Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7cee84a9 by security tracker role at 2021-05-11T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,27 +1,221 @@
-CVE-2021-32563 [Code execution through Thunar]
+CVE-2021-3545
+ RESERVED
+CVE-2021-3544
+ RESERVED
+CVE-2021-3543
+ RESERVED
+CVE-2021-32575
+ RESERVED
+CVE-2021-32574
+ RESERVED
+CVE-2021-32573 (** DISPUTED ** The express-cart package through 1.1.10 for
Node.js all ...)
+ TODO: check
+CVE-2021-32572
+ RESERVED
+CVE-2021-32571
+ RESERVED
+CVE-2021-32570
+ RESERVED
+CVE-2021-32569
+ RESERVED
+CVE-2021-32568
+ RESERVED
+CVE-2021-32567
+ RESERVED
+CVE-2021-32566
+ RESERVED
+CVE-2021-32565
+ RESERVED
+CVE-2021-32564
+ RESERVED
+CVE-2021-32562
+ RESERVED
+CVE-2021-32561 (OctoPrint before 1.6.0 allows XSS because API error messages
include t ...)
+ TODO: check
+CVE-2021-32560 (The Logging subsystem in OctoPrint before 1.6.0 has incorrect
access c ...)
+ TODO: check
+CVE-2021-32559
+ RESERVED
+CVE-2021-32558
+ RESERVED
+CVE-2021-32557
+ RESERVED
+CVE-2021-32556
+ RESERVED
+CVE-2021-32555
+ RESERVED
+CVE-2021-32554
+ RESERVED
+CVE-2021-32553
+ RESERVED
+CVE-2021-32552
+ RESERVED
+CVE-2021-32551
+ RESERVED
+CVE-2021-32550
+ RESERVED
+CVE-2021-32549
+ RESERVED
+CVE-2021-32548
+ RESERVED
+CVE-2021-32547
+ RESERVED
+CVE-2021-32546
+ RESERVED
+CVE-2021-32545
+ RESERVED
+CVE-2021-32544 (Special characters of IGT search function in igt+ are not
filtered in ...)
+ TODO: check
+CVE-2021-32543
+ RESERVED
+CVE-2021-32542
+ RESERVED
+CVE-2021-32541
+ RESERVED
+CVE-2021-32540
+ RESERVED
+CVE-2021-32539
+ RESERVED
+CVE-2021-32538
+ RESERVED
+CVE-2021-32537
+ RESERVED
+CVE-2021-32536
+ RESERVED
+CVE-2021-32535
+ RESERVED
+CVE-2021-32534
+ RESERVED
+CVE-2021-32533
+ RESERVED
+CVE-2021-32532
+ RESERVED
+CVE-2021-32531
+ RESERVED
+CVE-2021-32530
+ RESERVED
+CVE-2021-32529
+ RESERVED
+CVE-2021-32528
+ RESERVED
+CVE-2021-32527
+ RESERVED
+CVE-2021-32526
+ RESERVED
+CVE-2021-32525
+ RESERVED
+CVE-2021-32524
+ RESERVED
+CVE-2021-32523
+ RESERVED
+CVE-2021-32522
+ RESERVED
+CVE-2021-32521
+ RESERVED
+CVE-2021-32520
+ RESERVED
+CVE-2021-32519
+ RESERVED
+CVE-2021-32518
+ RESERVED
+CVE-2021-32517
+ RESERVED
+CVE-2021-32516
+ RESERVED
+CVE-2021-32515
+ RESERVED
+CVE-2021-32514
+ RESERVED
+CVE-2021-32513
+ RESERVED
+CVE-2021-32512
+ RESERVED
+CVE-2021-32511
+ RESERVED
+CVE-2021-32510
+ RESERVED
+CVE-2021-32509
+ RESERVED
+CVE-2021-32508
+ RESERVED
+CVE-2021-32507
+ RESERVED
+CVE-2021-32506
+ RESERVED
+CVE-2021-32505
+ RESERVED
+CVE-2021-32504
+ RESERVED
+CVE-2021-32503
+ RESERVED
+CVE-2021-32502
+ RESERVED
+CVE-2021-32501
+ RESERVED
+CVE-2021-32500
+ RESERVED
+CVE-2021-32499
+ RESERVED
+CVE-2021-32498
+ RESERVED
+CVE-2021-32497
+ RESERVED
+CVE-2021-32496
+ RESERVED
+CVE-2021-32495
+ RESERVED
+CVE-2021-32494
+ RESERVED
+CVE-2021-32489 (An issue was discovered in the _send_secure_msg() function of
Yubico y ...)
+ TODO: check
+CVE-2021-32488
+ RESERVED
+CVE-2021-32487
+ RESERVED
+CVE-2021-32486
+ RESERVED
+CVE-2021-32485
+ RESERVED
+CVE-2021-32484
+ RESERVED
+CVE-2021-32483
+ RESERVED
+CVE-2021-32482
+ RESERVED
+CVE-2021-32481
+ RESERVED
+CVE-2021-32480
+ RESERVED
+CVE-2021-32563 (An issue was discovered in Thunar before 4.16.7 and 4.17.x
before 4.17 ...)
- thunar <unfixed> (bug #988394)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/09/2
NOTE: Fixed by:
https://gitlab.xfce.org/xfce/thunar/-/commit/9165a61f95e43cc0b5abf9b98eee2818a0191e0b
NOTE: Regression fix:
https://gitlab.xfce.org/xfce/thunar/-/commit/3b54d9d7dbd7fd16235e2141c43a7f18718f5664
CVE-2021-3546
+ RESERVED
- qemu <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1958978
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01155.html
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01154.html
CVE-2021-3542
+ RESERVED
- linux <unfixed>
NOTE: https://seclists.org/oss-sec/2021/q2/46
NOTE: https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/
CVE-2021-32493
+ RESERVED
- djvulibre 3.5.28-2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943424
CVE-2021-32492
+ RESERVED
- djvulibre 3.5.28-2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943410
CVE-2021-32491
+ RESERVED
- djvulibre 3.5.28-2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943409
CVE-2021-32490
+ RESERVED
- djvulibre 3.5.28-2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943408
CVE-2021-3541
@@ -188,8 +382,7 @@ CVE-2021-32401
RESERVED
CVE-2021-32400
RESERVED
-CVE-2021-32399
- RESERVED
+CVE-2021-32399 (net/bluetooth/hci_request.c in the Linux kernel through 5.12.2
has a r ...)
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/2
CVE-2021-32398
@@ -891,6 +1084,7 @@ CVE-2019-25043 (ModSecurity 3.x before 3.0.4 mishandles
key-value pair parsing,
NOTE:
https://github.com/SpiderLabs/ModSecurity/commit/9cac167fafd180902c2aa5dc6141aae874127199
CVE-2021-3537 [NULL pointer dereference in valid.c in
xmlValidBuildAContentModel]
RESERVED
+ {DLA-2653-1}
- libxml2 2.9.10+dfsg-6.6 (bug #988123)
[buster] - libxml2 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/243
@@ -912,15 +1106,14 @@ CVE-2021-32058
RESERVED
CVE-2021-32057
RESERVED
-CVE-2021-32056 [annotate: don't allow everyone to write shared server entries ]
- RESERVED
+CVE-2021-32056 (Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1,
allows remo ...)
- cyrus-imapd 3.2.6-2
NOTE:
https://github.com/cyrusimap/cyrus-imapd/commit/621f9e41465b521399f691c241181300fab55995
NOTE:
https://cyrus.topicbox.com/groups/announce/T126392718bc29d6b/cyrus-imap-3-2-7-released
CVE-2021-32054
RESERVED
-CVE-2021-32053
- RESERVED
+CVE-2021-32053 (JPA Server in HAPI FHIR before 5.4.0 allows a user to deny
service (e. ...)
+ TODO: check
CVE-2021-32052 (In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before
3.2.2 ( ...)
- python-django 2:2.2.22-1 (bug #988136; unimportant)
NOTE:
https://www.djangoproject.com/weblog/2021/may/06/security-releases/
@@ -1311,44 +1504,44 @@ CVE-2021-31916 (An out-of-bounds (OOB) memory write
flaw was found in list_devic
- linux 5.10.28-1
NOTE:
https://git.kernel.org/linus/4edbe1d7bcffcd6269f3b5eb63f710393ff2ec7a
NOTE: https://www.openwall.com/lists/oss-security/2021/03/28/1
-CVE-2021-31915
- RESERVED
-CVE-2021-31914
- RESERVED
-CVE-2021-31913
- RESERVED
-CVE-2021-31912
- RESERVED
-CVE-2021-31911
- RESERVED
-CVE-2021-31910
- RESERVED
-CVE-2021-31909
- RESERVED
-CVE-2021-31908
- RESERVED
-CVE-2021-31907
- RESERVED
-CVE-2021-31906
- RESERVED
-CVE-2021-31905
- RESERVED
-CVE-2021-31904
- RESERVED
-CVE-2021-31903
- RESERVED
-CVE-2021-31902
- RESERVED
-CVE-2021-31901
- RESERVED
-CVE-2021-31900
- RESERVED
-CVE-2021-31899
- RESERVED
-CVE-2021-31898
- RESERVED
-CVE-2021-31897
- RESERVED
+CVE-2021-31915 (In JetBrains TeamCity before 2020.2.4, OS command injection
leading to ...)
+ TODO: check
+CVE-2021-31914 (In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary
code execu ...)
+ TODO: check
+CVE-2021-31913 (In JetBrains TeamCity before 2020.2.3, insufficient checks of
the redi ...)
+ TODO: check
+CVE-2021-31912 (In JetBrains TeamCity before 2020.2.3, account takeover was
potentiall ...)
+ TODO: check
+CVE-2021-31911 (In JetBrains TeamCity before 2020.2.3, reflected XSS was
possible on s ...)
+ TODO: check
+CVE-2021-31910 (In JetBrains TeamCity before 2020.2.3, information disclosure
via SSRF ...)
+ TODO: check
+CVE-2021-31909 (In JetBrains TeamCity before 2020.2.3, argument injection
leading to r ...)
+ TODO: check
+CVE-2021-31908 (In JetBrains TeamCity before 2020.2.3, stored XSS was possible
on seve ...)
+ TODO: check
+CVE-2021-31907 (In JetBrains TeamCity before 2020.2.2, permission checks for
changing ...)
+ TODO: check
+CVE-2021-31906 (In JetBrains TeamCity before 2020.2.2, audit logs were not
sufficient ...)
+ TODO: check
+CVE-2021-31905 (In JetBrains YouTrack before 2020.6.8801, information
disclosure in an ...)
+ TODO: check
+CVE-2021-31904 (In JetBrains TeamCity before 2020.2.2, XSS was potentially
possible on ...)
+ TODO: check
+CVE-2021-31903 (In JetBrains YouTrack before 2021.1.9819, a pull request's
title was s ...)
+ TODO: check
+CVE-2021-31902 (In JetBrains YouTrack before 2020.6.6600, access control
during the ex ...)
+ TODO: check
+CVE-2021-31901 (In JetBrains Hub before 2021.1.13079, two-factor
authentication wasn't ...)
+ TODO: check
+CVE-2021-31900 (In JetBrains Code With Me bundled to the compatible IDE
versions befor ...)
+ TODO: check
+CVE-2021-31899 (In JetBrains Code With Me bundled to the compatible IDEs
before versio ...)
+ TODO: check
+CVE-2021-31898 (In JetBrains WebStorm before 2021.1, HTTP requests were used
instead o ...)
+ TODO: check
+CVE-2021-31897 (In JetBrains WebStorm before 2021.1, code execution without
user confi ...)
+ TODO: check
CVE-2021-31896
RESERVED
CVE-2021-31895
@@ -1389,7 +1582,7 @@ CVE-2021-31879 (GNU Wget through 1.21.1 does not omit the
Authorization header u
CVE-2021-31878
RESERVED
CVE-2021-31877
- RESERVED
+ REJECTED
CVE-2021-31876
RESERVED
CVE-2021-31875 (In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously
formed JSO ...)
@@ -1555,18 +1748,21 @@ CVE-2020-36326 (PHPMailer 6.1.8 through 6.4.0 allows
object injection through Ph
NOTE: Also backport:
https://github.com/PHPMailer/PHPMailer/commit/7f267fb4aadfcf62e3ddc50494c469c6b9c4405a
(v6.4.1)
CVE-2021-3518 [use-after-free in xmlXIncludeDoProcess() in xinclude.c]
RESERVED
+ {DLA-2653-1}
- libxml2 2.9.10+dfsg-6.6 (bug #987737)
[buster] - libxml2 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/237
NOTE:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/1098c30a040e72a4654968547f415be4e4c40fe7
CVE-2021-3517 [heap-based buffer overflow in xmlEncodeEntitiesInternal() in
entities.c]
RESERVED
+ {DLA-2653-1}
- libxml2 2.9.10+dfsg-6.6 (bug #987738)
[buster] - libxml2 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/235
NOTE:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2
CVE-2021-3516 [use-after-free in xmlEncodeEntitiesInternal() in entities.c]
RESERVED
+ {DLA-2653-1}
- libxml2 2.9.10+dfsg-6.6 (bug #987739)
[buster] - libxml2 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/230
@@ -2238,8 +2434,8 @@ CVE-2021-31539 (Wowza Streaming Engine before 4.8.8.01
(in a default installatio
NOT-FOR-US: Wowza Streaming Engine
CVE-2021-31538
RESERVED
-CVE-2021-31537
- RESERVED
+CVE-2021-31537 (SIS SIS-REWE Go before 7.7 SP17 allows XSS:
rewe/prod/web/index.php (a ...)
+ TODO: check
CVE-2021-31536
RESERVED
CVE-2021-31535
@@ -2298,8 +2494,8 @@ CVE-2021-3509
RESERVED
CVE-2021-31521
RESERVED
-CVE-2021-31520
- RESERVED
+CVE-2021-31520 (A weak session token authentication bypass vulnerability in
Trend Micr ...)
+ TODO: check
CVE-2021-31519
RESERVED
CVE-2021-31518 (Trend Micro Home Network Security 6.5.599 and earlier is
vulnerable to ...)
@@ -2335,6 +2531,7 @@ CVE-2021-3505 (A flaw was found in libtpms in versions
before 0.8.0. The TPM 2 i
NOTE:
https://github.com/stefanberger/libtpms/commit/c1f7bf55099fcd427715aa65e130475c6e836a6b
(v0.8.0)
CVE-2021-3504
RESERVED
+ {DSA-4913-1}
- hivex 1.3.20-1 (bug #988024)
NOTE:
https://listman.redhat.com/archives/libguestfs/2021-May/msg00013.html
NOTE:
https://github.com/libguestfs/hivex/commit/8f1935733b10d974a1a4176d38dd151ed98cf381
@@ -3086,7 +3283,7 @@ CVE-2021-31164 (Apache Unomi prior to version 1.5.5
allows CRLF log injection be
NOT-FOR-US: Apache Unomi
CVE-2021-31163
RESERVED
-CVE-2021-31162 (In the standard library in Rust before 1.53.0, a double free
can occur ...)
+CVE-2021-31162 (In the standard library in Rust before 1.52.0, a double free
can occur ...)
- rustc <unfixed>
NOTE: https://github.com/rust-lang/rust/issues/83618
NOTE: https://github.com/rust-lang/rust/pull/83629
@@ -4543,8 +4740,8 @@ CVE-2021-30506
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30505
RESERVED
-CVE-2021-30504
- RESERVED
+CVE-2021-30504 (In JetBrains IntelliJ IDEA before 2021.1, DoS was possible
because of ...)
+ TODO: check
CVE-2021-30503 (The unofficial GLSL Linting extension before 1.4.0 for Visual
Studio C ...)
NOT-FOR-US: GLSL Linting extension for Visual Studio Code
CVE-2021-30502 (The unofficial vscode-ghc-simple (aka Simple Glasgow Haskell
Compiler) ...)
@@ -4619,8 +4816,8 @@ CVE-2021-30484
RESERVED
CVE-2021-30483
RESERVED
-CVE-2021-30482
- RESERVED
+CVE-2021-30482 (In JetBrains UpSource before 2020.1.1883, application
passwords were n ...)
+ TODO: check
CVE-2021-30481 (Valve Steam through 2021-04-10, when a Source engine game is
installed ...)
NOT-FOR-US: Valve Steam
NOTE: Debian ships an installer as src:steam, but it auto-updates
whenever Steam
@@ -5322,8 +5519,8 @@ CVE-2021-30176 (The ZEROF Expert pro/2.0 application for
mobile devices allows S
NOT-FOR-US: ZEROF Expert
CVE-2021-30175 (ZEROF Web Server 1.0 (April 2021) allows SQL Injection via the
/Handle ...)
NOT-FOR-US: ZEROF Web Server
-CVE-2021-30174
- RESERVED
+CVE-2021-30174 (RiyaLab CloudISO event item is added, special characters in
specific f ...)
+ TODO: check
CVE-2021-30173 (Local File Inclusion vulnerability of the omni-directional
communicati ...)
NOT-FOR-US: omni-directional communication system
CVE-2021-30172 (Special characters of picture preview page in the
Quan-Fang-Wei-Tong-X ...)
@@ -5761,10 +5958,10 @@ CVE-2021-30008
RESERVED
CVE-2021-30007
RESERVED
-CVE-2021-30006
- RESERVED
-CVE-2021-30005
- RESERVED
+CVE-2021-30006 (In IntelliJ IDEA before 2020.3.3, XXE was possible, leading to
informa ...)
+ TODO: check
+CVE-2021-30005 (In JetBrains PyCharm before 2020.3.4, local code execution was
possibl ...)
+ TODO: check
CVE-2021-30004 (In wpa_supplicant and hostapd 2.9, forging attacks may occur
because A ...)
- wpa <unfixed> (unimportant)
NOTE:
https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15
@@ -6901,10 +7098,10 @@ CVE-2021-29511
RESERVED
CVE-2021-29510
RESERVED
-CVE-2021-29509
- RESERVED
-CVE-2021-29508
- RESERVED
+CVE-2021-29509 (Puma is a concurrent HTTP 1.1 server for Ruby/Rack
applications. The f ...)
+ TODO: check
+CVE-2021-29508 (Due to how Wire handles type information in its serialization
format, ...)
+ TODO: check
CVE-2021-29507
RESERVED
CVE-2021-29506
@@ -6915,10 +7112,10 @@ CVE-2021-29504
RESERVED
CVE-2021-29503
RESERVED
-CVE-2021-29502
- RESERVED
-CVE-2021-29501
- RESERVED
+CVE-2021-29502 (WarnSystem is a cog (plugin) for the Red discord bot. A
vulnerability ...)
+ TODO: check
+CVE-2021-29501 (Ticketer is a command based ticket system cog (plugin) for the
red dis ...)
+ TODO: check
CVE-2021-29500
RESERVED
CVE-2021-29499 (SIF is an open source implementation of the Singularity
Container Imag ...)
@@ -7010,8 +7207,7 @@ CVE-2021-29472 (Composer is a dependency manager for PHP.
URLs for Mercurial rep
- composer 2.0.9-2
NOTE:
https://github.com/composer/composer/security/advisories/GHSA-h5h8-pc6h-jvvx
NOTE:
https://github.com/composer/composer/commit/083b73515d1d72bc61c6374440b3f8a37531f8cf
-CVE-2021-29471 [Denial of service attack via push rule patterns]
- RESERVED
+CVE-2021-29471 (Synapse is a Matrix reference homeserver written in python
(pypi packa ...)
- matrix-synapse 1.33.2-1
NOTE:
https://github.com/matrix-org/synapse/security/advisories/GHSA-x345-32rc-8h85
NOTE:
https://github.com/matrix-org/synapse/commit/03318a766cac9f8b053db2214d9c332a977d226c
(v1.33.2)
@@ -7554,8 +7750,8 @@ CVE-2021-29265 (An issue was discovered in the Linux
kernel before 5.11.7. usbip
CVE-2021-29264 (An issue was discovered in the Linux kernel through 5.11.10.
drivers/n ...)
- linux 5.10.28-1
NOTE:
https://git.kernel.org/linus/d8861bab48b6c1fc3cdbcab8ff9d1eaea43afe7f
-CVE-2021-29263
- RESERVED
+CVE-2021-29263 (In JetBrains IntelliJ IDEA 2020.3.3, local code execution was
possible ...)
+ TODO: check
CVE-2021-3471
REJECTED
CVE-2021-3470 (A heap overflow issue was found in Redis in versions before
5.0.10, be ...)
@@ -8088,8 +8284,8 @@ CVE-2021-29024
RESERVED
CVE-2021-29023
RESERVED
-CVE-2021-29022
- RESERVED
+CVE-2021-29022 (In InvoicePlane 1.5.11, the upload feature discloses the full
path of ...)
+ TODO: check
CVE-2021-29021
RESERVED
CVE-2021-29020
@@ -8904,11 +9100,9 @@ CVE-2021-28666
RESERVED
CVE-2021-28665 (Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6
has a me ...)
NOT-FOR-US: Stormshield SNS
-CVE-2021-28664
- RESERVED
+CVE-2021-28664 (The Arm Mali GPU kernel driver allows privilege escalation or
a denial ...)
NOT-FOR-US: ARM components for Android
-CVE-2021-28663
- RESERVED
+CVE-2021-28663 (The Arm Mali GPU kernel driver allows privilege escalation or
informat ...)
NOT-FOR-US: ARM components for Android
CVE-2021-28662
RESERVED
@@ -11183,8 +11377,8 @@ CVE-2021-27735
RESERVED
CVE-2021-27734
RESERVED
-CVE-2021-27733
- RESERVED
+CVE-2021-27733 (In JetBrains YouTrack before 2020.6.6441, stored XSS was
possible via ...)
+ TODO: check
CVE-2021-27732
RESERVED
CVE-2021-27731 (Accellion FTA 9_12_432 and earlier is affected by stored XSS
via a cra ...)
@@ -11420,24 +11614,24 @@ CVE-2021-27621
RESERVED
CVE-2021-27620
RESERVED
-CVE-2021-27619
- RESERVED
-CVE-2021-27618
- RESERVED
-CVE-2021-27617
- RESERVED
-CVE-2021-27616
- RESERVED
+CVE-2021-27619 (SAP Commerce (Backoffice Search), versions - 1808, 1811, 1905,
2005, 2 ...)
+ TODO: check
+CVE-2021-27618 (The Integration Builder Framework of SAP Process Integration
versions ...)
+ TODO: check
+CVE-2021-27617 (The Integration Builder Framework of SAP Process Integration
versions ...)
+ TODO: check
+CVE-2021-27616 (Under certain conditions, SAP Business One Hana Chef Cookbook,
version ...)
+ TODO: check
CVE-2021-27615
RESERVED
-CVE-2021-27614
- RESERVED
-CVE-2021-27613
- RESERVED
-CVE-2021-27612
- RESERVED
-CVE-2021-27611
- RESERVED
+CVE-2021-27614 (SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0,
9.1, 9.2, 9 ...)
+ TODO: check
+CVE-2021-27613 (Under certain conditions, SAP Business One Chef cookbook,
version - 9. ...)
+ TODO: check
+CVE-2021-27612 (In specific situations SAP GUI for Windows, versions - 7.60,
7.70 forw ...)
+ TODO: check
+CVE-2021-27611 (SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731,
allow a hig ...)
+ TODO: check
CVE-2021-27610
RESERVED
CVE-2021-27609 (SAP Focused RUN versions 200, 300, does not perform necessary
authoriz ...)
@@ -13810,8 +14004,8 @@ CVE-2021-26585
RESERVED
CVE-2021-26584
RESERVED
-CVE-2021-26583
- RESERVED
+CVE-2021-26583 (Potential security vulnerabilities have been identified in HPE
iLO Amp ...)
+ TODO: check
CVE-2021-26582 (A security vulnerability in HPE IceWall SSO Domain Gateway
Option (Dgf ...)
NOT-FOR-US: HPE
CVE-2021-26581 (A potential security vulnerability has been identified in HPE
Superdom ...)
@@ -14461,10 +14655,10 @@ CVE-2021-3346 (Foris before 101.1.1, as used in
Turris OS, lacks certain HTML es
NOT-FOR-US: Foris
CVE-2021-3344 (A privilege escalation flaw was found in OpenShift builder.
During bui ...)
NOT-FOR-US: OpenShift
-CVE-2021-26310
- RESERVED
-CVE-2021-26309
- RESERVED
+CVE-2021-26310 (In the TeamCity IntelliJ plugin before 2020.2.2.85899, DoS was
possibl ...)
+ TODO: check
+CVE-2021-26309 (Information disclosure in the TeamCity plugin for IntelliJ
before 2020 ...)
+ TODO: check
CVE-2018-25006
RESERVED
CVE-2018-25005
@@ -14657,8 +14851,8 @@ CVE-2021-3317 (KLog Server through 2.4.1 allows
authenticated command injection.
NOT-FOR-US: KLog Server
CVE-2021-3316
RESERVED
-CVE-2021-3315
- RESERVED
+CVE-2021-3315 (In JetBrains TeamCity before 2020.2.2, stored XSS on a tests
page was ...)
+ TODO: check
CVE-2021-3314
RESERVED
CVE-2021-3313
@@ -15868,16 +16062,16 @@ CVE-2021-25851
RESERVED
CVE-2021-25850
RESERVED
-CVE-2021-25849
- RESERVED
-CVE-2021-25848
- RESERVED
-CVE-2021-25847
- RESERVED
-CVE-2021-25846
- RESERVED
-CVE-2021-25845
- RESERVED
+CVE-2021-25849 (An integer underflow was discovered in userdisk/vport_lldpd in
Moxa Ca ...)
+ TODO: check
+CVE-2021-25848 (Improper validation of the length field of LLDP-MED TLV in
userdisk/vp ...)
+ TODO: check
+CVE-2021-25847 (Improper validation of the length field of LLDP-MED TLV in
userdisk/vp ...)
+ TODO: check
+CVE-2021-25846 (Improper validation of the ChassisID TLV in
userdisk/vport_lldpd in Mo ...)
+ TODO: check
+CVE-2021-25845 (Improper validation of the ChassisID TLV in
userdisk/vport_lldpd in Mo ...)
+ TODO: check
CVE-2021-25844
RESERVED
CVE-2021-25843
@@ -16322,8 +16516,8 @@ CVE-2021-3187
RESERVED
CVE-2021-3186 (A Stored Cross-site scripting (XSS) vulnerability in /main.html
Wifi S ...)
NOT-FOR-US: Tenda AC5
-CVE-2021-25645
- RESERVED
+CVE-2021-25645 (An issue was discovered in Couchbase Server before 6.0.5,
6.1.x throug ...)
+ TODO: check
CVE-2021-25644
RESERVED
CVE-2021-25643
@@ -19848,8 +20042,8 @@ CVE-2021-24013
RESERVED
CVE-2021-24012
RESERVED
-CVE-2021-24011
- RESERVED
+CVE-2021-24011 (A privilege escalation vulnerability in FortiNAC version below
8.8.2 m ...)
+ TODO: check
CVE-2021-24010
RESERVED
CVE-2021-24009
@@ -22138,24 +22332,24 @@ CVE-2021-23018
RESERVED
CVE-2021-23017
RESERVED
-CVE-2021-23016
- RESERVED
-CVE-2021-23015
- RESERVED
-CVE-2021-23014
- RESERVED
-CVE-2021-23013
- RESERVED
-CVE-2021-23012
- RESERVED
-CVE-2021-23011
- RESERVED
-CVE-2021-23010
- RESERVED
-CVE-2021-23009
- RESERVED
-CVE-2021-23008
- RESERVED
+CVE-2021-23016 (On BIG-IP APM versions 15.1.x before 15.1.3, 14.1.x before
14.1.4.1, 1 ...)
+ TODO: check
+CVE-2021-23015 (On BIG-IP 15.1.x before 15.1.3, 14.1.x before 14.1.4.2,
13.1.0.8 throu ...)
+ TODO: check
+CVE-2021-23014 (On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, and
14.1.x b ...)
+ TODO: check
+CVE-2021-23013 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before
15.1.3, 14.1. ...)
+ TODO: check
+CVE-2021-23012 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before
15.1.3, 14.1. ...)
+ TODO: check
+CVE-2021-23011 (On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3,
14.1.x befor ...)
+ TODO: check
+CVE-2021-23010 (On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2,
14.1.x befor ...)
+ TODO: check
+CVE-2021-23009 (On BIG-IP version 16.0.x before 16.0.1.1 and 15.1.x before
15.1.3, mal ...)
+ TODO: check
+CVE-2021-23008 (On version 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x
before 1 ...)
+ TODO: check
CVE-2021-23007 (On BIG-IP versions 14.1.4 and 16.0.1.1, when the Traffic
Management Mi ...)
NOT-FOR-US: F5 BIG-IP
CVE-2021-23006 (On all 7.x and 6.x versions (fixed in 8.0.0), undisclosed
BIG-IQ pages ...)
@@ -23024,8 +23218,8 @@ CVE-2021-22674
RESERVED
CVE-2021-22673 (The affected product is vulnerable to stack-based buffer
overflow whil ...)
NOT-FOR-US: SimpleLink
-CVE-2021-22672
- RESERVED
+CVE-2021-22672 (Delta Electronics' CNCSoft ScreenEditor in versions prior to
v1.01.30 ...)
+ TODO: check
CVE-2021-22671 (Multiple integer overflow issues exist while processing long
domain na ...)
NOT-FOR-US: SimpleLink
CVE-2021-22670 (An uninitialized pointer may be exploited in Fatek FvDesigner
Version ...)
@@ -24441,8 +24635,8 @@ CVE-2021-21992
RESERVED
CVE-2021-21991
RESERVED
-CVE-2021-21990
- RESERVED
+CVE-2021-21990 (VMware Workspace one UEM console (2102 prior to 21.2.0.8, 2101
prior t ...)
+ TODO: check
CVE-2021-21989
RESERVED
CVE-2021-21988
@@ -24792,8 +24986,8 @@ CVE-2021-21824
RESERVED
CVE-2021-21823
RESERVED
-CVE-2021-21822
- RESERVED
+CVE-2021-21822 (A use-after-free vulnerability exists in the JavaScript engine
of Foxi ...)
+ TODO: check
CVE-2021-21821
RESERVED
CVE-2021-21820
@@ -25135,32 +25329,23 @@ CVE-2021-21658
RESERVED
CVE-2021-21657
RESERVED
-CVE-2021-21656
- RESERVED
+CVE-2021-21656 (Jenkins Xcode integration Plugin 2.0.14 and earlier does not
configure ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21655
- RESERVED
+CVE-2021-21655 (A cross-site request forgery (CSRF) vulnerability in Jenkins
P4 Plugin ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21654
- RESERVED
+CVE-2021-21654 (Jenkins P4 Plugin 1.11.4 and earlier does not perform
permission check ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21653
- RESERVED
+CVE-2021-21653 (Jenkins Xray - Test Management for Jira Plugin 2.4.0 and
earlier does ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21652
- RESERVED
+CVE-2021-21652 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Xray - Te ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21651
- RESERVED
+CVE-2021-21651 (Jenkins S3 publisher Plugin 0.11.6 and earlier does not
perform a perm ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21650
- RESERVED
+CVE-2021-21650 (Jenkins S3 publisher Plugin 0.11.6 and earlier does not
perform Run/Ar ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21649
- RESERVED
+CVE-2021-21649 (Jenkins Dashboard View Plugin 2.15 and earlier does not escape
URLs re ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21648
- RESERVED
+CVE-2021-21648 (Jenkins Credentials Plugin 2.3.18 and earlier does not escape
user-con ...)
NOT-FOR-US: Jenkins plugin
CVE-2021-21647 (Jenkins CloudBees CD Plugin 1.1.21 and earlier does not
perform a perm ...)
NOT-FOR-US: Jenkins plugin
@@ -26870,12 +27055,12 @@ CVE-2021-21432 (Vela is a Pipeline Automation (CI/CD)
framework built on Linux c
NOT-FOR-US: Vela
CVE-2021-21431 (sopel-channelmgnt is a channelmgnt plugin for sopel. In
versions prior ...)
NOT-FOR-US: sopel-channelmgnt
-CVE-2021-21430
- RESERVED
+CVE-2021-21430 (OpenAPI Generator allows generation of API client libraries
(SDK gener ...)
+ TODO: check
CVE-2021-21429 (OpenAPI Generator allows generation of API client libraries,
server st ...)
NOT-FOR-US: OpenAPI Generator
-CVE-2021-21428
- RESERVED
+CVE-2021-21428 (Openapi generator is a java tool which allows generation of
API client ...)
+ TODO: check
CVE-2021-21427 (Magento-lts is a long-term support alternative to Magento
Community Ed ...)
NOT-FOR-US: Magento LTS (alternative to Magento Community Edition)
CVE-2021-21426 (Magento-lts is a long-term support alternative to Magento
Community Ed ...)
@@ -28868,8 +29053,8 @@ CVE-2021-20719
RESERVED
CVE-2021-20718
RESERVED
-CVE-2021-20717
- RESERVED
+CVE-2021-20717 (Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5
allows a ...)
+ TODO: check
CVE-2021-20716 (Hidden functionality in multiple Buffalo network devices
(BHR-4RV firm ...)
NOT-FOR-US: Buffalo
CVE-2021-20715 (Improper access control vulnerability in Hot Pepper Gourmet
App for An ...)
@@ -29148,8 +29333,8 @@ CVE-2021-20579
RESERVED
CVE-2021-20578
RESERVED
-CVE-2021-20577
- RESERVED
+CVE-2021-20577 (IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 is
vulnerable to ...)
+ TODO: check
CVE-2021-20576
RESERVED
CVE-2021-20575
@@ -29184,8 +29369,8 @@ CVE-2021-20561
RESERVED
CVE-2021-20560
RESERVED
-CVE-2021-20559
- RESERVED
+CVE-2021-20559 (IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to
cross-site scrip ...)
+ TODO: check
CVE-2021-20558
RESERVED
CVE-2021-20557
@@ -29226,8 +29411,8 @@ CVE-2021-20540
RESERVED
CVE-2021-20539
RESERVED
-CVE-2021-20538
- RESERVED
+CVE-2021-20538 (IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could
allow a us ...)
+ TODO: check
CVE-2021-20537
RESERVED
CVE-2021-20536 (IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7
stores ...)
@@ -31104,8 +31289,8 @@ CVE-2020-35440
RESERVED
CVE-2020-35439
RESERVED
-CVE-2020-35438
- RESERVED
+CVE-2020-35438 (Cross Site Scripting (XSS) vulnerability in the kk Star
Ratings plugin ...)
+ TODO: check
CVE-2020-35437 (Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS)
through t ...)
NOT-FOR-US: Subrion CMS
CVE-2020-35436
@@ -37129,8 +37314,8 @@ CVE-2020-28601 (A code execution vulnerability exists
in the Nef polygon-parsing
- cgal 5.2-3 (bug #985671)
[buster] - cgal <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225
-CVE-2020-28600
- RESERVED
+CVE-2020-28600 (An out-of-bounds write vulnerability exists in the
import_stl.cc:impor ...)
+ TODO: check
CVE-2020-28599 (A stack-based buffer overflow vulnerability exists in the
import_stl.c ...)
- openscad 2021.01-1
[buster] - openscad <no-dsa> (Minor issue)
@@ -37164,8 +37349,7 @@ CVE-2020-28590 (An out-of-bounds read vulnerability
exists in the Obj File Trian
NOTE: https://github.com/slic3r/Slic3r/issues/5074
CVE-2020-28589
RESERVED
-CVE-2020-28588 [lib/syscall: fix syscall registers retrieval on 32-bit
platforms]
- RESERVED
+CVE-2020-28588 (An information disclosure vulnerability exists in the
/proc/pid/syscal ...)
- linux 5.9.15-1
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -42790,16 +42974,16 @@ CVE-2020-27248 (A specially crafted document can
cause the document parser to co
NOT-FOR-US: SoftMaker
CVE-2020-27247 (A specially crafted document can cause the document parser to
copy dat ...)
NOT-FOR-US: SoftMaker
-CVE-2020-27246
- RESERVED
-CVE-2020-27245
- RESERVED
-CVE-2020-27244
- RESERVED
-CVE-2020-27243
- RESERVED
-CVE-2020-27242
- RESERVED
+CVE-2020-27246 (An exploitable SQL injection vulnerability exists in
‘listImmoLa ...)
+ TODO: check
+CVE-2020-27245 (An exploitable SQL injection vulnerability exists in
‘listImmoLa ...)
+ TODO: check
+CVE-2020-27244 (An exploitable SQL injection vulnerability exists in
‘listImmoLa ...)
+ TODO: check
+CVE-2020-27243 (An exploitable SQL injection vulnerability exists in
‘listImmoLa ...)
+ TODO: check
+CVE-2020-27242 (An exploitable SQL injection vulnerability exists in
‘listImmoLa ...)
+ TODO: check
CVE-2020-27241 (An exploitable SQL injection vulnerability exists in
‘getAssets. ...)
NOT-FOR-US: OpenClinic
CVE-2020-27240 (An exploitable SQL injection vulnerability exists in
‘getAssets. ...)
@@ -42818,20 +43002,20 @@ CVE-2020-27234 (An exploitable SQL injection
vulnerability exists in ‘getA
NOT-FOR-US: OpenClinic
CVE-2020-27233 (An exploitable SQL injection vulnerability exists in
‘getAssets. ...)
NOT-FOR-US: OpenClinic
-CVE-2020-27232
- RESERVED
-CVE-2020-27231
- RESERVED
-CVE-2020-27230
- RESERVED
-CVE-2020-27229
- RESERVED
+CVE-2020-27232 (An exploitable SQL injection vulnerability exists in
‘manageServ ...)
+ TODO: check
+CVE-2020-27231 (A number of exploitable SQL injection vulnerabilities exists
in ‘ ...)
+ TODO: check
+CVE-2020-27230 (A number of exploitable SQL injection vulnerabilities exists
in ‘ ...)
+ TODO: check
+CVE-2020-27229 (A number of exploitable SQL injection vulnerabilities exists
in ‘ ...)
+ TODO: check
CVE-2020-27228 (An incorrect default permissions vulnerability exists in the
installat ...)
NOT-FOR-US: OpenClinic
CVE-2020-27227 (An exploitable unatuhenticated command injection exists in the
OpenCli ...)
NOT-FOR-US: OpenClinic
-CVE-2020-27226
- RESERVED
+CVE-2020-27226 (An exploitable SQL injection vulnerability exists in
‘quickFile. ...)
+ TODO: check
CVE-2020-27225 (In versions 4.18 and earlier of the Eclipse Platform, the Help
Subsyst ...)
- eclipse <removed>
[stretch] - eclipse <no-dsa> (Minor issue)
@@ -51343,8 +51527,8 @@ CVE-2020-23577
RESERVED
CVE-2020-23576 (Laborator Neon dashboard v3 is affected by stored Cross Site
Scripting ...)
NOT-FOR-US: Laborator Neon dashboard
-CVE-2020-23575
- RESERVED
+CVE-2020-23575 (A directory traversal vulnerability exists in Kyocera Printer
d-COPIA2 ...)
+ TODO: check
CVE-2020-23574 (When uploading a file in Sysax Multi Server 6.90, an
authenticated use ...)
NOT-FOR-US: Sysax Multi Server
CVE-2020-23573
@@ -51741,22 +51925,22 @@ CVE-2020-23378
RESERVED
CVE-2020-23377
RESERVED
-CVE-2020-23376
- RESERVED
+CVE-2020-23376 (NoneCMS v1.3 has a CSRF vulnerability in
public/index.php/admin/nav/ad ...)
+ TODO: check
CVE-2020-23375
RESERVED
-CVE-2020-23374
- RESERVED
-CVE-2020-23373
- RESERVED
+CVE-2020-23374 (Cross-site scripting (XSS) vulnerability in
admin/article/add.html in ...)
+ TODO: check
+CVE-2020-23373 (Cross-site scripting (XSS) vulnerability in admin/nav/add.html
in none ...)
+ TODO: check
CVE-2020-23372
RESERVED
-CVE-2020-23371
- RESERVED
-CVE-2020-23370
- RESERVED
-CVE-2020-23369
- RESERVED
+CVE-2020-23371 (Cross-site scripting (XSS) vulnerability in
static/admin/js/kindeditor ...)
+ TODO: check
+CVE-2020-23370 (In YzmCMS 5.6, stored XSS exists via the
common/static/plugin/ueditor/ ...)
+ TODO: check
+CVE-2020-23369 (In YzmCMS 5.6, XSS was discovered in
member/member_content/init.html v ...)
+ TODO: check
CVE-2020-23368
RESERVED
CVE-2020-23367
@@ -52875,8 +53059,8 @@ CVE-2020-22811
RESERVED
CVE-2020-22810
RESERVED
-CVE-2020-22809
- RESERVED
+CVE-2020-22809 (In Windscribe v1.83 Build 20, 'WindscribeService' has an
Unquoted Serv ...)
+ TODO: check
CVE-2020-22808 (An issue was found in yii2_fecshop 2.x. There is a reflected
XSS vulne ...)
NOT-FOR-US: yii2_fecshop
CVE-2020-22807 (An issue was dicovered in vtiger crm 7.2. Union sql injection
in the c ...)
@@ -57972,12 +58156,12 @@ CVE-2020-20269 (A specially crafted Markdown document
could cause the execution
NOT-FOR-US: Caret Editor
CVE-2020-20268
RESERVED
-CVE-2020-20267
- RESERVED
+CVE-2020-20267 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a
memory corr ...)
+ TODO: check
CVE-2020-20266
RESERVED
-CVE-2020-20265
- RESERVED
+CVE-2020-20265 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a
memory corr ...)
+ TODO: check
CVE-2020-20264
RESERVED
CVE-2020-20263
@@ -60117,8 +60301,8 @@ CVE-2020-19201
RESERVED
CVE-2020-19200
RESERVED
-CVE-2020-19199
- RESERVED
+CVE-2020-19199 (A Cross Site Request Forgery (CSRF) vulnerability exists in
PHPOK 5.2. ...)
+ TODO: check
CVE-2020-19198
RESERVED
CVE-2020-19197
@@ -60587,8 +60771,8 @@ CVE-2020-18966
RESERVED
CVE-2020-18965
RESERVED
-CVE-2020-18964
- RESERVED
+CVE-2020-18964 (Cross Site Request Forgery (CSRF) Vulnerability in ForestBlog
latest v ...)
+ TODO: check
CVE-2020-18963
RESERVED
CVE-2020-18962
@@ -62317,8 +62501,8 @@ CVE-2020-18104
RESERVED
CVE-2020-18103
RESERVED
-CVE-2020-18102
- RESERVED
+CVE-2020-18102 (Cross Site Scripting (XSS) in Hotels_Server v1.0 allows remote
attacke ...)
+ TODO: check
CVE-2020-18101
RESERVED
CVE-2020-18100
@@ -73883,8 +74067,8 @@ CVE-2020-13531 (A use-after-free vulnerability exists
in a way Pixar OpenUSD 20.
NOT-FOR-US: Pixar OpenUSD
CVE-2020-13530 (A denial-of-service vulnerability exists in the Ethernet/IP
server fun ...)
NOT-FOR-US: EIP Stack Group OpENer
-CVE-2020-13529
- RESERVED
+CVE-2020-13529 (An exploitable denial-of-service vulnerability exists in
Systemd 245. ...)
+ TODO: check
CVE-2020-13528 (An information disclosure vulnerability exists in the Web
Manager and ...)
NOT-FOR-US: Lantronix
CVE-2020-13527 (An authentication bypass vulnerability exists in the Web
Manager funct ...)
@@ -80985,13 +81169,13 @@ CVE-2020-11211
RESERVED
CVE-2020-11210 (Possible memory corruption in RPM region due to improper XPU
configura ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11209 (u'Improper authorization in DSP process could allow
unauthorized users ...)
+CVE-2020-11209 (Improper authorization in DSP process could allow unauthorized
users t ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11208 (u'Out of Bound issue in DSP services while processing received
argumen ...)
+CVE-2020-11208 (Out of Bound issue in DSP services while processing received
arguments ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11207 (u'Buffer overflow in LibFastCV library due to improper size
checks wit ...)
+CVE-2020-11207 (Buffer overflow in LibFastCV library due to improper size
checks with ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11206 (u'Possible buffer overflow in Fastrpc while handling received
paramete ...)
+CVE-2020-11206 (Possible buffer overflow in Fastrpc while handling received
parameters ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11205 (u'Possible integer overflow to heap overflow while processing
command ...)
NOT-FOR-US: Qualcomm components for Android
@@ -80999,9 +81183,9 @@ CVE-2020-11204 (Possible memory corruption and
information leakage in sub-system
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11203 (Stack overflow may occur if GSM/WCDMA broadcast config size
received f ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11202 (u'Buffer overflow/underflow occurs when typecasting the buffer
passed ...)
+CVE-2020-11202 (Buffer overflow/underflow occurs when typecasting the buffer
passed by ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11201 (u'Arbitrary access to DSP memory due to improper check in
loaded libra ...)
+CVE-2020-11201 (Arbitrary access to DSP memory due to improper check in loaded
library ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11200 (Buffer over-read while parsing RPS due to lack of check of
input valid ...)
NOT-FOR-US: Qualcomm components for Android
@@ -98471,10 +98655,10 @@ CVE-2020-4538
RESERVED
CVE-2020-4537
RESERVED
-CVE-2020-4536
- RESERVED
-CVE-2020-4535
- RESERVED
+CVE-2020-4536 (IBM OpenPages GRC Platform 8.1 could allow a remote attacker to
obtain ...)
+ TODO: check
+CVE-2020-4535 (IBM OpenPages GRC Platform 8.1 is vulnerable to cross-site
scripting. ...)
+ TODO: check
CVE-2020-4534 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could
allow a ...)
NOT-FOR-US: IBM
CVE-2020-4533 (IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is
vulnerable to cr ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cee84a9b9a19f200687ac21e6534505363b797a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cee84a9b9a19f200687ac21e6534505363b797a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
