Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b236f0ab by security tracker role at 2021-12-27T20:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,311 @@
+CVE-2021-45884
+ RESERVED
+CVE-2021-45883
+ RESERVED
+CVE-2021-45882
+ RESERVED
+CVE-2021-45881
+ RESERVED
+CVE-2021-45880
+ RESERVED
+CVE-2021-45879
+ RESERVED
+CVE-2021-45878
+ RESERVED
+CVE-2021-45877
+ RESERVED
+CVE-2021-45876
+ RESERVED
+CVE-2021-45875
+ RESERVED
+CVE-2021-45874
+ RESERVED
+CVE-2021-45873
+ RESERVED
+CVE-2021-45872
+ RESERVED
+CVE-2021-45871
+ RESERVED
+CVE-2021-45870
+ RESERVED
+CVE-2021-45869
+ RESERVED
+CVE-2021-45868
+ RESERVED
+CVE-2021-45867
+ RESERVED
+CVE-2021-45866
+ RESERVED
+CVE-2021-45865
+ RESERVED
+CVE-2021-45864
+ RESERVED
+CVE-2021-45863
+ RESERVED
+CVE-2021-45862
+ RESERVED
+CVE-2021-45861
+ RESERVED
+CVE-2021-45860
+ RESERVED
+CVE-2021-45859
+ RESERVED
+CVE-2021-45858
+ RESERVED
+CVE-2021-45857
+ RESERVED
+CVE-2021-45856
+ RESERVED
+CVE-2021-45855
+ RESERVED
+CVE-2021-45854
+ RESERVED
+CVE-2021-45853
+ RESERVED
+CVE-2021-45852
+ RESERVED
+CVE-2021-45851
+ RESERVED
+CVE-2021-45850
+ RESERVED
+CVE-2021-45849
+ RESERVED
+CVE-2021-45848
+ RESERVED
+CVE-2021-45847
+ RESERVED
+CVE-2021-45846
+ RESERVED
+CVE-2021-45845
+ RESERVED
+CVE-2021-45844
+ RESERVED
+CVE-2021-45843 (glFusion CMS v1.7.9 is affected by a reflected Cross Site
Scripting (X ...)
+ TODO: check
+CVE-2021-45842
+ RESERVED
+CVE-2021-45841
+ RESERVED
+CVE-2021-45840
+ RESERVED
+CVE-2021-45839
+ RESERVED
+CVE-2021-45838
+ RESERVED
+CVE-2021-45837
+ RESERVED
+CVE-2021-45836
+ RESERVED
+CVE-2021-45835
+ RESERVED
+CVE-2021-45834
+ RESERVED
+CVE-2021-45833
+ RESERVED
+CVE-2021-45832
+ RESERVED
+CVE-2021-45831
+ RESERVED
+CVE-2021-45830
+ RESERVED
+CVE-2021-45829
+ RESERVED
+CVE-2021-45828
+ RESERVED
+CVE-2021-45827
+ RESERVED
+CVE-2021-45826
+ RESERVED
+CVE-2021-45825
+ RESERVED
+CVE-2021-45824
+ RESERVED
+CVE-2021-45823
+ RESERVED
+CVE-2021-45822
+ RESERVED
+CVE-2021-45821
+ RESERVED
+CVE-2021-45820
+ RESERVED
+CVE-2021-45819
+ RESERVED
+CVE-2021-45818
+ RESERVED
+CVE-2021-45817
+ RESERVED
+CVE-2021-45816
+ RESERVED
+CVE-2021-45815
+ RESERVED
+CVE-2021-45814
+ RESERVED
+CVE-2021-45813
+ RESERVED
+CVE-2021-45812
+ RESERVED
+CVE-2021-45811
+ RESERVED
+CVE-2021-45810
+ RESERVED
+CVE-2021-45809
+ RESERVED
+CVE-2021-45808
+ RESERVED
+CVE-2021-45807
+ RESERVED
+CVE-2021-45806
+ RESERVED
+CVE-2021-45805
+ RESERVED
+CVE-2021-45804
+ RESERVED
+CVE-2021-45803
+ RESERVED
+CVE-2021-45802
+ RESERVED
+CVE-2021-45801
+ RESERVED
+CVE-2021-45800
+ RESERVED
+CVE-2021-45799
+ RESERVED
+CVE-2021-45798
+ RESERVED
+CVE-2021-45797
+ RESERVED
+CVE-2021-45796
+ RESERVED
+CVE-2021-45795
+ RESERVED
+CVE-2021-45794
+ RESERVED
+CVE-2021-45793
+ RESERVED
+CVE-2021-45792
+ RESERVED
+CVE-2021-45791
+ RESERVED
+CVE-2021-45790 (An arbitrary file upload vulnerability was found in
Metersphere v1.15. ...)
+ TODO: check
+CVE-2021-45789 (An arbitrary file read vulnerability was found in Metersphere
v1.15.4, ...)
+ TODO: check
+CVE-2021-45788 (Time-based SQL Injection vulnerabilities were found in
Metersphere v1. ...)
+ TODO: check
+CVE-2021-45787
+ RESERVED
+CVE-2021-45786
+ RESERVED
+CVE-2021-45785
+ RESERVED
+CVE-2021-45784
+ RESERVED
+CVE-2021-45783
+ RESERVED
+CVE-2021-45782
+ RESERVED
+CVE-2021-45781
+ RESERVED
+CVE-2021-45780
+ RESERVED
+CVE-2021-45779
+ RESERVED
+CVE-2021-45778
+ RESERVED
+CVE-2021-45777
+ RESERVED
+CVE-2021-45776
+ RESERVED
+CVE-2021-45775
+ RESERVED
+CVE-2021-45774
+ RESERVED
+CVE-2021-45773
+ RESERVED
+CVE-2021-45772
+ RESERVED
+CVE-2021-45771
+ RESERVED
+CVE-2021-45770
+ RESERVED
+CVE-2021-45769
+ RESERVED
+CVE-2021-45768
+ RESERVED
+CVE-2021-45767
+ RESERVED
+CVE-2021-45766
+ RESERVED
+CVE-2021-45765
+ RESERVED
+CVE-2021-45764
+ RESERVED
+CVE-2021-45763
+ RESERVED
+CVE-2021-45762
+ RESERVED
+CVE-2021-45761
+ RESERVED
+CVE-2021-45760
+ RESERVED
+CVE-2021-45759
+ RESERVED
+CVE-2021-45758
+ RESERVED
+CVE-2021-45757
+ RESERVED
+CVE-2021-45756
+ RESERVED
+CVE-2021-45755
+ RESERVED
+CVE-2021-45754
+ RESERVED
+CVE-2021-45753
+ RESERVED
+CVE-2021-45752
+ RESERVED
+CVE-2021-45751
+ RESERVED
+CVE-2021-45750
+ RESERVED
+CVE-2021-45749
+ RESERVED
+CVE-2021-45748
+ RESERVED
+CVE-2021-45747
+ RESERVED
+CVE-2021-45746
+ RESERVED
+CVE-2021-45745
+ RESERVED
+CVE-2021-45744
+ RESERVED
+CVE-2021-45743
+ RESERVED
+CVE-2021-45742
+ RESERVED
+CVE-2021-45741
+ RESERVED
+CVE-2021-45740
+ RESERVED
+CVE-2021-45739
+ RESERVED
+CVE-2021-45738
+ RESERVED
+CVE-2021-45737
+ RESERVED
+CVE-2021-45736
+ RESERVED
+CVE-2021-45735
+ RESERVED
+CVE-2021-45734
+ RESERVED
+CVE-2021-45733
+ RESERVED
+CVE-2021-4180
+ RESERVED
+CVE-2021-4179
+ RESERVED
CVE-2021-45720 (An issue was discovered in the lru crate before 0.7.1 for
Rust. The it ...)
TODO: check
CVE-2021-45719 (An issue was discovered in the rusqlite crate 0.25.x before
0.25.4 and ...)
@@ -138,8 +446,8 @@ CVE-2018-25023 (An issue was discovered in the smallvec
crate before 0.6.13 for
TODO: check
CVE-2021-4174
RESERVED
-CVE-2021-4173
- RESERVED
+CVE-2021-4173 (vim is vulnerable to Use After Free ...)
+ TODO: check
CVE-2021-4172
RESERVED
CVE-2021-4171
@@ -606,8 +914,8 @@ CVE-2021-45471 (In MediaWiki through 1.37, blocked IP
addresses are allowed to e
NOTE: https://phabricator.wikimedia.org/T296578
CVE-2021-45470 (lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular
express ...)
NOT-FOR-US: cve-search
-CVE-2021-4161
- RESERVED
+CVE-2021-4161 (The affected products contain vulnerable firmware, which could
allow a ...)
+ TODO: check
CVE-2021-45469 (In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel
through 5.15 ...)
- linux <unfixed>
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=215235
@@ -1365,16 +1673,16 @@ CVE-2021-45341
RESERVED
CVE-2021-45340
RESERVED
-CVE-2021-45339
- RESERVED
-CVE-2021-45338
- RESERVED
-CVE-2021-45337
- RESERVED
-CVE-2021-45336
- RESERVED
-CVE-2021-45335
- RESERVED
+CVE-2021-45339 (Privilege escalation vulnerability in Avast Antivirus prior to
20.4 al ...)
+ TODO: check
+CVE-2021-45338 (Multiple privilege escalation vulnerabilities in Avast
Antivirus prior ...)
+ TODO: check
+CVE-2021-45337 (Privilege escalation vulnerability in the Self-Defense driver
of Avast ...)
+ TODO: check
+CVE-2021-45336 (Privilege escalation vulnerability in the Sandbox component of
Avast A ...)
+ TODO: check
+CVE-2021-45335 (Sandbox component in Avast Antivirus prior to 20.4 has an
insecure per ...)
+ TODO: check
CVE-2021-45334
RESERVED
CVE-2021-45333
@@ -1833,8 +2141,8 @@ CVE-2022-21954
RESERVED
CVE-2021-45233
RESERVED
-CVE-2021-45232
- RESERVED
+CVE-2021-45232 (In Apache APISIX Dashboard before 2.10.1, the Manager API uses
two fra ...)
+ TODO: check
CVE-2021-45231
RESERVED
CVE-2021-45230
@@ -6043,12 +6351,12 @@ CVE-2021-43859
RESERVED
CVE-2021-43858
RESERVED
-CVE-2021-43857
- RESERVED
-CVE-2021-43856
- RESERVED
-CVE-2021-43855
- RESERVED
+CVE-2021-43857 (Gerapy is a distributed crawler management framework. Gerapy
prior to ...)
+ TODO: check
+CVE-2021-43856 (Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and
earlier is ...)
+ TODO: check
+CVE-2021-43855 (Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and
earlier is ...)
+ TODO: check
CVE-2021-43854 (NLTK (Natural Language Toolkit) is a suite of open source
Python modul ...)
- nltk <unfixed> (bug #1002623)
NOTE:
https://github.com/nltk/nltk/security/advisories/GHSA-f8m6-h2c7-8h9x
@@ -6071,8 +6379,8 @@ CVE-2021-43847 (HumHub is an open-source social network
kit written in PHP. Prio
NOT-FOR-US: HumHub Social Network Kit Enterprise
CVE-2021-43846 (`solidus_frontend` is the cart and storefront for the Solidus
e-commer ...)
NOT-FOR-US: solidus_frontend
-CVE-2021-43845
- RESERVED
+CVE-2021-43845 (PJSIP is a free and open source multimedia communication
library. In v ...)
+ TODO: check
CVE-2021-43844 (MSEdgeRedirect is a tool to redirect news, search, widgets,
weather, a ...)
NOT-FOR-US: MSEdgeRedirect
CVE-2021-43843 (jsx-slack is a package for building JSON objects for Slack
block kit s ...)
@@ -7624,16 +7932,16 @@ CVE-2021-43554
RESERVED
CVE-2021-43553 (PI Vision could disclose information to a user with
insufficient privi ...)
NOT-FOR-US: OSIsoft
-CVE-2021-43552
- RESERVED
+CVE-2021-43552 (The use of a hard-coded cryptographic key significantly
increases the ...)
+ TODO: check
CVE-2021-43551 (A remote attacker with write access to PI Vision could inject
code int ...)
NOT-FOR-US: OSIsoft
-CVE-2021-43550
- RESERVED
+CVE-2021-43550 (The use of a broken or risky cryptographic algorithm is an
unnecessary ...)
+ TODO: check
CVE-2021-43549 (A remote authenticated attacker with write access to a PI
Server could ...)
NOT-FOR-US: OSIsoft
-CVE-2021-43548
- RESERVED
+CVE-2021-43548 (Patient Information Center iX (PIC iX) Versions C.02 and C.03
receives ...)
+ TODO: check
CVE-2021-43547
RESERVED
CVE-2021-43546 (It was possible to recreate previous cursor spoofing attacks
against u ...)
@@ -21032,8 +21340,8 @@ CVE-2021-38963
RESERVED
CVE-2021-38962
RESERVED
-CVE-2021-38961
- RESERVED
+CVE-2021-38961 (IBM OPENBMC OP910 is vulnerable to cross-site scripting. This
vulnerab ...)
+ TODO: check
CVE-2021-38960
RESERVED
CVE-2021-38959 (IBM SPSS Statistics for Windows 24.0, 25.0, 26.0, 27.0,
27.0.1, and 28 ...)
@@ -30036,8 +30344,8 @@ CVE-2021-35234 (Numerous exposed dangerous functions
within Orion Core has allow
NOT-FOR-US: SolarWinds
CVE-2021-35233 (The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog
Server ...)
NOT-FOR-US: Kiwi Syslog Server
-CVE-2021-35232
- RESERVED
+CVE-2021-35232 (Hard coded credentials discovered in SolarWinds Web Help Desk
product. ...)
+ TODO: check
CVE-2021-35231 (As a result of an unquoted service path vulnerability present
in the K ...)
NOT-FOR-US: Kiwi Syslog Server Installation Wizard
CVE-2021-35230 (As a result of an unquoted service path vulnerability present
in the K ...)
@@ -35298,8 +35606,8 @@ CVE-2021-33019 (A stack-based buffer overflow
vulnerability in Delta Electronics
NOT-FOR-US: Delta Electronics
CVE-2021-33018
RESERVED
-CVE-2021-33017
- RESERVED
+CVE-2021-33017 (The standard access path of the IntelliBridge EC 40 and 60 Hub
(C.00.0 ...)
+ TODO: check
CVE-2021-33016
RESERVED
CVE-2021-33015 (Cscape (All Versions prior to 9.90 SP5) lacks proper
validation of use ...)
@@ -35346,8 +35654,8 @@ CVE-2021-32995 (Cscape (All Versions prior to 9.90 SP5)
lacks proper validation
NOT-FOR-US: Cscape
CVE-2021-32994
RESERVED
-CVE-2021-32993
- RESERVED
+CVE-2021-32993 (IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains
hard-coded ...)
+ TODO: check
CVE-2021-32992 (FATEK Automation WinProladder Versions 3.30 and prior do not
properly ...)
NOT-FOR-US: FATEK Automation WinProladder
CVE-2021-32991 (Delta Electronics DIAEnergie Version 1.7.5 and prior is
vulnerable to ...)
@@ -55951,10 +56259,10 @@ CVE-2021-25000
RESERVED
CVE-2021-24999
RESERVED
-CVE-2021-24998
- RESERVED
-CVE-2021-24997
- RESERVED
+CVE-2021-24998 (The Simple JWT Login WordPress plugin before 3.3.0 can be used
to crea ...)
+ TODO: check
+CVE-2021-24997 (The WP Guppy WordPress plugin before 1.3 does not have any
authorisati ...)
+ TODO: check
CVE-2021-24996
RESERVED
CVE-2021-24995
@@ -55963,34 +56271,34 @@ CVE-2021-24994
RESERVED
CVE-2021-24993
RESERVED
-CVE-2021-24992
- RESERVED
+CVE-2021-24992 (The Smart Floating / Sticky Buttons WordPress plugin before
2.5.5 does ...)
+ TODO: check
CVE-2021-24991
RESERVED
CVE-2021-24990
RESERVED
CVE-2021-24989
RESERVED
-CVE-2021-24988
- RESERVED
+CVE-2021-24988 (The WP RSS Aggregator WordPress plugin before 4.19.3 does not
sanitise ...)
+ TODO: check
CVE-2021-24987
RESERVED
CVE-2021-24986
RESERVED
CVE-2021-24985
RESERVED
-CVE-2021-24984
- RESERVED
+CVE-2021-24984 (The WPFront User Role Editor WordPress plugin before
3.2.1.11184 does ...)
+ TODO: check
CVE-2021-24983
RESERVED
CVE-2021-24982
RESERVED
CVE-2021-24981 (The Directorist WordPress plugin before 7.0.6.2 was vulnerable
to Cros ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24980
- RESERVED
-CVE-2021-24979
- RESERVED
+CVE-2021-24980 (The Gwolle Guestbook WordPress plugin before 4.2.0 does not
sanitise a ...)
+ TODO: check
+CVE-2021-24979 (The Paid Memberships Pro WordPress plugin before 2.6.6 does
not escape ...)
+ TODO: check
CVE-2021-24978
RESERVED
CVE-2021-24977
@@ -56009,12 +56317,12 @@ CVE-2021-24971
RESERVED
CVE-2021-24970 (The All-in-One Video Gallery WordPress plugin before 2.5.0
does not sa ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24969
- RESERVED
+CVE-2021-24969 (The WordPress Download Manager WordPress plugin before 3.2.22
does not ...)
+ TODO: check
CVE-2021-24968
RESERVED
-CVE-2021-24967
- RESERVED
+CVE-2021-24967 (The Contact Form & Lead Form Elementor Builder WordPress
plugin be ...)
+ TODO: check
CVE-2021-24966
RESERVED
CVE-2021-24965
@@ -56143,8 +56451,8 @@ CVE-2021-24904
RESERVED
CVE-2021-24903
RESERVED
-CVE-2021-24902
- RESERVED
+CVE-2021-24902 (The Typebot | Build beautiful conversational forms WordPress
plugin be ...)
+ TODO: check
CVE-2021-24901
RESERVED
CVE-2021-24900
@@ -56353,8 +56661,8 @@ CVE-2021-24799 (The Far Future Expiry Header WordPress
plugin before 1.5 does no
NOT-FOR-US: WordPress plugin
CVE-2021-24798 (The WP Header Images WordPress plugin before 2.0.1 does not
sanitise a ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24797
- RESERVED
+CVE-2021-24797 (The Tickera WordPress plugin before 3.4.8.3 does not properly
sanitise ...)
+ TODO: check
CVE-2021-24796 (The My Tickets WordPress plugin before 1.8.31 does not
properly saniti ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24795 (The Filter Portfolio Gallery WordPress plugin through 1.5 is
lacking C ...)
@@ -56441,8 +56749,8 @@ CVE-2021-24755 (The myCred WordPress plugin before 2.3
does not validate or esca
NOT-FOR-US: WordPress plugin
CVE-2021-24754 (The MainWP Child Reports WordPress plugin before 2.0.8 does
not valida ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24753
- RESERVED
+CVE-2021-24753 (The Rich Reviews by Starfish WordPress plugin before 1.9.6
does not pr ...)
+ TODO: check
CVE-2021-24752 (Multiple Plugins from the CatchThemes vendor do not perform
capability ...)
NOT-FOR-US: WordPress plugins
CVE-2021-24751 (The GenerateBlocks WordPress plugin before 1.4.0 does not
validate the ...)
@@ -56453,7 +56761,7 @@ CVE-2021-24749 (The URL Shortify WordPress plugin
before 1.5.1 does not have CSR
NOT-FOR-US: WordPress plugin
CVE-2021-24748 (The Email Before Download WordPress plugin before 6.8 does not
properl ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24747 (The SEO Booster WordPress plugin through 3.7 allows for
authenticated ...)
+CVE-2021-24747 (The SEO Booster WordPress plugin before 3.8 allows for
authenticated S ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24746
RESERVED
@@ -56655,9 +56963,9 @@ CVE-2021-24648
RESERVED
CVE-2021-24647 (The Registration Forms – User profile, Content
Restriction, Spam ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24646 (The Booking.com Banner Creator WordPress plugin through 1.4.2
does not ...)
+CVE-2021-24646 (The Booking.com Banner Creator WordPress plugin before 1.4.3
does not ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24645 (The Booking.com Product Helper WordPress plugin through 1.0.1
does not ...)
+CVE-2021-24645 (The Booking.com Product Helper WordPress plugin before 1.0.2
does not ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24644 (The Images to WebP WordPress plugin before 1.9 does not
validate or sa ...)
NOT-FOR-US: WordPress plugin
@@ -59854,8 +60162,8 @@ CVE-2021-23246
RESERVED
CVE-2021-23245
RESERVED
-CVE-2021-23244
- RESERVED
+CVE-2021-23244 (ColorOS pregrant dangerous permissions to apps which are
listed in a w ...)
+ TODO: check
CVE-2021-23243 (In Oppo's battery application, the third-party SDK provides
the functi ...)
NOT-FOR-US: OPPO Android Phone
CVE-2021-3112
@@ -63432,10 +63740,10 @@ CVE-2021-21753
RESERVED
CVE-2021-21752
RESERVED
-CVE-2021-21751
- RESERVED
-CVE-2021-21750
- RESERVED
+CVE-2021-21751 (ZTE BigVideo analysis product has an input verification
vulnerability. ...)
+ TODO: check
+CVE-2021-21750 (ZTE BigVideo Analysis product has a privilege escalation
vulnerability ...)
+ TODO: check
CVE-2021-21749 (ZTE MF971R product has two stack-based buffer overflow
vulnerabilities ...)
NOT-FOR-US: ZTE
CVE-2021-21748 (ZTE MF971R product has two stack-based buffer overflow
vulnerabilities ...)
@@ -114950,22 +115258,22 @@ CVE-2020-12989
REJECTED
CVE-2020-12988
REJECTED
-CVE-2020-12987
- REJECTED
-CVE-2020-12986
- REJECTED
-CVE-2020-12985
- REJECTED
+CVE-2020-12987 (A heap information leak/kernel pool address disclosure
vulnerability i ...)
+ TODO: check
+CVE-2020-12986 (An insufficient pointer validation vulnerability in the AMD
Graphics D ...)
+ TODO: check
+CVE-2020-12985 (An insufficient pointer validation vulnerability in the AMD
Graphics D ...)
+ TODO: check
CVE-2020-12984
REJECTED
-CVE-2020-12983
- REJECTED
-CVE-2020-12982
- REJECTED
-CVE-2020-12981
- REJECTED
-CVE-2020-12980
- REJECTED
+CVE-2020-12983 (An out of bounds write vulnerability in the AMD Graphics
Driver for Wi ...)
+ TODO: check
+CVE-2020-12982 (An invalid object pointer free vulnerability in the AMD
Graphics Drive ...)
+ TODO: check
+CVE-2020-12981 (An insufficient input validation in the AMD Graphics Driver
for Window ...)
+ TODO: check
+CVE-2020-12980 (An out of bounds write and read vulnerability in the AMD
Graphics Driv ...)
+ TODO: check
CVE-2020-12979
REJECTED
CVE-2020-12978
@@ -156918,7 +157226,7 @@ CVE-2019-16890 (Halo 1.1.0 has XSS via a crafted
authorUrl in JSON data to api/c
CVE-2019-16889 (Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers
to cause ...)
NOT-FOR-US: Ubiquiti EdgeMAX
CVE-2017-18635 (An XSS vulnerability was discovered in noVNC before 0.6.2 in
which the ...)
- {DLA-1946-1}
+ {DLA-2854-1 DLA-1946-1}
- novnc 1:1.0.0-1
NOTE: https://bugs.launchpad.net/horizon/+bug/1656435
NOTE:
https://github.com/novnc/noVNC/commit/6048299a138e078aed210f163111698c8c526a13#diff-286f7dc7b881e942e97cd50c10898f03L534
@@ -174630,11 +174938,11 @@ CVE-2019-11457 (Multiple CSRF issues exist in
MicroPyramid Django CRM 0.2.1 via
CVE-2019-11456 (Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary
PHP code. ...)
NOT-FOR-US: Gila CMS
CVE-2019-11455 (A buffer over-read in Util_urlDecode in util.c in Tildeslash
Monit bef ...)
- {DLA-1767-1}
+ {DLA-2855-1 DLA-1767-1}
- monit 1:5.25.3-1 (bug #927775)
NOTE:
https://bitbucket.org/tildeslash/monit/commits/f12d0cdb42d4e74dffe1525d4062c815c48ac57a
CVE-2019-11454 (Persistent cross-site scripting (XSS) in http/cervlet.c in
Tildeslash ...)
- {DLA-1767-1}
+ {DLA-2855-1 DLA-1767-1}
- monit 1:5.25.3-1 (bug #927775)
NOTE:
https://bitbucket.org/tildeslash/monit/commits/1a8295eab6815072a18019b668fe084945b751f3
NOTE:
https://bitbucket.org/tildeslash/monit/commits/328f60773057641c4b2075fab9820145e95b728c
@@ -224967,7 +225275,8 @@ CVE-2018-12702 (The approveAndCallcode function of a
smart contract implementati
NOT-FOR-US: Globalvillage ecosystem
CVE-2018-12701
RESERVED
-CVE-2018-12700 (A Stack Exhaustion issue was discovered in debug_write_type in
debug.c ...)
+CVE-2018-12700
+ REJECTED
- binutils 2.32.51.20190707-1 (unimportant)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b236f0ab8deb0579f7611976a909274857244f0e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b236f0ab8deb0579f7611976a909274857244f0e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
