Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
655d5777 by security tracker role at 2021-08-26T08:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2021-40145 (** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD Graphics
Library (a ...)
+ TODO: check
+CVE-2021-40144
+ RESERVED
+CVE-2021-40143
+ RESERVED
+CVE-2021-40142
+ RESERVED
CVE-2021-40141
RESERVED
CVE-2021-40140
@@ -4381,7 +4389,7 @@ CVE-2021-38165 (Lynx through 2.8.9 mishandles the
userinfo subcomponent of a URI
NOTE:
https://lists.nongnu.org/archive/html/lynx-dev/2021-08/msg00002.html
NOTE: https://lynx.invisible-island.net/current/CHANGES.html#v2.9.0dev.9
NOTE:
https://invisible-mirror.net/archives/lynx/patches/lynx2.9.0dev.9.patch.gz
-CVE-2021-38160 (In drivers/char/virtio_console.c in the Linux kernel before
5.13.4, da ...)
+CVE-2021-38160 (** DISPUTED ** In drivers/char/virtio_console.c in the Linux
kernel be ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/d00d8da5869a2608e97cfede094dfc5e11462a46
CVE-2021-38154
@@ -6180,8 +6188,8 @@ CVE-2021-37336
RESERVED
CVE-2021-37335
RESERVED
-CVE-2021-37334
- RESERVED
+CVE-2021-37334 (A security issue in Umbraco Forms 4.0.0 to and including 8.7.5
could l ...)
+ TODO: check
CVE-2021-37333
RESERVED
CVE-2021-37332
@@ -6567,10 +6575,10 @@ CVE-2021-37155 (wolfSSL 4.6.x through 4.7.x before
4.8.0 does not produce a fail
[bullseye] - wolfssl <no-dsa> (Minor issue)
NOTE: https://github.com/wolfSSL/wolfssl/pull/3990
NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v4.8.0-stable
-CVE-2021-37154
- RESERVED
-CVE-2021-37153
- RESERVED
+CVE-2021-37154 (In ForgeRock Access Management (AM) before 7.0.2, the SAML2
implementa ...)
+ TODO: check
+CVE-2021-37153 (ForgeRock Access Management (AM) before 7.0.2, when configured
with Ac ...)
+ TODO: check
CVE-2021-37152 (Multiple XSS issues exist in Sonatype Nexus Repository Manager
3 befor ...)
NOT-FOR-US: Sonatype
CVE-2021-37151
@@ -7684,7 +7692,7 @@ CVE-2021-36692
RESERVED
CVE-2021-36691
RESERVED
-CVE-2021-36690 (Segmentation fault vulnerability in SQLite sqlite3 3.36.0 via
the idxG ...)
+CVE-2021-36690 (** DISPUTED ** A segmentation fault can occur in the
sqlite3.exe comma ...)
- sqlite3 3.36.0-2
[bullseye] - sqlite3 <no-dsa> (Minor issue)
[buster] - sqlite3 <no-dsa> (Minor issue)
@@ -28784,8 +28792,8 @@ CVE-2021-28072
RESERVED
CVE-2021-28071
RESERVED
-CVE-2021-28070
- RESERVED
+CVE-2021-28070 (Cross Site Request Forgery (CSRF) vulnerability exist in
PopojiCMS 2.0 ...)
+ TODO: check
CVE-2021-28069
RESERVED
CVE-2021-28068
@@ -47501,22 +47509,22 @@ CVE-2021-20817
RESERVED
CVE-2021-20816
RESERVED
-CVE-2021-20815
- RESERVED
-CVE-2021-20814
- RESERVED
-CVE-2021-20813
- RESERVED
-CVE-2021-20812
- RESERVED
-CVE-2021-20811
- RESERVED
-CVE-2021-20810
- RESERVED
-CVE-2021-20809
- RESERVED
-CVE-2021-20808
- RESERVED
+CVE-2021-20815 (Cross-site scripting vulnerability in Edit Boilerplate screen
of Movab ...)
+ TODO: check
+CVE-2021-20814 (Cross-site scripting vulnerability in Setting screen of
ContentType In ...)
+ TODO: check
+CVE-2021-20813 (Cross-site scripting vulnerability in Edit screen of Content
Data of M ...)
+ TODO: check
+CVE-2021-20812 (Cross-site scripting vulnerability in Setting screen of Server
Sync of ...)
+ TODO: check
+CVE-2021-20811 (Cross-site scripting vulnerability in List of Assets screen of
Movable ...)
+ TODO: check
+CVE-2021-20810 (Cross-site scripting vulnerability in Website Management
screen of Mov ...)
+ TODO: check
+CVE-2021-20809 (Cross-site scripting vulnerability in Create screens of Entry,
Page, a ...)
+ TODO: check
+CVE-2021-20808 (Cross-site scripting vulnerability in Search screen of Movable
Type (M ...)
+ TODO: check
CVE-2021-20807
RESERVED
CVE-2021-20806
@@ -47545,8 +47553,8 @@ CVE-2021-20795
RESERVED
CVE-2021-20794
RESERVED
-CVE-2021-20793
- RESERVED
+CVE-2021-20793 (Untrusted search path vulnerability in the installer of Sony
Audio USB ...)
+ TODO: check
CVE-2021-20792 (Cross-site scripting vulnerability in Quiz And Survey Master
versions ...)
NOT-FOR-US: Quiz And Survey Master
CVE-2021-20791
@@ -55045,38 +55053,38 @@ CVE-2021-1594
RESERVED
CVE-2021-1593 (A vulnerability in Cisco Packet Tracer for Windows could allow
an auth ...)
NOT-FOR-US: Cisco
-CVE-2021-1592
- RESERVED
-CVE-2021-1591
- RESERVED
-CVE-2021-1590
- RESERVED
+CVE-2021-1592 (A vulnerability in the way Cisco UCS Manager software handles
SSH sess ...)
+ TODO: check
+CVE-2021-1591 (A vulnerability in the EtherChannel port subscription logic of
Cisco N ...)
+ TODO: check
+CVE-2021-1590 (A vulnerability in the implementation of the system login
block-for co ...)
+ TODO: check
CVE-2021-1589
RESERVED
-CVE-2021-1588
- RESERVED
-CVE-2021-1587
- RESERVED
-CVE-2021-1586
- RESERVED
+CVE-2021-1588 (A vulnerability in the MPLS Operation, Administration, and
Maintenance ...)
+ TODO: check
+CVE-2021-1587 (A vulnerability in the VXLAN Operation, Administration, and
Maintenanc ...)
+ TODO: check
+CVE-2021-1586 (A vulnerability in the Multi-Pod or Multi-Site network
configurations ...)
+ TODO: check
CVE-2021-1585 (A vulnerability in the Cisco Adaptive Security Device Manager
(ASDM) L ...)
NOT-FOR-US: Cisco
-CVE-2021-1584
- RESERVED
-CVE-2021-1583
- RESERVED
-CVE-2021-1582
- RESERVED
-CVE-2021-1581
- RESERVED
-CVE-2021-1580
- RESERVED
-CVE-2021-1579
- RESERVED
-CVE-2021-1578
- RESERVED
-CVE-2021-1577
- RESERVED
+CVE-2021-1584 (A vulnerability in Cisco Nexus 9000 Series Fabric Switches in
Applicat ...)
+ TODO: check
+CVE-2021-1583 (A vulnerability in the fabric infrastructure file system access
contro ...)
+ TODO: check
+CVE-2021-1582 (A vulnerability in the web UI of Cisco Application Policy
Infrastructu ...)
+ TODO: check
+CVE-2021-1581 (Multiple vulnerabilities in the web UI and API endpoints of
Cisco Appl ...)
+ TODO: check
+CVE-2021-1580 (Multiple vulnerabilities in the web UI and API endpoints of
Cisco Appl ...)
+ TODO: check
+CVE-2021-1579 (A vulnerability in an API endpoint of Cisco Application Policy
Infrast ...)
+ TODO: check
+CVE-2021-1578 (A vulnerability in an API endpoint of Cisco Application Policy
Infrast ...)
+ TODO: check
+CVE-2021-1577 (A vulnerability in an API endpoint of Cisco Application Policy
Infrast ...)
+ TODO: check
CVE-2021-1576 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
NOT-FOR-US: Cisco
CVE-2021-1575 (A vulnerability in the web-based management interface of Cisco
Virtual ...)
@@ -55183,8 +55191,8 @@ CVE-2021-1525 (A vulnerability in Cisco Webex Meetings
and Cisco Webex Meetings
NOT-FOR-US: Cisco
CVE-2021-1524 (A vulnerability in the API of Cisco Meeting Server could allow
an auth ...)
NOT-FOR-US: Cisco
-CVE-2021-1523
- RESERVED
+CVE-2021-1523 (A vulnerability in Cisco Nexus 9000 Series Fabric Switches in
Applicat ...)
+ TODO: check
CVE-2021-1522 (A vulnerability in the change password API of Cisco Connected
Mobile E ...)
NOT-FOR-US: Cisco
CVE-2021-1521 (A vulnerability in the Cisco Discovery Protocol implementation
for Cis ...)
@@ -78224,10 +78232,10 @@ CVE-2020-19824
RESERVED
CVE-2020-19823
RESERVED
-CVE-2020-19822
- RESERVED
-CVE-2020-19821
- RESERVED
+CVE-2020-19822 (A remote code execution (RCE) vulnerability in
template_user.php of ZZ ...)
+ TODO: check
+CVE-2020-19821 (A SQL injection vulnerability in admin.php of DOYOCMS 2.3
allows attac ...)
+ TODO: check
CVE-2020-19820
RESERVED
CVE-2020-19819
@@ -78452,20 +78460,20 @@ CVE-2020-19711
RESERVED
CVE-2020-19710
RESERVED
-CVE-2020-19709
- RESERVED
+CVE-2020-19709 (Insufficient filtering of the tag parameters in feehicms 0.1.3
allows ...)
+ TODO: check
CVE-2020-19708
RESERVED
CVE-2020-19707
RESERVED
CVE-2020-19706
RESERVED
-CVE-2020-19705
- RESERVED
-CVE-2020-19704
- RESERVED
-CVE-2020-19703
- RESERVED
+CVE-2020-19705 (thinkphp-zcms as of 20190715 allows SQL injection via
index.php?m=home ...)
+ TODO: check
+CVE-2020-19704 (A stored cross-site scripting (XSS) vulnerability via
ResourceControll ...)
+ TODO: check
+CVE-2020-19703 (A cross-site scripting (XSS) vulnerability in the referer
parameter of ...)
+ TODO: check
CVE-2020-19702
RESERVED
CVE-2020-19701
@@ -78790,8 +78798,8 @@ CVE-2020-19549
RESERVED
CVE-2020-19548
RESERVED
-CVE-2020-19547
- RESERVED
+CVE-2020-19547 (Directory Traversal vulnerability exists in PopojiCMS 2.0.1
via the id ...)
+ TODO: check
CVE-2020-19546
RESERVED
CVE-2020-19545
@@ -81841,8 +81849,8 @@ CVE-2020-18067
RESERVED
CVE-2020-18066 (Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1)
userName ...)
NOT-FOR-US: Zrlog
-CVE-2020-18065
- RESERVED
+CVE-2020-18065 (Cross Site Scripting (XSS) vulnerability exists in PopojiCMS
2.0.1 in ...)
+ TODO: check
CVE-2020-18064
RESERVED
CVE-2020-18063
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/655d5777641375a8c5c23e06bd6ca3600c4985d2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/655d5777641375a8c5c23e06bd6ca3600c4985d2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
