brava! Desktop
CVE-2021-31501 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
@@ -17275,28 +17281,22 @@ CVE-2021-30565
RESERVED
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30564
- RESERVED
+CVE-2021-30564 (Heap buffer overflow in WebXR in Google Chrome prior to
91.0.4472.164 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30563
- RESERVED
+CVE-2021-30563 (Type Confusion in V8 in Google Chrome prior to 91.0.4472.164
allowed a ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30562
- RESERVED
+CVE-2021-30562 (Use after free in WebSerial in Google Chrome prior to
91.0.4472.164 al ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30561
- RESERVED
+CVE-2021-30561 (Type Confusion in V8 in Google Chrome prior to 91.0.4472.164
allowed a ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30560
- RESERVED
+CVE-2021-30560 (Use after free in Blink XSLT in Google Chrome prior to
91.0.4472.164 a ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30559
- RESERVED
+CVE-2021-30559 (Out of bounds write in ANGLE in Google Chrome prior to
91.0.4472.164 a ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30558
@@ -17356,8 +17356,7 @@ CVE-2021-30543 (Use after free in Tab Strip in Google
Chrome prior to 91.0.4472.
CVE-2021-30542 (Use after free in Tab Strip in Google Chrome prior to
91.0.4472.77 all ...)
- chromium <unfixed> (bug #990079)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30541
- RESERVED
+CVE-2021-30541 (Use after free in V8 in Google Chrome prior to 91.0.4472.164
allowed a ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30540 (Incorrect security UI in payments in Google Chrome on Android
prior to ...)
@@ -23874,12 +23873,12 @@ CVE-2019-25025 (The activerecord-session_store (aka
Active Record Session Store)
NOTE: https://github.com/rails/activerecord-session_store/pull/151
CVE-2021-27955
RESERVED
-CVE-2021-27954
- RESERVED
-CVE-2021-27953
- RESERVED
-CVE-2021-27952
- RESERVED
+CVE-2021-27954 (A heap-based buffer overflow vulnerability exists on the
ecobee3 lite ...)
+ TODO: check
+CVE-2021-27953 (A NULL pointer dereference vulnerability exists on the ecobee3
lite 4. ...)
+ TODO: check
+CVE-2021-27952 (Hardcoded default root credentials exist on the ecobee3 lite
4.5.81.20 ...)
+ TODO: check
CVE-2021-27951
RESERVED
CVE-2021-27950 (A SQL injection vulnerability in azurWebEngine in Sita AzurCMS
through ...)
@@ -23915,8 +23914,8 @@ CVE-2021-27944
RESERVED
CVE-2021-27943 (The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and
E50x-E1 ...)
TODO: check
-CVE-2021-27942
- RESERVED
+CVE-2021-27942 (Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs
allow a thre ...)
+ TODO: check
CVE-2021-27941 (Unconstrained Web access to the device's private encryption
key in the ...)
NOT-FOR-US: eWeLink mobile application
CVE-2021-27940 (resources/public/js/orchestrator.js in openark orchestrator
before 3.2 ...)
@@ -29303,19 +29302,19 @@ CVE-2021-25806
CVE-2021-25805
RESERVED
CVE-2021-25804 (A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC
Media Pl ...)
- {DSA-4834-1}
+ {DSA-4834-1 DLA-2728-1}
- vlc 3.0.12-1
NOTE:
https://code.videolan.org/videolan/vlc-3.0/-/commit/a7f577ec26d35bbd7b2a3cda89d1b41bde69de9c
(v3.0.12)
CVE-2021-25803 (A buffer overflow vulnerability in the
vlc_input_attachment_New compon ...)
- {DSA-4834-1}
+ {DSA-4834-1 DLA-2728-1}
- vlc 3.0.12-1
NOTE:
https://code.videolan.org/videolan/vlc-3.0/-/commit/56cbe9c4b59edbdc5e1bb2687992f3bbf492eccb
(v3.0.12)
CVE-2021-25802 (A buffer overflow vulnerability in the AVI_ExtractSubtitle
component o ...)
- {DSA-4834-1}
+ {DSA-4834-1 DLA-2728-1}
- vlc 3.0.12-1
NOTE:
https://code.videolan.org/videolan/vlc-3.0/-/commit/0660acc3ab64d2c3ad99cae887a438f0648faa72
(v3.0.12)
CVE-2021-25801 (A buffer overflow vulnerability in the __Parse_indx component
of Video ...)
- {DSA-4834-1}
+ {DSA-4834-1 DLA-2728-1}
- vlc 3.0.12-1
NOTE:
https://code.videolan.org/videolan/vlc-3.0/-/commit/f5f8cc3ab8825f178de3f6714bfbff8b3f293fd2
(v3.0.12)
CVE-2021-25800
@@ -34682,7 +34681,8 @@ CVE-2021-23412 (All versions of package gitlogplus are
vulnerable to Command Inj
NOT-FOR-US: Node gitlogplus
CVE-2021-23411 (Affected versions of this package are vulnerable to Cross-site
Scripti ...)
NOT-FOR-US: Node anchorme
-CVE-2021-23410 (All versions of package msgpack are vulnerable to
Deserialization of U ...)
+CVE-2021-23410
+ REJECTED
NOT-FOR-US: Node msgpack
CVE-2021-23409 (The package github.com/pires/go-proxyproto before 0.6.0 are
vulnerable ...)
- golang-github-pires-go-proxyproto <unfixed> (bug #991498)
@@ -36958,26 +36958,26 @@ CVE-2021-22427 (There is a Heap-based Buffer Overflow
Vulnerability in Huawei Sm
NOT-FOR-US: Huawei
CVE-2021-22426
RESERVED
-CVE-2021-22425
- RESERVED
-CVE-2021-22424
- RESERVED
-CVE-2021-22423
- RESERVED
-CVE-2021-22422
- RESERVED
-CVE-2021-22421
- RESERVED
-CVE-2021-22420
- RESERVED
-CVE-2021-22419
- RESERVED
-CVE-2021-22418
- RESERVED
-CVE-2021-22417
- RESERVED
-CVE-2021-22416
- RESERVED
+CVE-2021-22425 (A component of the HarmonyOS has a Double Free vulnerability.
Local at ...)
+ TODO: check
+CVE-2021-22424 (A component of the HarmonyOS has a Kernel Memory Leakage
Vulnerability ...)
+ TODO: check
+CVE-2021-22423 (A component of the HarmonyOS has a Out-of-bounds Write
Vulnerability. ...)
+ TODO: check
+CVE-2021-22422 (A component of the HarmonyOS has a Integer Overflow or
Wraparound vuln ...)
+ TODO: check
+CVE-2021-22421 (A component of the HarmonyOS has a Improper Privilege
Management vulne ...)
+ TODO: check
+CVE-2021-22420 (A component of the HarmonyOS has a External Control of System
or Confi ...)
+ TODO: check
+CVE-2021-22419 (A component of the HarmonyOS has a Insufficient Verification
of Data A ...)
+ TODO: check
+CVE-2021-22418 (A component of the HarmonyOS has a Integer Overflow or
Wraparound vuln ...)
+ TODO: check
+CVE-2021-22417 (A component of the HarmonyOS has a Data Processing Errors
vulnerabilit ...)
+ TODO: check
+CVE-2021-22416 (A component of the HarmonyOS has a Data Processing Errors
vulnerabilit ...)
+ TODO: check
CVE-2021-22415 (There is an Incorrect Calculation of Buffer Size Vulnerability
in Huaw ...)
NOT-FOR-US: Huawei
CVE-2021-22414 (There is a Memory Buffer Errors Vulnerability in Huawei
Smartphone.Suc ...)
@@ -37008,8 +37008,8 @@ CVE-2021-22402
RESERVED
CVE-2021-22401
RESERVED
-CVE-2021-22400
- RESERVED
+CVE-2021-22400 (Some Huawei Smartphones has an insufficient input validation
vulnerabi ...)
+ TODO: check
CVE-2021-22399 (The Bluetooth function of some Huawei smartphones has a DoS
vulnerabil ...)
NOT-FOR-US: Huawei
CVE-2021-22398 (There is a logic error vulnerability in several smartphones.
The softw ...)
@@ -38786,18 +38786,18 @@ CVE-2021-21583
RESERVED
CVE-2021-21582
RESERVED
-CVE-2021-21581
- RESERVED
-CVE-2021-21580
- RESERVED
-CVE-2021-21579
- RESERVED
-CVE-2021-21578
- RESERVED
-CVE-2021-21577
- RESERVED
-CVE-2021-21576
- RESERVED
+CVE-2021-21581 (Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a
cross-site scri ...)
+ TODO: check
+CVE-2021-21580 (Dell EMC iDRAC8 versions prior to 2.80.80.80 & Dell EMC
iDRAC9 ver ...)
+ TODO: check
+CVE-2021-21579 (Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open
redirect ...)
+ TODO: check
+CVE-2021-21578 (Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open
redirect ...)
+ TODO: check
+CVE-2021-21577 (Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a
DOM-based cross ...)
+ TODO: check
+CVE-2021-21576 (Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a
DOM-based cross ...)
+ TODO: check
CVE-2021-21575
RESERVED
CVE-2021-21574 (Dell BIOSConnect feature contains a buffer overflow
vulnerability. An ...)
@@ -138803,8 +138803,8 @@ CVE-2013-7474 (Windu CMS 2.2 allows XSS via the name
parameter to admin/content/
NOT-FOR-US: Windu CMS
CVE-2013-7473 (Windu CMS 2.2 allows CSRF via
admin/users/?mn=admin.message.error to a ...)
NOT-FOR-US: Windu CMS
-CVE-2019-14453
- RESERVED
+CVE-2019-14453 (An issue was discovered in Comelit "App lejos de casa (web)"
2.8.0. It ...)
+ TODO: check
CVE-2018-20953 (cPanel before 68.0.27 allows self XSS in the WHM listips
interface (SE ...)
NOT-FOR-US: cPanel
CVE-2018-20952 (cPanel before 68.0.27 creates world-readable files during use
of WHM A ...)
@@ -145093,7 +145093,7 @@ CVE-2019-12763 (The Security Camera CZ application
through 1.6.8 for Android sto
CVE-2019-12762 (Xiaomi Mi 5s Plus devices allow attackers to trigger
touchscreen anoma ...)
NOT-FOR-US: Xiaomi Mi 5s Plus devices
CVE-2019-12761 (A code injection issue was discovered in PyXDG before 0.26 via
crafted ...)
- {DLA-1819-1}
+ {DLA-2727-1 DLA-1819-1}
- pyxdg 0.26-1 (low; bug #930099)
[buster] - pyxdg <no-dsa> (Minor issue)
NOTE: https://snyk.io/vuln/SNYK-PYTHON-PYXDG-174562
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f569e757f061f08867b9148e860266d489290de0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f569e757f061f08867b9148e860266d489290de0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
