Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
804f6a1d by security tracker role at 2021-08-09T20:10:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2021-38300
+ RESERVED
+CVE-2021-38299
+ RESERVED
+CVE-2021-38298
+ RESERVED
+CVE-2021-38297
+ RESERVED
+CVE-2021-38296
+ RESERVED
+CVE-2021-38295
+ RESERVED
+CVE-2021-3694
+ RESERVED
+CVE-2021-3693
+ RESERVED
+CVE-2021-3692
+ RESERVED
CVE-2021-38294
RESERVED
CVE-2021-38293
@@ -6,8 +24,8 @@ CVE-2021-38292
RESERVED
CVE-2021-38291
RESERVED
-CVE-2021-38290
- RESERVED
+CVE-2021-38290 (A host header attack vulnerability exists in FUEL CMS 1.5.0
through fu ...)
+ TODO: check
CVE-2021-38289
RESERVED
CVE-2021-38288
@@ -387,6 +405,7 @@ CVE-2021-38155 (OpenStack Keystone 10.x through 16.x before
16.0.2, 17.x before
[stretch] - keystone <end-of-life> (Keystone not supported in stretch)
NOTE: https://launchpad.net/bugs/1688137
CVE-2021-38165 (Lynx through 2.8.9 mishandles the userinfo subcomponent of a
URI, whic ...)
+ {DLA-2736-1}
[experimental] - lynx 2.9.0dev.9-1
- lynx 2.9.0dev.6-3 (bug #991971)
NOTE:
https://lists.nongnu.org/archive/html/lynx-dev/2021-08/msg00002.html
@@ -1186,8 +1205,8 @@ CVE-2021-37790
RESERVED
CVE-2021-37789
RESERVED
-CVE-2021-37788
- RESERVED
+CVE-2021-37788 (A vulnerability in the web UI of Gurock TestRail v5.3.0.3603
could all ...)
+ TODO: check
CVE-2021-37787
RESERVED
CVE-2021-37786
@@ -1530,21 +1549,20 @@ CVE-2021-37625 (Skytable is an open source NoSQL
database. In versions prior to
NOT-FOR-US: Skytable
CVE-2021-37624
RESERVED
-CVE-2021-37623 [Denial of service due to infinite loop in
JpegBase::printStructure (#2)]
- RESERVED
+CVE-2021-37623 (Exiv2 is a command-line utility and C++ library for reading,
writing, ...)
- exiv2 <unfixed>
NOTE:
https://github.com/Exiv2/exiv2/security/advisories/GHSA-mvc4-g5pv-4qqq
NOTE: https://github.com/Exiv2/exiv2/pull/1790
-CVE-2021-37622
- RESERVED
-CVE-2021-37621
- RESERVED
-CVE-2021-37620
- RESERVED
-CVE-2021-37619
- RESERVED
-CVE-2021-37618
- RESERVED
+CVE-2021-37622 (Exiv2 is a command-line utility and C++ library for reading,
writing, ...)
+ TODO: check
+CVE-2021-37621 (Exiv2 is a command-line utility and C++ library for reading,
writing, ...)
+ TODO: check
+CVE-2021-37620 (Exiv2 is a command-line utility and C++ library for reading,
writing, ...)
+ TODO: check
+CVE-2021-37619 (Exiv2 is a command-line utility and C++ library for reading,
writing, ...)
+ TODO: check
+CVE-2021-37618 (Exiv2 is a command-line utility and C++ library for reading,
writing, ...)
+ TODO: check
CVE-2021-37617
RESERVED
CVE-2021-37616
@@ -1649,8 +1667,8 @@ CVE-2021-37575
RESERVED
CVE-2021-37574
RESERVED
-CVE-2021-37573
- RESERVED
+CVE-2021-37573 (A reflected cross-site scripting (XSS) vulnerability in the
web server ...)
+ TODO: check
CVE-2021-37572
RESERVED
CVE-2021-37571
@@ -2412,16 +2430,16 @@ CVE-2021-3658
NOTE:
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=b497b5942a8beb8f89ca1c359c54ad67ec843055
CVE-2021-37216 (QSAN Storage Manager header page parameters does not filter
special ch ...)
NOT-FOR-US: QSAN Storage Manager
-CVE-2021-37215
- RESERVED
-CVE-2021-37214
- RESERVED
-CVE-2021-37213
- RESERVED
-CVE-2021-37212
- RESERVED
-CVE-2021-37211
- RESERVED
+CVE-2021-37215 (The employee management page of Flygo contains an Insecure
Direct Obje ...)
+ TODO: check
+CVE-2021-37214 (The employee management page of Flygo contains Insecure Direct
Object ...)
+ TODO: check
+CVE-2021-37213 (The check-in record page of Flygo contains Insecure Direct
Object Refe ...)
+ TODO: check
+CVE-2021-37212 (The bulletin function of Flygo contains Insecure Direct Object
Referen ...)
+ TODO: check
+CVE-2021-37211 (The bulletin function of Flygo does not filter special
characters whil ...)
+ TODO: check
CVE-2021-37210
RESERVED
CVE-2021-37209
@@ -3325,8 +3343,8 @@ CVE-2021-36800 (Akaunting version 2.1.12 and earlier
suffers from a code injecti
NOT-FOR-US: Akaunting
CVE-2021-36799 (KNX ETS5 uses the hard-coded password ETS5Password, with a
salt value ...)
NOT-FOR-US: KNX ETS5
-CVE-2021-36798
- RESERVED
+CVE-2021-36798 (A Denial-of-Service (DoS) vulnerability was discovered in Team
Server ...)
+ TODO: check
CVE-2021-36797 (** DISPUTED ** In Victron Energy Venus OS through 2.72, root
access is ...)
NOT-FOR-US: Victron Energy Venus OS
CVE-2021-36796
@@ -8226,10 +8244,10 @@ CVE-2021-34663
RESERVED
CVE-2021-34662
RESERVED
-CVE-2021-34661
- RESERVED
-CVE-2021-34660
- RESERVED
+CVE-2021-34661 (The WP Fusion Lite WordPress plugin is vulnerable to
Cross-Site Reques ...)
+ TODO: check
+CVE-2021-34660 (The WP Fusion Lite WordPress plugin is vulnerable to Reflected
Cross-S ...)
+ TODO: check
CVE-2021-34659
RESERVED
CVE-2021-34658
@@ -8999,8 +9017,7 @@ CVE-2021-34336
RESERVED
CVE-2021-34335
RESERVED
-CVE-2021-34334 [Denial of service due to integer overflow in loop counter]
- RESERVED
+CVE-2021-34334 (Exiv2 is a command-line utility and C++ library for reading,
writing, ...)
- exiv2 <unfixed>
NOTE:
https://github.com/Exiv2/exiv2/security/advisories/GHSA-hqjh-hpv8-8r9p
NOTE: https://github.com/Exiv2/exiv2/pull/1766
@@ -11452,8 +11469,8 @@ CVE-2021-33258
RESERVED
CVE-2021-33257
RESERVED
-CVE-2021-33256
- RESERVED
+CVE-2021-33256 (A CSV injection vulnerability on the login panel of
ManageEngine ADSel ...)
+ TODO: check
CVE-2021-33255
RESERVED
CVE-2021-33254
@@ -12520,8 +12537,7 @@ CVE-2021-32817 (express-hbs is an Express handlebars
template engine. express-hb
NOT-FOR-US: express-hbs
CVE-2021-32816 (ProtonMail Web Client is the official AngularJS web client for
the Pro ...)
NOT-FOR-US: ProtonMail Web Client
-CVE-2021-32815 [Denial of service due to assertion failure in crwimage_int.cpp]
- RESERVED
+CVE-2021-32815 (Exiv2 is a command-line utility and C++ library for reading,
writing, ...)
- exiv2 <unfixed>
NOTE:
https://github.com/Exiv2/exiv2/security/advisories/GHSA-mv9g-fxh2-m49m
NOTE: https://github.com/Exiv2/exiv2/pull/1739
@@ -14720,6 +14736,7 @@ CVE-2021-3526
CVE-2021-3525
REJECTED
CVE-2021-3524 (A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph
Object Gate ...)
+ {DLA-2735-1}
- ceph 14.2.21-1 (bug #988889)
[buster] - ceph <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1951674
@@ -20446,8 +20463,8 @@ CVE-2021-29716
RESERVED
CVE-2021-29715
RESERVED
-CVE-2021-29714
- RESERVED
+CVE-2021-29714 (IBM Content Navigator 3.0.CD could allow a malicious user to
cause a d ...)
+ TODO: check
CVE-2021-29713
RESERVED
CVE-2021-29712 (IBM InfoSphere Information Server 11.7 is vulnerable to
cross-site scr ...)
@@ -29672,8 +29689,8 @@ CVE-2021-25956
RESERVED
CVE-2021-25955
RESERVED
-CVE-2021-25954
- RESERVED
+CVE-2021-25954 (In “Dolibarr” application, 2.8.1 to 13.0.4
don’t res ...)
+ TODO: check
CVE-2021-25953 (Prototype pollution vulnerability in 'putil-merge'
versions1.0.0 throu ...)
NOT-FOR-US: Node putil-merge
CVE-2021-25952 (Prototype pollution vulnerability in
‘just-safe-set’ versi ...)
@@ -33103,12 +33120,12 @@ CVE-2021-24524
RESERVED
CVE-2021-24523
RESERVED
-CVE-2021-24522
- RESERVED
-CVE-2021-24521
- RESERVED
-CVE-2021-24520
- RESERVED
+CVE-2021-24522 (The User Registration, User Profile, Login & Membership
– Pr ...)
+ TODO: check
+CVE-2021-24521 (The Side Menu Lite – add sticky fixed buttons WordPress
plugin b ...)
+ TODO: check
+CVE-2021-24520 (The Stock in & out WordPress plugin through 1.0.4 lacks
proper san ...)
+ TODO: check
CVE-2021-24519
RESERVED
CVE-2021-24518
@@ -33129,36 +33146,36 @@ CVE-2021-24511
RESERVED
CVE-2021-24510
RESERVED
-CVE-2021-24509
- RESERVED
+CVE-2021-24509 (The Page View Count WordPress plugin before 2.4.9 does not
escape the ...)
+ TODO: check
CVE-2021-24508
RESERVED
-CVE-2021-24507
- RESERVED
+CVE-2021-24507 (The Astra Pro Addon WordPress plugin before 3.5.2 did not
properly san ...)
+ TODO: check
CVE-2021-24506
RESERVED
-CVE-2021-24505
- RESERVED
+CVE-2021-24505 (The Forms WordPress plugin before 1.12.3 did not sanitise its
input fi ...)
+ TODO: check
CVE-2021-24504 (The WP LMS – Best WordPress LMS Plugin WordPress plugin
through ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24503 (The Popular Brand Icons – Simple Icons WordPress plugin
before 2 ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24502
- RESERVED
-CVE-2021-24501
- RESERVED
-CVE-2021-24500
- RESERVED
-CVE-2021-24499
- RESERVED
+CVE-2021-24502 (The WP Google Map WordPress plugin before 1.7.7 did not
sanitise or es ...)
+ TODO: check
+CVE-2021-24501 (The Workreap WordPress theme before 2.2.2 had several AJAX
actions mis ...)
+ TODO: check
+CVE-2021-24500 (Several AJAX actions available in the Workreap WordPress theme
before ...)
+ TODO: check
+CVE-2021-24499 (The Workreap WordPress theme before 2.2.2 AJAX actions
workreap_award_ ...)
+ TODO: check
CVE-2021-24498 (The Calendar Event Multi View WordPress plugin before 1.4.01
does not ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24497
RESERVED
CVE-2021-24496 (The Community Events WordPress plugin before 1.4.8 does not
sanitise, ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24495
- RESERVED
+CVE-2021-24495 (The Marmoset Viewer WordPress plugin before 1.9.3 does not
property sa ...)
+ TODO: check
CVE-2021-24494 (The WP Offload SES Lite WordPress plugin before 1.4.5 did not
escape s ...)
NOT-FOR-US: Wordpress plugin
CVE-2021-24493
@@ -33213,8 +33230,8 @@ CVE-2021-24469
RESERVED
CVE-2021-24468 (The Leaflet Map WordPress plugin before 3.0.0 does not escape
some sho ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24467
- RESERVED
+CVE-2021-24467 (The Leaflet Map WordPress plugin before 3.0.0 does not verify
the CSRF ...)
+ TODO: check
CVE-2021-24466
RESERVED
CVE-2021-24465
@@ -33539,8 +33556,8 @@ CVE-2021-24306 (The Ultimate Member – User
Profile, User Registration, Log
NOT-FOR-US: WordPress plugin
CVE-2021-24305 (The Target First WordPress Plugin v2.0, also previously known
as Watch ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24304
- RESERVED
+CVE-2021-24304 (The Newsmag WordPress theme before 5.0 does not sanitise the
td_block_ ...)
+ TODO: check
CVE-2021-24303
RESERVED
CVE-2021-24302 (The Hana Flv Player WordPress plugin through 3.1.3 is
vulnerable to an ...)
@@ -36709,8 +36726,8 @@ CVE-2021-22912 (Nextcloud iOS before 3.4.2 suffers from
an information disclosur
NOT-FOR-US: Nextcloud iOS
CVE-2021-22911 (A improper input sanitization vulnerability exists in
Rocket.Chat serv ...)
NOT-FOR-US: Rocket.Chat
-CVE-2021-22910
- RESERVED
+CVE-2021-22910 (A sanitization vulnerability exists in Rocket.Chat server
versions < ...)
+ TODO: check
CVE-2021-22909 (A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier
could a ...)
NOT-FOR-US: EdgeMAX EdgeRouter
CVE-2021-22908 (A buffer overflow vulnerability exists in Windows File
Resource Profil ...)
@@ -39399,8 +39416,8 @@ CVE-2021-21742
RESERVED
CVE-2021-21741
RESERVED
-CVE-2021-21740
- RESERVED
+CVE-2021-21740 (There is an information leak vulnerability in the digital
media player ...)
+ TODO: check
CVE-2021-21739 (A ZTE's product of the transport network access layer has a
security v ...)
NOT-FOR-US: ZTE
CVE-2021-21738 (ZTE's big video business platform has two reflective
cross-site script ...)
@@ -44097,8 +44114,8 @@ CVE-2021-20351 (IBM Engineering products are vulnerable
to cross-site scripting.
NOT-FOR-US: IBM
CVE-2021-20350 (IBM Engineering products are vulnerable to cross-site
scripting. This ...)
NOT-FOR-US: IBM
-CVE-2021-20349
- RESERVED
+CVE-2021-20349 (IBM Tivoli Workload Scheduler 9.4 and 9.5 is vulnerable to a
stack-bas ...)
+ TODO: check
CVE-2021-20348 (IBM Jazz Foundation and IBM Engineering products are
vulnerable to ser ...)
NOT-FOR-US: IBM
CVE-2021-20347 (IBM Jazz Foundation and IBM Engineering products are
vulnerable to ser ...)
@@ -46544,7 +46561,7 @@ CVE-2021-2389 (Vulnerability in the MySQL Server
product of Oracle MySQL (compon
- mysql-8.0 <unfixed>
NOTE: Fixed in MariaDB 10.5.12, 10.3.31
CVE-2021-2388 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition
produc ...)
- {DSA-4946-1}
+ {DSA-4946-1 DLA-2737-1}
- openjdk-11 11.0.12+7-1
- openjdk-8 8u302-b08-1
CVE-2021-2387 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
@@ -46589,7 +46606,7 @@ CVE-2021-2371 (Vulnerability in the Oracle Coherence
product of Oracle Fusion Mi
CVE-2021-2370 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2021-2369 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition
produc ...)
- {DSA-4946-1}
+ {DSA-4946-1 DLA-2737-1}
- openjdk-11 11.0.12+7-1
- openjdk-8 8u302-b08-1
CVE-2021-2368 (Vulnerability in the Siebel CRM product of Oracle Siebel CRM
(componen ...)
@@ -46649,7 +46666,7 @@ CVE-2021-2342 (Vulnerability in the MySQL Server
product of Oracle MySQL (compon
- mysql-5.7 <removed>
- mysql-8.0 <unfixed>
CVE-2021-2341 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition
produc ...)
- {DSA-4946-1}
+ {DSA-4946-1 DLA-2737-1}
- openjdk-11 11.0.12+7-1
- openjdk-8 8u302-b08-1
CVE-2021-2340 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
@@ -97719,6 +97736,7 @@ CVE-2020-10754 (It was found that nmcli, a command line
interface to NetworkMana
NOTE: affected but not the Debian binary builds (and is RedHat/Fedora
specific
NOTE: plugin).
CVE-2020-10753 (A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph
Object Gate ...)
+ {DLA-2735-1}
- ceph 14.2.15-1 (bug #975300)
[buster] - ceph <no-dsa> (Minor issue)
[jessie] - ceph <no-dsa> (Minor issue)
@@ -121906,7 +121924,7 @@ CVE-2020-1762 (An insufficient JWT validation
vulnerability was found in Kiali v
CVE-2020-1761 (A flaw was found in the OpenShift web console, where the access
token ...)
NOT-FOR-US: OpenShift
CVE-2020-1760 (A flaw was found in the Ceph Object Gateway, where it supports
request ...)
- {DLA-2171-1}
+ {DLA-2735-1 DLA-2171-1}
- ceph 14.2.9-1 (bug #956142)
[buster] - ceph <no-dsa> (Minor issue)
NOTE: Introduced with:
https://github.com/ceph/ceph-ci/commit/f4a0b2d9260a4523745875e3977a8a1ef9dc5e2e
@@ -187033,16 +187051,16 @@ CVE-2018-17867 (The Port Forwarding functionality
on DASAN H660GW devices allows
NOT-FOR-US: DASAN H660GW device
CVE-2018-17866 (Multiple cross-site scripting (XSS) vulnerabilities in
includes/core/u ...)
NOT-FOR-US: "Ultimate Member - User Profile & Membership" plugin for
WordPress
-CVE-2018-17865
- RESERVED
+CVE-2018-17865 (** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS)
vulnerabi ...)
+ TODO: check
CVE-2018-17864
RESERVED
CVE-2018-17863
RESERVED
-CVE-2018-17862
- RESERVED
-CVE-2018-17861
- RESERVED
+CVE-2018-17862 (** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS)
vulnerabi ...)
+ TODO: check
+CVE-2018-17861 (** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS)
vulnerabi ...)
+ TODO: check
CVE-2018-17860 (Cloudera CDH has Insecure Permissions because ALL cannot be
revoked.Th ...)
NOT-FOR-US: Cloudera
CVE-2018-17859 (An issue was discovered in Joomla! before 3.8.13. Inadequate
checks in ...)
@@ -189664,7 +189682,7 @@ CVE-2018-16847 (An OOB heap buffer r/w access issue
was found in the NVM Express
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html
NOTE:
https://git.qemu.org/?p=qemu.git;a=commit;h=87ad860c622cc8f8916b5232bd8728c08f938fce
CVE-2018-16846 (It was found in Ceph versions before 13.2.4 that authenticated
ceph RG ...)
- {DLA-1696-1}
+ {DLA-2735-1 DLA-1696-1}
- ceph 12.2.11+dfsg1-1 (bug #921947)
NOTE: http://tracker.ceph.com/issues/35994
NOTE:
https://github.com/ceph/ceph/commit/4337e6a7d9f92c8549ebee20d0dd67a01e49857f
@@ -195236,7 +195254,7 @@ CVE-2018-14663 (An issue has been found in PowerDNS
DNSDist before 1.3.3 allowin
[stretch] - dnsdist <no-dsa> (Minor issue)
NOTE:
https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2018-08.html
CVE-2018-14662 (It was found Ceph versions before 13.2.4 that authenticated
ceph users ...)
- {DLA-1696-1}
+ {DLA-2735-1 DLA-1696-1}
- ceph 12.2.11+dfsg1-1 (bug #921948)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1637327
NOTE:
https://github.com/ceph/ceph/commit/a2acedd2a7e12d58af6db35edbd8a9d29c557578
@@ -321589,8 +321607,8 @@ CVE-2015-7733
RESERVED
CVE-2015-7732 (The Avira Mobile Security app before 1.5.11 for iOS sends
sensitive lo ...)
NOT-FOR-US: Avira Mobile Security app
-CVE-2015-7731
- RESERVED
+CVE-2015-7731 (SAP Mobile Platform 3.0 SP05 ClientHub allows attackers to
obtain the ...)
+ TODO: check
CVE-2015-7730 (SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0,
and Bus ...)
NOT-FOR-US: SAP BusinessObjects
CVE-2015-7729 (Eval injection in test-net.xsjs in the Web-based Development
Workbench ...)
@@ -337895,10 +337913,10 @@ CVE-2015-2076 (The Auditing service in SAP
BusinessObjects Edge 4.0 allows remot
NOT-FOR-US: SAP
CVE-2015-2075 (SAP BusinessObjects Edge 4.0 allows remote attackers to delete
audit e ...)
NOT-FOR-US: SAP
-CVE-2015-2074
- RESERVED
-CVE-2015-2073
- RESERVED
+CVE-2015-2074 (The File Repository Server (FRS) CORBA listener in SAP
BussinessObject ...)
+ TODO: check
+CVE-2015-2073 (The File RepositoRy Server (FRS) CORBA listener in SAP
BussinessObject ...)
+ TODO: check
CVE-2015-2072 (Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA
73 (1. ...)
NOT-FOR-US: SAP
CVE-2015-2071 (Directory traversal vulnerability in cm/newui/blog/export.jsp
in eTouc ...)
@@ -344354,8 +344372,7 @@ CVE-2014-9322 (arch/x86/kernel/entry_64.S in the
Linux kernel before 3.17.5 does
[squeeze] - linux-2.6 2.6.32-48squeeze9
CVE-2014-9321
RESERVED
-CVE-2014-9320
- RESERVED
+CVE-2014-9320 (SAP BusinessObjects Edge 4.1 allows remote attackers to obtain
the SI_ ...)
NOT-FOR-US: SAP Business Objects
CVE-2014-9319 (The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in
FFMpeg ...)
- libav <not-affected> (Vulnerable code not present, reproducer tested
with 8, 11 and trunk)
@@ -372096,8 +372113,8 @@ CVE-2013-6278
RESERVED
CVE-2013-6277 (QNAP VioCard 300 has hardcoded RSA private keys. ...)
NOT-FOR-US: QNAP
-CVE-2013-6276
- RESERVED
+CVE-2013-6276 (** UNSUPPORTED WHEN ASSIGNED ** QNAP F_VioCard 2312 and
F_VioGate 2308 ...)
+ TODO: check
CVE-2013-6274
RESERVED
CVE-2013-6273
@@ -375766,11 +375783,9 @@ CVE-2013-4720 (SQL injection vulnerability in the
WEC Discussion Forum extension
NOT-FOR-US: WEC Discussion Forum
CVE-2013-4719 (SQL injection vulnerability in the SEO Pack for tt_news
extension befo ...)
NOT-FOR-US: SEO Pack for tt_news extension for TYPO3
-CVE-2013-4718 [XSS]
- RESERVED
+CVE-2013-4718 (Cross-site scripting (XSS) vulnerability in Open Ticket Request
System ...)
NOT-FOR-US: OTRS ITSM
-CVE-2013-4717 [SQL injection]
- RESERVED
+CVE-2013-4717 (Multiple SQL injection vulnerabilities in Open Ticket Request
System ( ...)
{DSA-2733-1}
- otrs2 3.2.9-1
NOTE:
http://web.archive.org/web/20131023033811/http://www.otrs.com:80/en/open-source/community-news/security-advisories/security-advisory-2013-05/
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/804f6a1d12da7580c8a1a48ed81a58576f700868
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/804f6a1d12da7580c8a1a48ed81a58576f700868
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
