[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 01 Sep 2021 13:10:42 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7a8461e0 by security tracker role at 2021-09-01T20:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,73 @@
-CVE-2021-40353 (A SQL injection vulnerability exists in version 8.0 of openSIS 
when My ...)
+CVE-2021-40382 (An issue was discovered on Compro IP70 2.08_7130218, IP570 
2.08_713052 ...)
+       TODO: check
+CVE-2021-40381 (An issue was discovered on Compro IP70 2.08_7130218, IP570 
2.08_713052 ...)
+       TODO: check
+CVE-2021-40380 (An issue was discovered on Compro IP70 2.08_7130218, IP570 
2.08_713052 ...)
+       TODO: check
+CVE-2021-40379 (An issue was discovered on Compro IP70 2.08_7130218, IP570 
2.08_713052 ...)
        TODO: check
-CVE-2021-40352
+CVE-2021-40378 (An issue was discovered on Compro IP70 2.08_7130218, IP570 
2.08_713052 ...)
+       TODO: check
+CVE-2021-40377
        RESERVED
-CVE-2021-40351
+CVE-2021-40376
+       RESERVED
+CVE-2021-40375
+       RESERVED
+CVE-2021-40374
+       RESERVED
+CVE-2021-40373
+       RESERVED
+CVE-2021-40372
+       RESERVED
+CVE-2021-40371
+       RESERVED
+CVE-2021-40370
+       RESERVED
+CVE-2021-40369
+       RESERVED
+CVE-2021-40368
+       RESERVED
+CVE-2021-40367
+       RESERVED
+CVE-2021-40366
+       RESERVED
+CVE-2021-40365
+       RESERVED
+CVE-2021-40364
+       RESERVED
+CVE-2021-40363
+       RESERVED
+CVE-2021-40362
+       RESERVED
+CVE-2021-40361
+       RESERVED
+CVE-2021-40360
+       RESERVED
+CVE-2021-40359
+       RESERVED
+CVE-2021-40358
+       RESERVED
+CVE-2021-40357
+       RESERVED
+CVE-2021-40356
+       RESERVED
+CVE-2021-40355
        RESERVED
-CVE-2021-40350
+CVE-2021-40354
        RESERVED
+CVE-2021-3761
+       RESERVED
+CVE-2021-3760
+       RESERVED
+CVE-2021-40353 (A SQL injection vulnerability exists in version 8.0 of openSIS 
when My ...)
+       TODO: check
+CVE-2021-40352 (OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct 
Object Re ...)
+       TODO: check
+CVE-2021-40351
+       RESERVED
+CVE-2021-40350 (webctrl.cgi.elf on Christie Digital DWU850-GS V06.46 devices 
allows at ...)
+       TODO: check
 CVE-2021-40349
        RESERVED
 CVE-2021-40348
@@ -1118,8 +1180,8 @@ CVE-2021-39849
        RESERVED
 CVE-2021-39848
        RESERVED
-CVE-2021-39847
-       RESERVED
+CVE-2021-39847 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a 
stack-ba ...)
+       TODO: check
 CVE-2021-39846
        RESERVED
 CVE-2021-39845
@@ -1178,10 +1240,10 @@ CVE-2021-39819
        RESERVED
 CVE-2021-39818
        RESERVED
-CVE-2021-39817
-       RESERVED
-CVE-2021-39816
-       RESERVED
+CVE-2021-39817 (Adobe Bridge version 11.1 (and earlier) is affected by a 
memory corrup ...)
+       TODO: check
+CVE-2021-39816 (Adobe Bridge version 11.1 (and earlier) is affected by a 
memory corrup ...)
+       TODO: check
 CVE-2021-39815
        RESERVED
 CVE-2021-39814
@@ -2061,20 +2123,20 @@ CVE-2021-39381
        RESERVED
 CVE-2021-39380
        RESERVED
-CVE-2021-39379
-       RESERVED
-CVE-2021-39378
-       RESERVED
-CVE-2021-39377
-       RESERVED
+CVE-2021-39379 (A SQL Injection vulnerability exists in openSIS 8.0 when MySQL 
(MariaD ...)
+       TODO: check
+CVE-2021-39378 (A SQL Injection vulnerability exists in openSIS 8.0 when MySQL 
(MariaD ...)
+       TODO: check
+CVE-2021-39377 (A SQL Injection vulnerability exists in openSIS 8.0 when MySQL 
(MariaD ...)
+       TODO: check
 CVE-2021-39376 (Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 
allows SQ ...)
        NOT-FOR-US: Philips Healthcare Tasy Electronic Medical Record (EMR)
 CVE-2021-39375 (Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 
allows SQ ...)
        NOT-FOR-US: Philips Healthcare Tasy Electronic Medical Record (EMR)
 CVE-2021-39374
        RESERVED
-CVE-2021-39373
-       RESERVED
+CVE-2021-39373 (Samsung Drive Manager 2.0.104 on Samsung H3 devices allows 
attackers t ...)
+       TODO: check
 CVE-2021-39372
        RESERVED
 CVE-2021-39371 (An XML external entity (XXE) injection in PyWPS before 4.5.0 
allows an ...)
@@ -2210,8 +2272,8 @@ CVE-2021-39322
        RESERVED
 CVE-2021-39321
        RESERVED
-CVE-2021-39320
-       RESERVED
+CVE-2021-39320 (The underConstruction plugin &lt;= 1.18 for WordPress echoes 
out the r ...)
+       TODO: check
 CVE-2021-39319
        RESERVED
 CVE-2021-39318
@@ -2621,16 +2683,16 @@ CVE-2021-39172 (Cachet is an open source status page 
system. Prior to version 2.
        - cachet <itp> (bug #851177)
 CVE-2021-39171 (Passport-SAML is a SAML 2.0 authentication provider for 
Passport, the  ...)
        TODO: check
-CVE-2021-39170
-       RESERVED
+CVE-2021-39170 (Pimcore is an open source data &amp; experience management 
platform. P ...)
+       TODO: check
 CVE-2021-39169 (Misskey is a decentralized microblogging platform. In versions 
of Miss ...)
        NOT-FOR-US: Misskey
 CVE-2021-39168 (OpenZepplin is a library for smart contract development. In 
affected v ...)
        NOT-FOR-US: OpenZeppelin
 CVE-2021-39167 (OpenZepplin is a library for smart contract development. In 
affected v ...)
        NOT-FOR-US: OpenZeppelin
-CVE-2021-39166
-       RESERVED
+CVE-2021-39166 (Pimcore is an open source data &amp; experience management 
platform. P ...)
+       TODO: check
 CVE-2021-39165 (Cachet is an open source status page. With Cachet prior to and 
includi ...)
        - cachet <itp> (bug #851177)
 CVE-2021-39164 (Matrix is an ecosystem for open federated Instant Messaging 
and Voice  ...)
@@ -3621,8 +3683,8 @@ CVE-2021-38705
        RESERVED
 CVE-2021-38704
        RESERVED
-CVE-2021-38703
-       RESERVED
+CVE-2021-38703 (Wireless devices running certain Arcadyan-derived firmware 
(such as KP ...)
+       TODO: check
 CVE-2021-3708 (D-Link router DSL-2750U with firmware vME1.16 or prior versions 
is vul ...)
        NOT-FOR-US: D-Link
 CVE-2021-3707 (D-Link router DSL-2750U with firmware vME1.16 or prior versions 
is vul ...)
@@ -7151,8 +7213,8 @@ CVE-2021-37153 (ForgeRock Access Management (AM) before 
7.0.2, when configured w
        NOT-FOR-US: ForgeRock Access Management (AM)
 CVE-2021-37152 (Multiple XSS issues exist in Sonatype Nexus Repository Manager 
3 befor ...)
        NOT-FOR-US: Sonatype
-CVE-2021-37151
-       RESERVED
+CVE-2021-37151 (CyberArk Identity 21.5.131, when handling an invalid 
authentication at ...)
+       TODO: check
 CVE-2021-3657
        RESERVED
 CVE-2021-37159 (hso_free_net_device in drivers/net/usb/hso.c in the Linux 
kernel throu ...)
@@ -9727,126 +9789,126 @@ CVE-2021-3631 [insecure sVirt label generation]
        [stretch] - libvirt <no-dsa> (Minor issue)
        NOTE: https://gitlab.com/libvirt/libvirt/-/issues/153
        NOTE: Fixed by: 
https://gitlab.com/libvirt/libvirt/-/commit/15073504dbb624d3f6c911e85557019d3620fdb2
 (v7.5.0)
-CVE-2021-36079
-       RESERVED
-CVE-2021-36078
-       RESERVED
-CVE-2021-36077
-       RESERVED
-CVE-2021-36076
-       RESERVED
-CVE-2021-36075
-       RESERVED
-CVE-2021-36074
-       RESERVED
-CVE-2021-36073
-       RESERVED
-CVE-2021-36072
-       RESERVED
-CVE-2021-36071
-       RESERVED
-CVE-2021-36070
-       RESERVED
-CVE-2021-36069
-       RESERVED
-CVE-2021-36068
-       RESERVED
-CVE-2021-36067
-       RESERVED
-CVE-2021-36066
-       RESERVED
-CVE-2021-36065
-       RESERVED
-CVE-2021-36064
-       RESERVED
-CVE-2021-36063
-       RESERVED
-CVE-2021-36062
-       RESERVED
-CVE-2021-36061
-       RESERVED
+CVE-2021-36079 (Adobe Bridge version 11.1 (and earlier) is affected by an 
out-of-bound ...)
+       TODO: check
+CVE-2021-36078 (Adobe Bridge version 11.1 (and earlier) is affected by a 
memory corrup ...)
+       TODO: check
+CVE-2021-36077 (Adobe Bridge version 11.1 (and earlier) is affected by a 
memory corrup ...)
+       TODO: check
+CVE-2021-36076 (Adobe Bridge version 11.1 (and earlier) is affected by a 
memory corrup ...)
+       TODO: check
+CVE-2021-36075 (Adobe Bridge version 11.1 (and earlier) is affected by a 
Buffer Overfl ...)
+       TODO: check
+CVE-2021-36074 (Adobe Bridge versions 11.1 (and earlier) are affected by an 
out-of-bou ...)
+       TODO: check
+CVE-2021-36073 (Adobe Bridge version 11.1 (and earlier) is affected by a 
heap-based bu ...)
+       TODO: check
+CVE-2021-36072 (Adobe Bridge versions 11.1 (and earlier) are affected by an 
out-of-bou ...)
+       TODO: check
+CVE-2021-36071 (Adobe Bridge versions 11.1 (and earlier) are affected by an 
out-of-bou ...)
+       TODO: check
+CVE-2021-36070 (Adobe Media Encoder version 15.1 (and earlier) is affected by 
an impro ...)
+       TODO: check
+CVE-2021-36069 (Adobe Bridge version 11.1 (and earlier) is affected by a 
memory corrup ...)
+       TODO: check
+CVE-2021-36068 (Adobe Bridge version 11.1 (and earlier) is affected by a 
memory corrup ...)
+       TODO: check
+CVE-2021-36067 (Adobe Bridge version 11.1 (and earlier) is affected by a 
memory corrup ...)
+       TODO: check
+CVE-2021-36066 (Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and 
earlier ...)
+       TODO: check
+CVE-2021-36065 (Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and 
earlier ...)
+       TODO: check
+CVE-2021-36064 (XMP Toolkit version 2020.1 (and earlier) is affected by a 
Buffer Under ...)
+       TODO: check
+CVE-2021-36063 (Adobe Connect version 11.2.2 (and earlier) is affected by a 
Reflected  ...)
+       TODO: check
+CVE-2021-36062 (Adobe Connect version 11.2.2 (and earlier) is affected by a 
Reflected  ...)
+       TODO: check
+CVE-2021-36061 (Adobe Connect version 11.2.2 (and earlier) is affected by a 
secure des ...)
+       TODO: check
 CVE-2021-36060
        RESERVED
-CVE-2021-36059
-       RESERVED
-CVE-2021-36058
-       RESERVED
-CVE-2021-36057
-       RESERVED
-CVE-2021-36056
-       RESERVED
-CVE-2021-36055
-       RESERVED
-CVE-2021-36054
-       RESERVED
-CVE-2021-36053
-       RESERVED
-CVE-2021-36052
-       RESERVED
+CVE-2021-36059 (Adobe Bridge version 11.1 (and earlier) is affected by a 
memory corrup ...)
+       TODO: check
+CVE-2021-36058 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by an 
Integer ...)
+       TODO: check
+CVE-2021-36057 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a 
write-wh ...)
+       TODO: check
+CVE-2021-36056 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a 
buffer o ...)
+       TODO: check
+CVE-2021-36055 (XMP Toolkit SDK versions 2020.1 (and earlier) are affected by 
a use-af ...)
+       TODO: check
+CVE-2021-36054 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a 
buffer o ...)
+       TODO: check
+CVE-2021-36053 (XMP Toolkit SDK versions 2020.1 (and earlier) are affected by 
an out-o ...)
+       TODO: check
+CVE-2021-36052 (XMP Toolkit version 2020.1 (and earlier) is affected by a 
memory corru ...)
+       TODO: check
 CVE-2021-36051
        RESERVED
-CVE-2021-36050
-       RESERVED
-CVE-2021-36049
-       RESERVED
-CVE-2021-36048
-       RESERVED
-CVE-2021-36047
-       RESERVED
-CVE-2021-36046
-       RESERVED
-CVE-2021-36045
-       RESERVED
-CVE-2021-36044
-       RESERVED
-CVE-2021-36043
-       RESERVED
-CVE-2021-36042
-       RESERVED
-CVE-2021-36041
-       RESERVED
-CVE-2021-36040
-       RESERVED
-CVE-2021-36039
-       RESERVED
-CVE-2021-36038
-       RESERVED
-CVE-2021-36037
-       RESERVED
+CVE-2021-36050 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a 
buffer o ...)
+       TODO: check
+CVE-2021-36049 (Adobe Bridge version 11.1 (and earlier) is affected by a 
memory corrup ...)
+       TODO: check
+CVE-2021-36048 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by an 
Imprope ...)
+       TODO: check
+CVE-2021-36047 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by an 
Imprope ...)
+       TODO: check
+CVE-2021-36046 (XMP Toolkit version 2020.1 (and earlier) is affected by a 
memory corru ...)
+       TODO: check
+CVE-2021-36045 (XMP Toolkit SDK versions 2020.1 (and earlier) are affected by 
an out-o ...)
+       TODO: check
+CVE-2021-36044 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and 
earlier)  ...)
+       TODO: check
+CVE-2021-36043 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and 
earlier)  ...)
+       TODO: check
+CVE-2021-36042 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and 
earlier)  ...)
+       TODO: check
+CVE-2021-36041 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and 
earlier)  ...)
+       TODO: check
+CVE-2021-36040 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and 
earlier)  ...)
+       TODO: check
+CVE-2021-36039 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and 
earlier)  ...)
+       TODO: check
+CVE-2021-36038 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and 
earlier)  ...)
+       TODO: check
+CVE-2021-36037 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and 
earlier)  ...)
+       TODO: check
 CVE-2021-36036
        RESERVED
-CVE-2021-36035
-       RESERVED
-CVE-2021-36034
-       RESERVED
-CVE-2021-36033
-       RESERVED
-CVE-2021-36032
-       RESERVED
-CVE-2021-36031
-       RESERVED
-CVE-2021-36030
-       RESERVED
-CVE-2021-36029
-       RESERVED
-CVE-2021-36028
-       RESERVED
-CVE-2021-36027
-       RESERVED
-CVE-2021-36026
-       RESERVED
-CVE-2021-36025
-       RESERVED
-CVE-2021-36024
-       RESERVED
+CVE-2021-36035 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and 
earlier)  ...)
+       TODO: check
+CVE-2021-36034 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and 
earlier)  ...)
+       TODO: check
+CVE-2021-36033 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and 
earlier)  ...)
+       TODO: check
+CVE-2021-36032 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and 
earlier)  ...)
+       TODO: check
+CVE-2021-36031 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and 
earlier)  ...)
+       TODO: check
+CVE-2021-36030 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and 
earlier)  ...)
+       TODO: check
+CVE-2021-36029 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and 
earlier)  ...)
+       TODO: check
+CVE-2021-36028 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and 
earlier)  ...)
+       TODO: check
+CVE-2021-36027 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and 
earlier)  ...)
+       TODO: check
+CVE-2021-36026 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and 
earlier)  ...)
+       TODO: check
+CVE-2021-36025 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and 
earlier)  ...)
+       TODO: check
+CVE-2021-36024 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and 
earlier)  ...)
+       TODO: check
 CVE-2021-36023
        RESERVED
-CVE-2021-36022
-       RESERVED
+CVE-2021-36022 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and 
earlier)  ...)
+       TODO: check
 CVE-2021-36021
        RESERVED
-CVE-2021-36020
-       RESERVED
+CVE-2021-36020 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and 
earlier)  ...)
+       TODO: check
 CVE-2021-36019
        RESERVED
 CVE-2021-36018
@@ -9861,8 +9923,8 @@ CVE-2021-36014 (Adobe Media Encoder version 15.2 (and 
earlier) is affected by an
        NOT-FOR-US: Adobe
 CVE-2021-36013 (Adobe Media Encoder version 15.2 (and earlier) is affected by 
an Out-o ...)
        NOT-FOR-US: Adobe
-CVE-2021-36012
-       RESERVED
+CVE-2021-36012 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and 
earlier)  ...)
+       TODO: check
 CVE-2021-36011 (Adobe Illustrator version 25.2.3 (and earlier) is affected by 
a potent ...)
        NOT-FOR-US: Adobe
 CVE-2021-36010 (Adobe Illustrator version 25.2.3 (and earlier) is affected by 
an out-o ...)
@@ -9881,8 +9943,8 @@ CVE-2021-36004 (Adobe InDesign version 16.0 (and earlier) 
is affected by an Out-
        NOT-FOR-US: Adobe
 CVE-2021-36003
        RESERVED
-CVE-2021-36002
-       RESERVED
+CVE-2021-36002 (Adobe Captivate version 11.5.5 (and earlier) is affected by an 
Creatio ...)
+       TODO: check
 CVE-2021-36001 (Adobe Character Animator version 4.2 (and earlier) is affected 
by an o ...)
        NOT-FOR-US: Adobe
 CVE-2021-36000 (Adobe Character Animator version 4.2 (and earlier) is affected 
by a me ...)
@@ -10945,8 +11007,8 @@ CVE-2021-35510
        RESERVED
 CVE-2021-35509
        RESERVED
-CVE-2021-35508
-       RESERVED
+CVE-2021-35508 (NMSAccess32.exe in TeraRecon AQNetClient 4.4.13 allows 
attackers to ex ...)
+       TODO: check
 CVE-2021-35507
        RESERVED
 CVE-2021-35506
@@ -11576,8 +11638,8 @@ CVE-2021-35240 (A security researcher stored XSS via a 
Help Server setting. This
        NOT-FOR-US: SolarWinds
 CVE-2021-35239 (A security researcher found a user with Orion map manage 
rights could  ...)
        NOT-FOR-US: SolarWinds
-CVE-2021-35238
-       RESERVED
+CVE-2021-35238 (User with Orion Platform Admin Rights could store XSS through 
URL POST ...)
+       TODO: check
 CVE-2021-35237
        RESERVED
 CVE-2021-35236
@@ -11616,14 +11678,14 @@ CVE-2021-35220 (Command Injection vulnerability in 
EmailWebPage API which can le
        NOT-FOR-US: SolarWinds
 CVE-2021-35219 (ExportToPdfCmd Arbitrary File Read Information Disclosure 
Vulnerabilit ...)
        NOT-FOR-US: SolarWinds
-CVE-2021-35218
-       RESERVED
+CVE-2021-35218 (Deserialization of Untrusted Data in the Web Console Chart 
Endpoint ca ...)
+       TODO: check
 CVE-2021-35217
        RESERVED
-CVE-2021-35216
-       RESERVED
-CVE-2021-35215
-       RESERVED
+CVE-2021-35216 (Insecure Deserialization of untrusted data remote code 
execution vulne ...)
+       TODO: check
+CVE-2021-35215 (Insecure deserialization leading to Remote Code Execution was 
detected ...)
+       TODO: check
 CVE-2021-35214
        RESERVED
 CVE-2021-35213 (An Improper Access Control Privilege Escalation Vulnerability 
was disc ...)
@@ -13406,8 +13468,8 @@ CVE-2021-34437
        RESERVED
 CVE-2021-34436
        RESERVED
-CVE-2021-34435
-       RESERVED
+CVE-2021-34435 (In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension 
allows a ...)
+       TODO: check
 CVE-2021-34434 (In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the 
dynamic se ...)
        - mosquitto <unfixed> (bug #993400)
        [buster] - mosquitto <not-affected> (Vulnerable code introduced later)
@@ -23625,10 +23687,10 @@ CVE-2021-30357 (SSL Network Extender Client for Linux 
before build 800008302 rev
        NOT-FOR-US: SSL Network Extender Client
 CVE-2021-30356 (A denial of service vulnerability was reported in Check Point 
Identity ...)
        NOT-FOR-US: Check Point Identity Agent
-CVE-2021-30355
-       RESERVED
-CVE-2021-30354
-       RESERVED
+CVE-2021-30355 (Amazon Kindle e-reader prior to and including version 5.13.4 
improperl ...)
+       TODO: check
+CVE-2021-30354 (Amazon Kindle e-reader prior to and including version 5.13.4 
contains  ...)
+       TODO: check
 CVE-2021-30353
        RESERVED
 CVE-2021-30352
@@ -24998,12 +25060,12 @@ CVE-2021-29855
        RESERVED
 CVE-2021-29854
        RESERVED
-CVE-2021-29853
-       RESERVED
-CVE-2021-29852
-       RESERVED
-CVE-2021-29851
-       RESERVED
+CVE-2021-29853 (IBM Planning Analytics 2.0 could expose information that could 
be used ...)
+       TODO: check
+CVE-2021-29852 (IBM Planning Analytics 2.0 is vulnerable to cross-site 
scripting. This ...)
+       TODO: check
+CVE-2021-29851 (IBM Planning Analytics 2.0 could allow a remote attacker to 
obtain sen ...)
+       TODO: check
 CVE-2021-29850
        RESERVED
 CVE-2021-29849
@@ -40418,12 +40480,12 @@ CVE-2021-23440
        RESERVED
 CVE-2021-23439
        RESERVED
-CVE-2021-23438
-       RESERVED
+CVE-2021-23438 (This affects the package mpath before 0.8.4. A type confusion 
vulnerab ...)
+       TODO: check
 CVE-2021-23437
        RESERVED
-CVE-2021-23436
-       RESERVED
+CVE-2021-23436 (This affects the package immer before 9.0.6. A type confusion 
vulnerab ...)
+       TODO: check
 CVE-2021-23435
        RESERVED
 CVE-2021-23434 (This affects the package object-path before 0.11.6. A type 
confusion v ...)
@@ -40438,12 +40500,12 @@ CVE-2021-23430 (All versions of package startserver 
are vulnerable to Directory
        TODO: check
 CVE-2021-23429 (All versions of package transpile are vulnerable to Denial of 
Service  ...)
        TODO: check
-CVE-2021-23428
-       RESERVED
-CVE-2021-23427
-       RESERVED
-CVE-2021-23426
-       RESERVED
+CVE-2021-23428 (This affects all versions of package elFinder.NetCore. The 
Path.Combin ...)
+       TODO: check
+CVE-2021-23427 (This affects all versions of package elFinder.NetCore. The 
ExtractAsyn ...)
+       TODO: check
+CVE-2021-23426 (This affects all versions of package Proto. It is possible to 
inject p ...)
+       TODO: check
 CVE-2021-23425 (All versions of package trim-off-newlines are vulnerable to 
Regular Ex ...)
        NOT-FOR-US: Node trim-off-newlines
 CVE-2021-23424 (This affects all versions of package ansi-html. If an attacker 
provide ...)
@@ -76447,7 +76509,8 @@ CVE-2020-21066 (An issue was discovered in Bento4 
v1.5.1.0. There is a heap-buff
        NOT-FOR-US: Bento4
 CVE-2020-21065
        RESERVED
-CVE-2020-21064 (A buffer-overflow vulnerability in the 
AP4_RtpAtom::AP4_RtpAtom functi ...)
+CVE-2020-21064
+       REJECTED
        NOT-FOR-US: Bento4
 CVE-2020-21063
        RESERVED
@@ -107234,12 +107297,12 @@ CVE-2020-9004 (A remote authenticated 
authorization-bypass vulnerability in Wowz
        NOT-FOR-US: Wowza Streaming Engine
 CVE-2020-9003 (A stored XSS vulnerability exists in the Modula Image Gallery 
plugin b ...)
        NOT-FOR-US: Modula Image Gallery plugin for WordPress
-CVE-2020-9002
-       RESERVED
+CVE-2020-9002 (An issue was discovered in iPortalis iCS 7.1.13.0. An attacker 
can gai ...)
+       TODO: check
 CVE-2020-9001
        REJECTED
-CVE-2020-9000
-       RESERVED
+CVE-2020-9000 (An issue was discovered in iPortalis iCS 7.1.13.0. Attackers 
can send  ...)
+       TODO: check
 CVE-2020-8999
        REJECTED
 CVE-2020-8998



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a8461e0d0816ae6967f5e7f02fc40bafc9f42dd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a8461e0d0816ae6967f5e7f02fc40bafc9f42dd
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to