Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c92f8bf4 by security tracker role at 2021-07-07T20:10:36+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2021-36219
+ RESERVED
+CVE-2021-36218
+ RESERVED
+CVE-2021-36217 (Avahi 0.8 allows a local denial of service (NULL pointer
dereference a ...)
+ TODO: check
+CVE-2021-36216
+ RESERVED
+CVE-2021-36215
+ RESERVED
+CVE-2021-36214
+ RESERVED
+CVE-2021-36213
+ RESERVED
+CVE-2021-36212 (app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows
stored X ...)
+ TODO: check
CVE-2021-3637
RESERVED
NOT-FOR-US: Keycloak
@@ -1753,8 +1769,8 @@ CVE-2021-35453
RESERVED
CVE-2021-35452
RESERVED
-CVE-2021-35451
- RESERVED
+CVE-2021-35451 (In Teradici PCoIP Management Console-Enterprise 20.07.0, an
unauthenti ...)
+ TODO: check
CVE-2021-35450
RESERVED
CVE-2021-35449
@@ -3089,7 +3105,7 @@ CVE-2021-34825 (Quassel through 0.13.1, when
--require-ssl is enabled, launches
NOTE: https://github.com/quassel/quassel/pull/581
NOTE: https://bugs.quassel-irc.org/issues/1728
NOTE: '--require-ssl' flag added in
https://github.com/quassel/quassel/pull/43
-CVE-2021-34824 (Istio before 1.9.6 and 1.10.x before 1.10.2 has Incorrect
Access Contr ...)
+CVE-2021-34824 (Istio (1.8.x, 1.9.0-1.9.5 and 1.10.0-1.10.1) contains a
remotely explo ...)
NOT-FOR-US: Istio
CVE-2021-34823
RESERVED
@@ -3545,22 +3561,22 @@ CVE-2021-34629
RESERVED
CVE-2021-34628
RESERVED
-CVE-2021-34627
- RESERVED
-CVE-2021-34626
- RESERVED
-CVE-2021-34625
- RESERVED
-CVE-2021-34624
- RESERVED
-CVE-2021-34623
- RESERVED
-CVE-2021-34622
- RESERVED
-CVE-2021-34621
- RESERVED
-CVE-2021-34620
- RESERVED
+CVE-2021-34627 (A vulnerability in the getSelectedMimeTypesByRole function of
the WP U ...)
+ TODO: check
+CVE-2021-34626 (A vulnerability in the deleteCustomType function of the WP
Upload Rest ...)
+ TODO: check
+CVE-2021-34625 (A vulnerability in the saveCustomType function of the WP
Upload Restri ...)
+ TODO: check
+CVE-2021-34624 (A vulnerability in the file uploader component found in the
~/src/Clas ...)
+ TODO: check
+CVE-2021-34623 (A vulnerability in the image uploader component found in the
~/src/Cla ...)
+ TODO: check
+CVE-2021-34622 (A vulnerability in the user profile update component found in
the ~/sr ...)
+ TODO: check
+CVE-2021-34621 (A vulnerability in the user registration component found in
the ~/src/ ...)
+ TODO: check
+CVE-2021-34620 (The WP Fluent Forms plugin < 3.6.67 for WordPress is
vulnerable to ...)
+ TODO: check
CVE-2021-34619
RESERVED
CVE-2021-34618
@@ -6722,20 +6738,20 @@ CVE-2021-33223
RESERVED
CVE-2021-33222
RESERVED
-CVE-2021-33221
- RESERVED
-CVE-2021-33220
- RESERVED
-CVE-2021-33219
- RESERVED
-CVE-2021-33218
- RESERVED
-CVE-2021-33217
- RESERVED
-CVE-2021-33216
- RESERVED
-CVE-2021-33215
- RESERVED
+CVE-2021-33221 (An issue was discovered in CommScope Ruckus IoT Controller
1.7.1.0 and ...)
+ TODO: check
+CVE-2021-33220 (An issue was discovered in CommScope Ruckus IoT Controller
1.7.1.0 and ...)
+ TODO: check
+CVE-2021-33219 (An issue was discovered in CommScope Ruckus IoT Controller
1.7.1.0 and ...)
+ TODO: check
+CVE-2021-33218 (An issue was discovered in CommScope Ruckus IoT Controller
1.7.1.0 and ...)
+ TODO: check
+CVE-2021-33217 (An issue was discovered in CommScope Ruckus IoT Controller
1.7.1.0 and ...)
+ TODO: check
+CVE-2021-33216 (An issue was discovered in CommScope Ruckus IoT Controller
1.7.1.0 and ...)
+ TODO: check
+CVE-2021-33215 (An issue was discovered in CommScope Ruckus IoT Controller
1.7.1.0 and ...)
+ TODO: check
CVE-2021-33214
RESERVED
CVE-2021-33213
@@ -8349,72 +8365,72 @@ CVE-2021-32540 (Add announcement function in the 101EIP
system does not filter s
NOT-FOR-US: 101EIP system
CVE-2021-32539 (Add event in calendar function in the 101EIP system does not
filter sp ...)
NOT-FOR-US: 101EIP system
-CVE-2021-32538
- RESERVED
-CVE-2021-32537
- RESERVED
+CVE-2021-32538 (ARTWARE CMS parameter of image upload function does not filter
the typ ...)
+ TODO: check
+CVE-2021-32537 (Realtek HAD contains a driver crashed vulnerability which
allows local ...)
+ TODO: check
CVE-2021-32536 (The login page in the MCUsystem does not filter with special
character ...)
NOT-FOR-US: MCUsystem
-CVE-2021-32535
- RESERVED
-CVE-2021-32534
- RESERVED
-CVE-2021-32533
- RESERVED
-CVE-2021-32532
- RESERVED
-CVE-2021-32531
- RESERVED
-CVE-2021-32530
- RESERVED
-CVE-2021-32529
- RESERVED
-CVE-2021-32528
- RESERVED
-CVE-2021-32527
- RESERVED
-CVE-2021-32526
- RESERVED
-CVE-2021-32525
- RESERVED
-CVE-2021-32524
- RESERVED
-CVE-2021-32523
- RESERVED
-CVE-2021-32522
- RESERVED
-CVE-2021-32521
- RESERVED
-CVE-2021-32520
- RESERVED
-CVE-2021-32519
- RESERVED
-CVE-2021-32518
- RESERVED
-CVE-2021-32517
- RESERVED
-CVE-2021-32516
- RESERVED
-CVE-2021-32515
- RESERVED
-CVE-2021-32514
- RESERVED
-CVE-2021-32513
- RESERVED
-CVE-2021-32512
- RESERVED
-CVE-2021-32511
- RESERVED
-CVE-2021-32510
- RESERVED
-CVE-2021-32509
- RESERVED
-CVE-2021-32508
- RESERVED
-CVE-2021-32507
- RESERVED
-CVE-2021-32506
- RESERVED
+CVE-2021-32535 (The vulnerability of hard-coded default credentials in QSAN
SANOS allo ...)
+ TODO: check
+CVE-2021-32534 (QSAN SANOS factory reset function does not filter special
parameters. ...)
+ TODO: check
+CVE-2021-32533 (The QSAN SANOS setting page does not filter special
parameters. Remote ...)
+ TODO: check
+CVE-2021-32532 (Path traversal vulnerability in back-end analysis function in
QSAN XEV ...)
+ TODO: check
+CVE-2021-32531 (OS command injection vulnerability in Init function in QSAN
XEVO allow ...)
+ TODO: check
+CVE-2021-32530 (OS command injection vulnerability in Array function in QSAN
XEVO allo ...)
+ TODO: check
+CVE-2021-32529 (Command injection vulnerability in QSAN XEVO, SANOS allows
remote unau ...)
+ TODO: check
+CVE-2021-32528 (Observable behavioral discrepancy vulnerability in QSAN
Storage Manage ...)
+ TODO: check
+CVE-2021-32527 (Path traversal vulnerability in QSAN Storage Manager allows
remote una ...)
+ TODO: check
+CVE-2021-32526 (Incorrect permission assignment for critical resource
vulnerability in ...)
+ TODO: check
+CVE-2021-32525 (The same hard-coded password in QSAN Storage Manager's in the
firmware ...)
+ TODO: check
+CVE-2021-32524 (Command injection vulnerability in QSAN Storage Manager allows
remote ...)
+ TODO: check
+CVE-2021-32523 (Improper authorization vulnerability in QSAN Storage Manager
allows re ...)
+ TODO: check
+CVE-2021-32522 (Improper restriction of excessive authentication attempts
vulnerabilit ...)
+ TODO: check
+CVE-2021-32521 (Use of MAC address as an authenticated password in QSAN
Storage Manage ...)
+ TODO: check
+CVE-2021-32520 (Use of hard-coded cryptographic key vulnerability in QSAN
Storage Mana ...)
+ TODO: check
+CVE-2021-32519 (Use of password hash with insufficient computational effort
vulnerabil ...)
+ TODO: check
+CVE-2021-32518 (A vulnerability in share_link in QSAN Storage Manager allows
remote at ...)
+ TODO: check
+CVE-2021-32517 (Improper access control vulnerability in share_link in QSAN
Storage Ma ...)
+ TODO: check
+CVE-2021-32516 (Path traversal vulnerability in share_link in QSAN Storage
Manager all ...)
+ TODO: check
+CVE-2021-32515 (Directory listing vulnerability in share_link in QSAN Storage
Manager ...)
+ TODO: check
+CVE-2021-32514 (Improper access control vulnerability in FirmwareUpgrade in
QSAN Stora ...)
+ TODO: check
+CVE-2021-32513 (QsanTorture in QSAN Storage Manager does not filter special
parameters ...)
+ TODO: check
+CVE-2021-32512 (QuickInstall in QSAN Storage Manager does not filter special
parameter ...)
+ TODO: check
+CVE-2021-32511 (QSAN Storage Manager through directory listing vulnerability
in ViewBr ...)
+ TODO: check
+CVE-2021-32510 (QSAN Storage Manager through directory listing vulnerability
in antivi ...)
+ TODO: check
+CVE-2021-32509 (Absolute Path Traversal vulnerability in FileviewDoc in QSAN
Storage M ...)
+ TODO: check
+CVE-2021-32508 (Absolute Path Traversal vulnerability in FileStreaming in QSAN
Storage ...)
+ TODO: check
+CVE-2021-32507 (Absolute Path Traversal vulnerability in FileDownload in QSAN
Storage ...)
+ TODO: check
+CVE-2021-32506 (Absolute Path Traversal vulnerability in GetImage in QSAN
Storage Mana ...)
+ TODO: check
CVE-2021-32505
RESERVED
CVE-2021-32504
@@ -9783,8 +9799,8 @@ CVE-2021-31927 (An Insecure Direct Object Reference
(IDOR) vulnerability in Anne
NOT-FOR-US: Annex Cloud Loyalty Experience Platform
CVE-2021-31926 (AMP Application Deployment Service in CubeCoders AMP 2.1.x
before 2.1. ...)
NOT-FOR-US: CubeCoders AMP
-CVE-2021-31925
- RESERVED
+CVE-2021-31925 (Pexip Infinity 25.x before 25.4 has Improper Input Validation,
and thu ...)
+ TODO: check
CVE-2021-31924 (Yubico pam-u2f before 1.1.1 has a logic issue that, depending
on the p ...)
- pam-u2f 1.1.0-1.1 (bug #987545)
[buster] - pam-u2f <not-affected> (Vulnerable code not present)
@@ -10702,6 +10718,7 @@ CVE-2021-31600
CVE-2021-31599
RESERVED
CVE-2021-31598 (An issue was discovered in libezxml.a in ezXML 0.8.6. The
function ezx ...)
+ {DLA-2705-1}
- mapcache <unfixed> (bug #989363)
[bullseye] - mapcache <no-dsa> (Minor issue)
[buster] - mapcache <no-dsa> (Minor issue)
@@ -11343,6 +11360,7 @@ CVE-2021-31350
CVE-2021-31349
RESERVED
CVE-2021-31348 (An issue was discovered in libezxml.a in ezXML 0.8.6. The
function ezx ...)
+ {DLA-2705-1}
- mapcache <unfixed> (bug #989363)
[bullseye] - mapcache <no-dsa> (Minor issue)
[buster] - mapcache <no-dsa> (Minor issue)
@@ -11360,6 +11378,7 @@ CVE-2021-31348 (An issue was discovered in libezxml.a
in ezXML 0.8.6. The functi
[buster] - netcdf-parallel <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/ezxml/bugs/27/
CVE-2021-31347 (An issue was discovered in libezxml.a in ezXML 0.8.6. The
function ezx ...)
+ {DLA-2705-1}
- mapcache <unfixed> (bug #989363)
[bullseye] - mapcache <no-dsa> (Minor issue)
[buster] - mapcache <no-dsa> (Minor issue)
@@ -11646,6 +11665,7 @@ CVE-2021-31231 (The Alertmanager in Grafana Enterprise
Metrics before 1.2.1 and
CVE-2021-31230
RESERVED
CVE-2021-31229 (An issue was discovered in libezxml.a in ezXML 0.8.6. The
function ezx ...)
+ {DLA-2705-1}
- mapcache <unfixed> (bug #989363)
[bullseye] - mapcache <no-dsa> (Minor issue)
[buster] - mapcache <no-dsa> (Minor issue)
@@ -13388,6 +13408,7 @@ CVE-2021-30487 (In the topic moving API in Zulip Server
3.x before 3.4, organiza
CVE-2021-30486
RESERVED
CVE-2021-30485 (An issue was discovered in libezxml.a in ezXML 0.8.6. The
function ezx ...)
+ {DLA-2705-1}
- mapcache <unfixed> (bug #989363)
[bullseye] - mapcache <no-dsa> (Minor issue)
[buster] - mapcache <no-dsa> (Minor issue)
@@ -15192,8 +15213,8 @@ CVE-2021-29761
RESERVED
CVE-2021-29760
RESERVED
-CVE-2021-29759
- RESERVED
+CVE-2021-29759 (IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2,
and 1.3 ...)
+ TODO: check
CVE-2021-29758
RESERVED
CVE-2021-29757
@@ -17274,8 +17295,8 @@ CVE-2021-28933
RESERVED
CVE-2021-28932
RESERVED
-CVE-2021-28931
- RESERVED
+CVE-2021-28931 (Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows
attackers ...)
+ TODO: check
CVE-2021-28930
RESERVED
CVE-2021-28929
@@ -23702,10 +23723,10 @@ CVE-2021-3319
RESERVED
CVE-2021-3318 (attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the
editori ...)
NOT-FOR-US: DzzOffice
-CVE-2021-26274
- RESERVED
-CVE-2021-26273
- RESERVED
+CVE-2021-26274 (The Agent in NinjaRMM 5.0.909 has Insecure Permissions. ...)
+ TODO: check
+CVE-2021-26273 (The Agent in NinjaRMM 5.0.909 has Incorrect Access Control.
...)
+ TODO: check
CVE-2021-3326 (The iconv function in the GNU C Library (aka glibc or libc6)
2.32 and ...)
- glibc 2.31-10 (bug #981198)
[buster] - glibc <no-dsa> (Minor issue)
@@ -24315,16 +24336,16 @@ CVE-2021-26041
RESERVED
CVE-2021-26040
RESERVED
-CVE-2021-26039
- RESERVED
-CVE-2021-26038
- RESERVED
-CVE-2021-26037
- RESERVED
-CVE-2021-26036
- RESERVED
-CVE-2021-26035
- RESERVED
+CVE-2021-26039 (An issue was discovered in Joomla! 3.0.0 through 3.9.27.
Inadequate es ...)
+ TODO: check
+CVE-2021-26038 (An issue was discovered in Joomla! 2.5.0 through 3.9.27.
Install actio ...)
+ TODO: check
+CVE-2021-26037 (An issue was discovered in Joomla! 2.5.0 through 3.9.27. CMS
functions ...)
+ TODO: check
+CVE-2021-26036 (An issue was discovered in Joomla! 2.5.0 through 3.9.27.
Missing valid ...)
+ TODO: check
+CVE-2021-26035 (An issue was discovered in Joomla! 3.0.0 through 3.9.27.
Inadequate es ...)
+ TODO: check
CVE-2021-26034 (An issue was discovered in Joomla! 3.0.0 through 3.9.26. A
missing tok ...)
NOT-FOR-US: Joomla!
CVE-2021-26033 (An issue was discovered in Joomla! 3.0.0 through 3.9.26. A
missing tok ...)
@@ -24510,8 +24531,8 @@ CVE-2021-25954
RESERVED
CVE-2021-25953
RESERVED
-CVE-2021-25952
- RESERVED
+CVE-2021-25952 (Prototype pollution vulnerability in
‘just-safe-set’ versi ...)
+ TODO: check
CVE-2021-25951 (XXE vulnerability in 'XML2Dict' version 0.2.2 allows an
attacker to ca ...)
NOT-FOR-US: XML2Dict
CVE-2021-25950
@@ -32410,8 +32431,7 @@ CVE-2021-22557
RESERVED
CVE-2021-22556
RESERVED
-CVE-2021-22555 [netfilter: x_tables: fix compat match/target pad out-of-bound
write]
- RESERVED
+CVE-2021-22555 (A heap out-of-bounds write affecting Linux since v2.6.19-rc1
was disco ...)
- linux 5.10.38-1
[buster] - linux 4.19.194-1
[stretch] - linux 4.9.272-1
@@ -33061,26 +33081,26 @@ CVE-2021-22235
RESERVED
CVE-2021-22234
RESERVED
-CVE-2021-22233
- RESERVED
+CVE-2021-22233 (An information disclosure vulnerability in GitLab EE versions
13.10 an ...)
+ TODO: check
CVE-2021-22232 (HTML injection was possible via the full name field before
versions 13 ...)
- gitlab <unfixed>
-CVE-2021-22231
- RESERVED
-CVE-2021-22230
- RESERVED
+CVE-2021-22231 (A denial of service in user's profile page is found starting
with GitL ...)
+ TODO: check
+CVE-2021-22230 (Improper code rendering while rendering merge requests could
be exploi ...)
+ TODO: check
CVE-2021-22229 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <unfixed>
CVE-2021-22228 (An issue has been discovered in GitLab affecting all versions.
Imprope ...)
- gitlab <unfixed>
-CVE-2021-22227
- RESERVED
+CVE-2021-22227 (A reflected cross-site script vulnerability in GitLab before
versions ...)
+ TODO: check
CVE-2021-22226 (Under certain conditions, some users were able to push to
protected br ...)
- gitlab <unfixed>
-CVE-2021-22225
- RESERVED
-CVE-2021-22224
- RESERVED
+CVE-2021-22225 (Insufficient input sanitization in markdown in GitLab version
13.11 an ...)
+ TODO: check
+CVE-2021-22224 (A cross-site request forgery vulnerability in the GraphQL API
in GitLa ...)
+ TODO: check
CVE-2021-22223 (Client-Side code injection through Feature Flag name in GitLab
CE/EE s ...)
- gitlab <unfixed>
CVE-2021-22222 (Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to
3.4.5 allow ...)
@@ -34030,14 +34050,14 @@ CVE-2021-21791
RESERVED
CVE-2021-21790
RESERVED
-CVE-2021-21789
- RESERVED
-CVE-2021-21788
- RESERVED
-CVE-2021-21787
- RESERVED
-CVE-2021-21786
- RESERVED
+CVE-2021-21789 (A privilege escalation vulnerability exists in the way IOBit
Advanced ...)
+ TODO: check
+CVE-2021-21788 (A privilege escalation vulnerability exists in the way IOBit
Advanced ...)
+ TODO: check
+CVE-2021-21787 (A privilege escalation vulnerability exists in the way IOBit
Advanced ...)
+ TODO: check
+CVE-2021-21786 (A privilege escalation vulnerability exists in the IOCTL
0x9c406144 ha ...)
+ TODO: check
CVE-2021-21785
RESERVED
CVE-2021-21784 (An out-of-bounds write vulnerability exists in the JPG format
SOF mark ...)
@@ -38573,8 +38593,8 @@ CVE-2021-20476
RESERVED
CVE-2021-20475
RESERVED
-CVE-2021-20474
- RESERVED
+CVE-2021-20474 (IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does
not perfor ...)
+ TODO: check
CVE-2021-20473
RESERVED
CVE-2021-20472
@@ -38687,12 +38707,12 @@ CVE-2021-20419 (IBM Security Guardium 11.2 uses
weaker than expected cryptograph
NOT-FOR-US: IBM
CVE-2021-20418
RESERVED
-CVE-2021-20417
- RESERVED
-CVE-2021-20416
- RESERVED
-CVE-2021-20415
- RESERVED
+CVE-2021-20417 (IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a
remote attack ...)
+ TODO: check
+CVE-2021-20416 (IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could
allow a r ...)
+ TODO: check
+CVE-2021-20415 (IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate
account ...)
+ TODO: check
CVE-2021-20414
RESERVED
CVE-2021-20413 (IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a
remote attack ...)
@@ -38763,10 +38783,10 @@ CVE-2021-20381
RESERVED
CVE-2021-20380 (IBM QRadar Advisor With Watson App 1.1 through 2.5 as used on
IBM QRad ...)
NOT-FOR-US: IBM
-CVE-2021-20379
- RESERVED
-CVE-2021-20378
- RESERVED
+CVE-2021-20379 (IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses
weaker tha ...)
+ TODO: check
+CVE-2021-20378 (IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does
not invali ...)
+ TODO: check
CVE-2021-20377
RESERVED
CVE-2021-20376
@@ -55121,8 +55141,8 @@ CVE-2020-25927
RESERVED
CVE-2020-25926
RESERVED
-CVE-2020-25925
- RESERVED
+CVE-2020-25925 (Cross Site Scripting (XSS) in Webmail Calender in IceWarp
WebClient 10 ...)
+ TODO: check
CVE-2020-25924
RESERVED
CVE-2020-25923
@@ -55239,8 +55259,8 @@ CVE-2020-25869 (An information leak was discovered in
MediaWiki before 1.31.10 a
NOTE: MediaWiki 1.31.9 / 1.34.3 security releases announced at
NOTE:
https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html
NOTE: https://phabricator.wikimedia.org/T260485
-CVE-2020-25868
- RESERVED
+CVE-2020-25868 (Pexip Infinity 22.x through 24.x before 24.2 has Improper
Input Valida ...)
+ TODO: check
CVE-2020-25867 (SoPlanning before 1.47 doesn't correctly check the security
key used t ...)
NOT-FOR-US: SoPlanning
CVE-2020-25866 (In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP
protocol dis ...)
@@ -59458,24 +59478,24 @@ CVE-2020-24151
RESERVED
CVE-2020-24150
RESERVED
-CVE-2020-24149
- RESERVED
-CVE-2020-24148
- RESERVED
-CVE-2020-24147
- RESERVED
-CVE-2020-24146
- RESERVED
-CVE-2020-24145
- RESERVED
-CVE-2020-24144
- RESERVED
-CVE-2020-24143
- RESERVED
-CVE-2020-24142
- RESERVED
-CVE-2020-24141
- RESERVED
+CVE-2020-24149 (Server-side request forgery (SSRF) in the Podcast Importer
SecondLine ...)
+ TODO: check
+CVE-2020-24148 (Server-side request forgery (SSRF) in the Import XML and RSS
Feeds (im ...)
+ TODO: check
+CVE-2020-24147 (Server-side request forgery (SSR) vulnerability in the WP
Smart Import ...)
+ TODO: check
+CVE-2020-24146 (Directory traversal in the CM Download Manager (aka
cm-download-manage ...)
+ TODO: check
+CVE-2020-24145 (Cross Site Scripting (XSS) vulnerability in the CM Download
Manager (a ...)
+ TODO: check
+CVE-2020-24144 (Directory traversal in the Media File Organizer (aka
media-file-organi ...)
+ TODO: check
+CVE-2020-24143 (Directory traversal in the Video Downloader for TikTok (aka
downloader ...)
+ TODO: check
+CVE-2020-24142 (Server-side request forgery in the Video Downloader for TikTok
(aka do ...)
+ TODO: check
+CVE-2020-24141 (Server-side request forgery in the WP-DownloadManager plugin
1.68.4 fo ...)
+ TODO: check
CVE-2020-24140 (Server-side request forgery in Wcms 0.3.2 let an attacker send
crafted ...)
NOT-FOR-US: wmcs
CVE-2020-24139 (Server-side request forgery in Wcms 0.3.2 lets an attacker
send crafte ...)
@@ -59682,8 +59702,8 @@ CVE-2020-24040
RESERVED
CVE-2020-24039
RESERVED
-CVE-2020-24038
- RESERVED
+CVE-2020-24038 (myFax version 229 logs sensitive information in the export log
module ...)
+ TODO: check
CVE-2020-24037
RESERVED
CVE-2020-24036 (PHP object injection in the Ajax endpoint of the backend in
ForkCMS be ...)
@@ -60394,12 +60414,12 @@ CVE-2020-23704
RESERVED
CVE-2020-23703
RESERVED
-CVE-2020-23702
- RESERVED
+CVE-2020-23702 (Cross Site Scripting (XSS) vulnerability in PHP-Fusion 9.03.60
via 'Ne ...)
+ TODO: check
CVE-2020-23701
RESERVED
-CVE-2020-23700
- RESERVED
+CVE-2020-23700 (Cross Site Scripting (XSS) vulnerability in LavaLite-CMS 5.8.0
via the ...)
+ TODO: check
CVE-2020-23699
RESERVED
CVE-2020-23698
@@ -67530,8 +67550,8 @@ CVE-2020-20227 (Mikrotik RouterOs stable 6.47 suffers
from a memory corruption v
NOT-FOR-US: Mikrotik RouterOs
CVE-2020-20226
RESERVED
-CVE-2020-20225
- RESERVED
+CVE-2020-20225 (Mikrotik RouterOs before 6.47 (stable tree) suffers from an
assertion ...)
+ TODO: check
CVE-2020-20224
RESERVED
CVE-2020-20223
@@ -67548,18 +67568,18 @@ CVE-2020-20218 (Mikrotik RouterOs 6.44.6 (long-term
tree) suffers from a memory
NOT-FOR-US: Mikrotik RouterOs
CVE-2020-20217
RESERVED
-CVE-2020-20216
- RESERVED
-CVE-2020-20215
- RESERVED
+CVE-2020-20216 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a
memory corrup ...)
+ TODO: check
+CVE-2020-20215 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a
memory corrup ...)
+ TODO: check
CVE-2020-20214 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an
assertion fa ...)
NOT-FOR-US: Mikrotik RouterOs
-CVE-2020-20213
- RESERVED
-CVE-2020-20212
- RESERVED
-CVE-2020-20211
- RESERVED
+CVE-2020-20213 (Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an
stack exhaus ...)
+ TODO: check
+CVE-2020-20212 (Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a
memory corrup ...)
+ TODO: check
+CVE-2020-20211 (Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an
assertion fa ...)
+ TODO: check
CVE-2020-20210
RESERVED
CVE-2020-20209
@@ -139244,7 +139264,7 @@ CVE-2019-13225 (A NULL Pointer Dereference in
match_at() in regexec.c in Oniguru
[jessie] - libonig <not-affected> (vulnerable code was introduced later)
NOTE:
https://github.com/kkos/oniguruma/commit/c509265c5f6ae7264f7b8a8aae1cfa5fc59d108c
CVE-2019-13224 (A use-after-free in onig_new_deluxe() in regext.c in Oniguruma
6.9.2 a ...)
- {DLA-2431-1 DLA-1854-1}
+ {DSA-4527-1 DLA-2431-1 DLA-1854-1}
- libonig 6.9.2-1 (low; bug #931878)
[buster] - libonig <no-dsa> (Minor issue)
- php7.0 <removed>
@@ -157585,7 +157605,7 @@ CVE-2019-1000029 [DoS due to changing # of allowed
users in root channel]
NOTE: Introduced in:
https://github.com/mumble-voip/mumble/commit/84b1bcecef790a84d10b2d1f2060c1681a2bb836
NOTE: Fixed by:
https://github.com/mumble-voip/mumble/commit/3edc46ff7308691d342f8c08ce1afaaefce35a5c
CVE-2019-6977 (gdImageColorMatch in gd_color_match.c in the GD Graphics
Library (aka ...)
- {DSA-4384-1 DLA-1651-1}
+ {DSA-4384-1 DLA-1679-1 DLA-1651-1}
- libgd2 2.2.5-5.1 (bug #920645)
- php7.3 7.3.1-1 (unimportant)
- php7.0 <removed> (unimportant)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c92f8bf488544b2aa5daf7f9729f06639456c499
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c92f8bf488544b2aa5daf7f9729f06639456c499
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
