Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 739f3319 by security tracker role at 2021-07-06T20:10:21+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,15 @@ +CVE-2021-36165 + RESERVED +CVE-2021-36164 + RESERVED +CVE-2021-36163 + RESERVED +CVE-2021-36162 + RESERVED +CVE-2021-36161 + RESERVED +CVE-2021-36160 + RESERVED CVE-2021-36159 RESERVED CVE-2021-36158 (In the xrdp package (in branches through 3.14) for Alpine Linux, RDP s ...) @@ -1660,8 +1672,8 @@ CVE-2021-35442 RESERVED CVE-2021-35441 RESERVED -CVE-2021-35440 - RESERVED +CVE-2021-35440 (Smashing 1.3.4 is vulnerable to Cross Site Scripting (XSS). A URL for ...) + TODO: check CVE-2021-35439 RESERVED CVE-2021-35438 (phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-re ...) @@ -3320,8 +3332,7 @@ CVE-2021-34676 RESERVED CVE-2021-34675 RESERVED -CVE-2021-3598 - RESERVED +CVE-2021-3598 (There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in ...) {DLA-2701-1} - openexr <unfixed> (bug #990450) [bullseye] - openexr <no-dsa> (Minor issue) @@ -4404,8 +4415,8 @@ CVE-2021-34192 RESERVED CVE-2021-34191 RESERVED -CVE-2021-34190 - RESERVED +CVE-2021-34190 (A stored cross site scripting (XSS) vulnerability in index.php?menu=bi ...) + TODO: check CVE-2021-34189 RESERVED CVE-2021-34188 @@ -7737,8 +7748,8 @@ CVE-2021-32742 RESERVED CVE-2021-32741 RESERVED -CVE-2021-32740 - RESERVED +CVE-2021-32740 (Addressable is an alternative implementation to the URI implementation ...) + TODO: check CVE-2021-32739 RESERVED CVE-2021-32738 (js-stellar-sdk is a Javascript library for communicating with a Stella ...) @@ -8187,8 +8198,8 @@ CVE-2021-32561 (OctoPrint before 1.6.0 allows XSS because API error messages inc NOT-FOR-US: OctoPrint CVE-2021-32560 (The Logging subsystem in OctoPrint before 1.6.0 has incorrect access c ...) NOT-FOR-US: OctoPrint -CVE-2021-32559 - RESERVED +CVE-2021-32559 (An integer overflow exists in pywin32 prior to version b301 when addin ...) + TODO: check CVE-2021-32558 RESERVED CVE-2021-32557 (It was discovered that the process_report() function in data/whoopsie- ...) @@ -10227,8 +10238,8 @@ CVE-2021-31773 RESERVED CVE-2021-31772 RESERVED -CVE-2021-31771 - RESERVED +CVE-2021-31771 (Splinterware System Scheduler Professional version 5.30 is subject to ...) + TODO: check CVE-2021-31770 RESERVED CVE-2021-31769 (MyQ Server in MyQ X Smart before 8.2 allows remote code execution by u ...) @@ -16842,7 +16853,7 @@ CVE-2021-29060 (A Regular Expression Denial of Service (ReDOS) vulnerability was [buster] - node-color-string <no-dsa> (Minor issue) NOTE: https://github.com/yetingli/PoCs/blob/main/CVE-2021-29060/Color-String.md NOTE: https://github.com/Qix-/color-string/commit/0789e21284c33d89ebc4ab4ca6f759b9375ac9d3 -CVE-2021-29059 (A vulnerability was discovered in IS-SVG version 4.3.1 and below where ...) +CVE-2021-29059 (A vulnerability was discovered in IS-SVG version 2.1.0 to 4.2.2 and be ...) NOT-FOR-US: Node is-svg CVE-2021-29058 RESERVED @@ -19603,8 +19614,8 @@ CVE-2021-27932 RESERVED CVE-2021-27931 (LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthent ...) NOT-FOR-US: LumisXP (aka Lumis Experience Platform) -CVE-2021-27930 - RESERVED +CVE-2021-27930 (Multiple stored XSS vulnerabilities in IrisNext Edition 9.5.16, which ...) + TODO: check CVE-2021-27929 RESERVED CVE-2021-27928 (A remote code execution issue was discovered in MariaDB 10.2 before 10 ...) @@ -27851,8 +27862,8 @@ CVE-2021-24496 RESERVED CVE-2021-24495 RESERVED -CVE-2021-24494 - RESERVED +CVE-2021-24494 (The WP Offload SES Lite WordPress plugin before 1.4.5 did not escape s ...) + TODO: check CVE-2021-24493 RESERVED CVE-2021-24492 @@ -27937,8 +27948,8 @@ CVE-2021-24453 RESERVED CVE-2021-24452 RESERVED -CVE-2021-24451 - RESERVED +CVE-2021-24451 (The Export Users With Meta WordPress plugin before 0.6.5 did not escap ...) + TODO: check CVE-2021-24450 RESERVED CVE-2021-24449 @@ -28025,12 +28036,12 @@ CVE-2021-24409 RESERVED CVE-2021-24408 RESERVED -CVE-2021-24407 - RESERVED -CVE-2021-24406 - RESERVED -CVE-2021-24405 - RESERVED +CVE-2021-24407 (The Jannah WordPress theme before 5.4.5 did not properly sanitize the ...) + TODO: check +CVE-2021-24406 (The wpForo Forum WordPress plugin before 1.9.7 did not validate the re ...) + TODO: check +CVE-2021-24405 (The Easy Cookies Policy WordPress plugin through 1.6.2 is lacking any ...) + TODO: check CVE-2021-24404 RESERVED CVE-2021-24403 @@ -28061,18 +28072,18 @@ CVE-2021-24391 RESERVED CVE-2021-24390 RESERVED -CVE-2021-24389 - RESERVED -CVE-2021-24388 - RESERVED -CVE-2021-24387 - RESERVED -CVE-2021-24386 - RESERVED +CVE-2021-24389 (The WP Foodbakery WordPress plugin before 2.2, used in the FoodBakery ...) + TODO: check +CVE-2021-24388 (In the VikRentCar Car Rental Management System WordPress plugin before ...) + TODO: check +CVE-2021-24387 (The WP Pro Real Estate 7 WordPress theme before 3.1.1 did not properly ...) + TODO: check +CVE-2021-24386 (The WP SVG images WordPress plugin before 3.4 did not sanitise the SVG ...) + TODO: check CVE-2021-24385 RESERVED -CVE-2021-24384 - RESERVED +CVE-2021-24384 (The joomsport_md_load AJAX action of the JoomSport WordPress plugin be ...) + TODO: check CVE-2021-24383 (The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, va ...) NOT-FOR-US: WordPress plugin CVE-2021-24382 (The Smart Slider 3 Free and pro WordPress plugins before 3.5.0.9 did n ...) @@ -28089,8 +28100,8 @@ CVE-2021-24377 (The Autoptimize WordPress plugin before 2.7.8 attempts to remove NOT-FOR-US: WordPress plugin CVE-2021-24376 (The Autoptimize WordPress plugin before 2.7.8 attempts to delete malic ...) NOT-FOR-US: WordPress plugin -CVE-2021-24375 - RESERVED +CVE-2021-24375 (Lack of authentication or validation in motor_load_more, motor_gallery ...) + TODO: check CVE-2021-24374 (The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 ...) NOT-FOR-US: WordPress plugin CVE-2021-24373 (The WP Hardening – Fix Your WordPress Security WordPress plugin ...) @@ -28864,8 +28875,8 @@ CVE-2021-24007 RESERVED CVE-2021-24006 RESERVED -CVE-2021-24005 - RESERVED +CVE-2021-24005 (Usage of hard-coded cryptographic keys to encrypt configuration files ...) + TODO: check CVE-2021-24004 RESERVED CVE-2021-24003 @@ -107777,7 +107788,7 @@ CVE-2020-4612 (IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated u NOT-FOR-US: IBM CVE-2020-4611 (IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user t ...) NOT-FOR-US: IBM -CVE-2020-4610 (IBM Security Sevret Server (IBM Security Verify Privilege Manager 10.8 ...) +CVE-2020-4610 (IBM Security Secret Server (IBM Security Verify Privilege Manager 10.8 ...) NOT-FOR-US: IBM CVE-2020-4609 (IBM Security Sevret Server (IBM Security Verify Privilege Manager 10.8 ...) NOT-FOR-US: IBM View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/739f33199d46119b8fe7dc76cebab9fb49ed048f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/739f33199d46119b8fe7dc76cebab9fb49ed048f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits