Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: c92f8bf4 by security tracker role at 2021-07-07T20:10:36+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,19 @@ +CVE-2021-36219 + RESERVED +CVE-2021-36218 + RESERVED +CVE-2021-36217 (Avahi 0.8 allows a local denial of service (NULL pointer dereference a ...) + TODO: check +CVE-2021-36216 + RESERVED +CVE-2021-36215 + RESERVED +CVE-2021-36214 + RESERVED +CVE-2021-36213 + RESERVED +CVE-2021-36212 (app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored X ...) + TODO: check CVE-2021-3637 RESERVED NOT-FOR-US: Keycloak @@ -1753,8 +1769,8 @@ CVE-2021-35453 RESERVED CVE-2021-35452 RESERVED -CVE-2021-35451 - RESERVED +CVE-2021-35451 (In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenti ...) + TODO: check CVE-2021-35450 RESERVED CVE-2021-35449 @@ -3089,7 +3105,7 @@ CVE-2021-34825 (Quassel through 0.13.1, when --require-ssl is enabled, launches NOTE: https://github.com/quassel/quassel/pull/581 NOTE: https://bugs.quassel-irc.org/issues/1728 NOTE: '--require-ssl' flag added in https://github.com/quassel/quassel/pull/43 -CVE-2021-34824 (Istio before 1.9.6 and 1.10.x before 1.10.2 has Incorrect Access Contr ...) +CVE-2021-34824 (Istio (1.8.x, 1.9.0-1.9.5 and 1.10.0-1.10.1) contains a remotely explo ...) NOT-FOR-US: Istio CVE-2021-34823 RESERVED @@ -3545,22 +3561,22 @@ CVE-2021-34629 RESERVED CVE-2021-34628 RESERVED -CVE-2021-34627 - RESERVED -CVE-2021-34626 - RESERVED -CVE-2021-34625 - RESERVED -CVE-2021-34624 - RESERVED -CVE-2021-34623 - RESERVED -CVE-2021-34622 - RESERVED -CVE-2021-34621 - RESERVED -CVE-2021-34620 - RESERVED +CVE-2021-34627 (A vulnerability in the getSelectedMimeTypesByRole function of the WP U ...) + TODO: check +CVE-2021-34626 (A vulnerability in the deleteCustomType function of the WP Upload Rest ...) + TODO: check +CVE-2021-34625 (A vulnerability in the saveCustomType function of the WP Upload Restri ...) + TODO: check +CVE-2021-34624 (A vulnerability in the file uploader component found in the ~/src/Clas ...) + TODO: check +CVE-2021-34623 (A vulnerability in the image uploader component found in the ~/src/Cla ...) + TODO: check +CVE-2021-34622 (A vulnerability in the user profile update component found in the ~/sr ...) + TODO: check +CVE-2021-34621 (A vulnerability in the user registration component found in the ~/src/ ...) + TODO: check +CVE-2021-34620 (The WP Fluent Forms plugin < 3.6.67 for WordPress is vulnerable to ...) + TODO: check CVE-2021-34619 RESERVED CVE-2021-34618 @@ -6722,20 +6738,20 @@ CVE-2021-33223 RESERVED CVE-2021-33222 RESERVED -CVE-2021-33221 - RESERVED -CVE-2021-33220 - RESERVED -CVE-2021-33219 - RESERVED -CVE-2021-33218 - RESERVED -CVE-2021-33217 - RESERVED -CVE-2021-33216 - RESERVED -CVE-2021-33215 - RESERVED +CVE-2021-33221 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...) + TODO: check +CVE-2021-33220 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...) + TODO: check +CVE-2021-33219 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...) + TODO: check +CVE-2021-33218 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...) + TODO: check +CVE-2021-33217 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...) + TODO: check +CVE-2021-33216 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...) + TODO: check +CVE-2021-33215 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...) + TODO: check CVE-2021-33214 RESERVED CVE-2021-33213 @@ -8349,72 +8365,72 @@ CVE-2021-32540 (Add announcement function in the 101EIP system does not filter s NOT-FOR-US: 101EIP system CVE-2021-32539 (Add event in calendar function in the 101EIP system does not filter sp ...) NOT-FOR-US: 101EIP system -CVE-2021-32538 - RESERVED -CVE-2021-32537 - RESERVED +CVE-2021-32538 (ARTWARE CMS parameter of image upload function does not filter the typ ...) + TODO: check +CVE-2021-32537 (Realtek HAD contains a driver crashed vulnerability which allows local ...) + TODO: check CVE-2021-32536 (The login page in the MCUsystem does not filter with special character ...) NOT-FOR-US: MCUsystem -CVE-2021-32535 - RESERVED -CVE-2021-32534 - RESERVED -CVE-2021-32533 - RESERVED -CVE-2021-32532 - RESERVED -CVE-2021-32531 - RESERVED -CVE-2021-32530 - RESERVED -CVE-2021-32529 - RESERVED -CVE-2021-32528 - RESERVED -CVE-2021-32527 - RESERVED -CVE-2021-32526 - RESERVED -CVE-2021-32525 - RESERVED -CVE-2021-32524 - RESERVED -CVE-2021-32523 - RESERVED -CVE-2021-32522 - RESERVED -CVE-2021-32521 - RESERVED -CVE-2021-32520 - RESERVED -CVE-2021-32519 - RESERVED -CVE-2021-32518 - RESERVED -CVE-2021-32517 - RESERVED -CVE-2021-32516 - RESERVED -CVE-2021-32515 - RESERVED -CVE-2021-32514 - RESERVED -CVE-2021-32513 - RESERVED -CVE-2021-32512 - RESERVED -CVE-2021-32511 - RESERVED -CVE-2021-32510 - RESERVED -CVE-2021-32509 - RESERVED -CVE-2021-32508 - RESERVED -CVE-2021-32507 - RESERVED -CVE-2021-32506 - RESERVED +CVE-2021-32535 (The vulnerability of hard-coded default credentials in QSAN SANOS allo ...) + TODO: check +CVE-2021-32534 (QSAN SANOS factory reset function does not filter special parameters. ...) + TODO: check +CVE-2021-32533 (The QSAN SANOS setting page does not filter special parameters. Remote ...) + TODO: check +CVE-2021-32532 (Path traversal vulnerability in back-end analysis function in QSAN XEV ...) + TODO: check +CVE-2021-32531 (OS command injection vulnerability in Init function in QSAN XEVO allow ...) + TODO: check +CVE-2021-32530 (OS command injection vulnerability in Array function in QSAN XEVO allo ...) + TODO: check +CVE-2021-32529 (Command injection vulnerability in QSAN XEVO, SANOS allows remote unau ...) + TODO: check +CVE-2021-32528 (Observable behavioral discrepancy vulnerability in QSAN Storage Manage ...) + TODO: check +CVE-2021-32527 (Path traversal vulnerability in QSAN Storage Manager allows remote una ...) + TODO: check +CVE-2021-32526 (Incorrect permission assignment for critical resource vulnerability in ...) + TODO: check +CVE-2021-32525 (The same hard-coded password in QSAN Storage Manager's in the firmware ...) + TODO: check +CVE-2021-32524 (Command injection vulnerability in QSAN Storage Manager allows remote ...) + TODO: check +CVE-2021-32523 (Improper authorization vulnerability in QSAN Storage Manager allows re ...) + TODO: check +CVE-2021-32522 (Improper restriction of excessive authentication attempts vulnerabilit ...) + TODO: check +CVE-2021-32521 (Use of MAC address as an authenticated password in QSAN Storage Manage ...) + TODO: check +CVE-2021-32520 (Use of hard-coded cryptographic key vulnerability in QSAN Storage Mana ...) + TODO: check +CVE-2021-32519 (Use of password hash with insufficient computational effort vulnerabil ...) + TODO: check +CVE-2021-32518 (A vulnerability in share_link in QSAN Storage Manager allows remote at ...) + TODO: check +CVE-2021-32517 (Improper access control vulnerability in share_link in QSAN Storage Ma ...) + TODO: check +CVE-2021-32516 (Path traversal vulnerability in share_link in QSAN Storage Manager all ...) + TODO: check +CVE-2021-32515 (Directory listing vulnerability in share_link in QSAN Storage Manager ...) + TODO: check +CVE-2021-32514 (Improper access control vulnerability in FirmwareUpgrade in QSAN Stora ...) + TODO: check +CVE-2021-32513 (QsanTorture in QSAN Storage Manager does not filter special parameters ...) + TODO: check +CVE-2021-32512 (QuickInstall in QSAN Storage Manager does not filter special parameter ...) + TODO: check +CVE-2021-32511 (QSAN Storage Manager through directory listing vulnerability in ViewBr ...) + TODO: check +CVE-2021-32510 (QSAN Storage Manager through directory listing vulnerability in antivi ...) + TODO: check +CVE-2021-32509 (Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage M ...) + TODO: check +CVE-2021-32508 (Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage ...) + TODO: check +CVE-2021-32507 (Absolute Path Traversal vulnerability in FileDownload in QSAN Storage ...) + TODO: check +CVE-2021-32506 (Absolute Path Traversal vulnerability in GetImage in QSAN Storage Mana ...) + TODO: check CVE-2021-32505 RESERVED CVE-2021-32504 @@ -9783,8 +9799,8 @@ CVE-2021-31927 (An Insecure Direct Object Reference (IDOR) vulnerability in Anne NOT-FOR-US: Annex Cloud Loyalty Experience Platform CVE-2021-31926 (AMP Application Deployment Service in CubeCoders AMP 2.1.x before 2.1. ...) NOT-FOR-US: CubeCoders AMP -CVE-2021-31925 - RESERVED +CVE-2021-31925 (Pexip Infinity 25.x before 25.4 has Improper Input Validation, and thu ...) + TODO: check CVE-2021-31924 (Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the p ...) - pam-u2f 1.1.0-1.1 (bug #987545) [buster] - pam-u2f <not-affected> (Vulnerable code not present) @@ -10702,6 +10718,7 @@ CVE-2021-31600 CVE-2021-31599 RESERVED CVE-2021-31598 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) + {DLA-2705-1} - mapcache <unfixed> (bug #989363) [bullseye] - mapcache <no-dsa> (Minor issue) [buster] - mapcache <no-dsa> (Minor issue) @@ -11343,6 +11360,7 @@ CVE-2021-31350 CVE-2021-31349 RESERVED CVE-2021-31348 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) + {DLA-2705-1} - mapcache <unfixed> (bug #989363) [bullseye] - mapcache <no-dsa> (Minor issue) [buster] - mapcache <no-dsa> (Minor issue) @@ -11360,6 +11378,7 @@ CVE-2021-31348 (An issue was discovered in libezxml.a in ezXML 0.8.6. The functi [buster] - netcdf-parallel <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/27/ CVE-2021-31347 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) + {DLA-2705-1} - mapcache <unfixed> (bug #989363) [bullseye] - mapcache <no-dsa> (Minor issue) [buster] - mapcache <no-dsa> (Minor issue) @@ -11646,6 +11665,7 @@ CVE-2021-31231 (The Alertmanager in Grafana Enterprise Metrics before 1.2.1 and CVE-2021-31230 RESERVED CVE-2021-31229 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) + {DLA-2705-1} - mapcache <unfixed> (bug #989363) [bullseye] - mapcache <no-dsa> (Minor issue) [buster] - mapcache <no-dsa> (Minor issue) @@ -13388,6 +13408,7 @@ CVE-2021-30487 (In the topic moving API in Zulip Server 3.x before 3.4, organiza CVE-2021-30486 RESERVED CVE-2021-30485 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) + {DLA-2705-1} - mapcache <unfixed> (bug #989363) [bullseye] - mapcache <no-dsa> (Minor issue) [buster] - mapcache <no-dsa> (Minor issue) @@ -15192,8 +15213,8 @@ CVE-2021-29761 RESERVED CVE-2021-29760 RESERVED -CVE-2021-29759 - RESERVED +CVE-2021-29759 (IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 ...) + TODO: check CVE-2021-29758 RESERVED CVE-2021-29757 @@ -17274,8 +17295,8 @@ CVE-2021-28933 RESERVED CVE-2021-28932 RESERVED -CVE-2021-28931 - RESERVED +CVE-2021-28931 (Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers ...) + TODO: check CVE-2021-28930 RESERVED CVE-2021-28929 @@ -23702,10 +23723,10 @@ CVE-2021-3319 RESERVED CVE-2021-3318 (attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editori ...) NOT-FOR-US: DzzOffice -CVE-2021-26274 - RESERVED -CVE-2021-26273 - RESERVED +CVE-2021-26274 (The Agent in NinjaRMM 5.0.909 has Insecure Permissions. ...) + TODO: check +CVE-2021-26273 (The Agent in NinjaRMM 5.0.909 has Incorrect Access Control. ...) + TODO: check CVE-2021-3326 (The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and ...) - glibc 2.31-10 (bug #981198) [buster] - glibc <no-dsa> (Minor issue) @@ -24315,16 +24336,16 @@ CVE-2021-26041 RESERVED CVE-2021-26040 RESERVED -CVE-2021-26039 - RESERVED -CVE-2021-26038 - RESERVED -CVE-2021-26037 - RESERVED -CVE-2021-26036 - RESERVED -CVE-2021-26035 - RESERVED +CVE-2021-26039 (An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate es ...) + TODO: check +CVE-2021-26038 (An issue was discovered in Joomla! 2.5.0 through 3.9.27. Install actio ...) + TODO: check +CVE-2021-26037 (An issue was discovered in Joomla! 2.5.0 through 3.9.27. CMS functions ...) + TODO: check +CVE-2021-26036 (An issue was discovered in Joomla! 2.5.0 through 3.9.27. Missing valid ...) + TODO: check +CVE-2021-26035 (An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate es ...) + TODO: check CVE-2021-26034 (An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing tok ...) NOT-FOR-US: Joomla! CVE-2021-26033 (An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing tok ...) @@ -24510,8 +24531,8 @@ CVE-2021-25954 RESERVED CVE-2021-25953 RESERVED -CVE-2021-25952 - RESERVED +CVE-2021-25952 (Prototype pollution vulnerability in ‘just-safe-set’ versi ...) + TODO: check CVE-2021-25951 (XXE vulnerability in 'XML2Dict' version 0.2.2 allows an attacker to ca ...) NOT-FOR-US: XML2Dict CVE-2021-25950 @@ -32410,8 +32431,7 @@ CVE-2021-22557 RESERVED CVE-2021-22556 RESERVED -CVE-2021-22555 [netfilter: x_tables: fix compat match/target pad out-of-bound write] - RESERVED +CVE-2021-22555 (A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was disco ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 [stretch] - linux 4.9.272-1 @@ -33061,26 +33081,26 @@ CVE-2021-22235 RESERVED CVE-2021-22234 RESERVED -CVE-2021-22233 - RESERVED +CVE-2021-22233 (An information disclosure vulnerability in GitLab EE versions 13.10 an ...) + TODO: check CVE-2021-22232 (HTML injection was possible via the full name field before versions 13 ...) - gitlab <unfixed> -CVE-2021-22231 - RESERVED -CVE-2021-22230 - RESERVED +CVE-2021-22231 (A denial of service in user's profile page is found starting with GitL ...) + TODO: check +CVE-2021-22230 (Improper code rendering while rendering merge requests could be exploi ...) + TODO: check CVE-2021-22229 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab <unfixed> CVE-2021-22228 (An issue has been discovered in GitLab affecting all versions. Imprope ...) - gitlab <unfixed> -CVE-2021-22227 - RESERVED +CVE-2021-22227 (A reflected cross-site script vulnerability in GitLab before versions ...) + TODO: check CVE-2021-22226 (Under certain conditions, some users were able to push to protected br ...) - gitlab <unfixed> -CVE-2021-22225 - RESERVED -CVE-2021-22224 - RESERVED +CVE-2021-22225 (Insufficient input sanitization in markdown in GitLab version 13.11 an ...) + TODO: check +CVE-2021-22224 (A cross-site request forgery vulnerability in the GraphQL API in GitLa ...) + TODO: check CVE-2021-22223 (Client-Side code injection through Feature Flag name in GitLab CE/EE s ...) - gitlab <unfixed> CVE-2021-22222 (Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allow ...) @@ -34030,14 +34050,14 @@ CVE-2021-21791 RESERVED CVE-2021-21790 RESERVED -CVE-2021-21789 - RESERVED -CVE-2021-21788 - RESERVED -CVE-2021-21787 - RESERVED -CVE-2021-21786 - RESERVED +CVE-2021-21789 (A privilege escalation vulnerability exists in the way IOBit Advanced ...) + TODO: check +CVE-2021-21788 (A privilege escalation vulnerability exists in the way IOBit Advanced ...) + TODO: check +CVE-2021-21787 (A privilege escalation vulnerability exists in the way IOBit Advanced ...) + TODO: check +CVE-2021-21786 (A privilege escalation vulnerability exists in the IOCTL 0x9c406144 ha ...) + TODO: check CVE-2021-21785 RESERVED CVE-2021-21784 (An out-of-bounds write vulnerability exists in the JPG format SOF mark ...) @@ -38573,8 +38593,8 @@ CVE-2021-20476 RESERVED CVE-2021-20475 RESERVED -CVE-2021-20474 - RESERVED +CVE-2021-20474 (IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not perfor ...) + TODO: check CVE-2021-20473 RESERVED CVE-2021-20472 @@ -38687,12 +38707,12 @@ CVE-2021-20419 (IBM Security Guardium 11.2 uses weaker than expected cryptograph NOT-FOR-US: IBM CVE-2021-20418 RESERVED -CVE-2021-20417 - RESERVED -CVE-2021-20416 - RESERVED -CVE-2021-20415 - RESERVED +CVE-2021-20417 (IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attack ...) + TODO: check +CVE-2021-20416 (IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a r ...) + TODO: check +CVE-2021-20415 (IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account ...) + TODO: check CVE-2021-20414 RESERVED CVE-2021-20413 (IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attack ...) @@ -38763,10 +38783,10 @@ CVE-2021-20381 RESERVED CVE-2021-20380 (IBM QRadar Advisor With Watson App 1.1 through 2.5 as used on IBM QRad ...) NOT-FOR-US: IBM -CVE-2021-20379 - RESERVED -CVE-2021-20378 - RESERVED +CVE-2021-20379 (IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weaker tha ...) + TODO: check +CVE-2021-20378 (IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invali ...) + TODO: check CVE-2021-20377 RESERVED CVE-2021-20376 @@ -55121,8 +55141,8 @@ CVE-2020-25927 RESERVED CVE-2020-25926 RESERVED -CVE-2020-25925 - RESERVED +CVE-2020-25925 (Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10 ...) + TODO: check CVE-2020-25924 RESERVED CVE-2020-25923 @@ -55239,8 +55259,8 @@ CVE-2020-25869 (An information leak was discovered in MediaWiki before 1.31.10 a NOTE: MediaWiki 1.31.9 / 1.34.3 security releases announced at NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html NOTE: https://phabricator.wikimedia.org/T260485 -CVE-2020-25868 - RESERVED +CVE-2020-25868 (Pexip Infinity 22.x through 24.x before 24.2 has Improper Input Valida ...) + TODO: check CVE-2020-25867 (SoPlanning before 1.47 doesn't correctly check the security key used t ...) NOT-FOR-US: SoPlanning CVE-2020-25866 (In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dis ...) @@ -59458,24 +59478,24 @@ CVE-2020-24151 RESERVED CVE-2020-24150 RESERVED -CVE-2020-24149 - RESERVED -CVE-2020-24148 - RESERVED -CVE-2020-24147 - RESERVED -CVE-2020-24146 - RESERVED -CVE-2020-24145 - RESERVED -CVE-2020-24144 - RESERVED -CVE-2020-24143 - RESERVED -CVE-2020-24142 - RESERVED -CVE-2020-24141 - RESERVED +CVE-2020-24149 (Server-side request forgery (SSRF) in the Podcast Importer SecondLine ...) + TODO: check +CVE-2020-24148 (Server-side request forgery (SSRF) in the Import XML and RSS Feeds (im ...) + TODO: check +CVE-2020-24147 (Server-side request forgery (SSR) vulnerability in the WP Smart Import ...) + TODO: check +CVE-2020-24146 (Directory traversal in the CM Download Manager (aka cm-download-manage ...) + TODO: check +CVE-2020-24145 (Cross Site Scripting (XSS) vulnerability in the CM Download Manager (a ...) + TODO: check +CVE-2020-24144 (Directory traversal in the Media File Organizer (aka media-file-organi ...) + TODO: check +CVE-2020-24143 (Directory traversal in the Video Downloader for TikTok (aka downloader ...) + TODO: check +CVE-2020-24142 (Server-side request forgery in the Video Downloader for TikTok (aka do ...) + TODO: check +CVE-2020-24141 (Server-side request forgery in the WP-DownloadManager plugin 1.68.4 fo ...) + TODO: check CVE-2020-24140 (Server-side request forgery in Wcms 0.3.2 let an attacker send crafted ...) NOT-FOR-US: wmcs CVE-2020-24139 (Server-side request forgery in Wcms 0.3.2 lets an attacker send crafte ...) @@ -59682,8 +59702,8 @@ CVE-2020-24040 RESERVED CVE-2020-24039 RESERVED -CVE-2020-24038 - RESERVED +CVE-2020-24038 (myFax version 229 logs sensitive information in the export log module ...) + TODO: check CVE-2020-24037 RESERVED CVE-2020-24036 (PHP object injection in the Ajax endpoint of the backend in ForkCMS be ...) @@ -60394,12 +60414,12 @@ CVE-2020-23704 RESERVED CVE-2020-23703 RESERVED -CVE-2020-23702 - RESERVED +CVE-2020-23702 (Cross Site Scripting (XSS) vulnerability in PHP-Fusion 9.03.60 via 'Ne ...) + TODO: check CVE-2020-23701 RESERVED -CVE-2020-23700 - RESERVED +CVE-2020-23700 (Cross Site Scripting (XSS) vulnerability in LavaLite-CMS 5.8.0 via the ...) + TODO: check CVE-2020-23699 RESERVED CVE-2020-23698 @@ -67530,8 +67550,8 @@ CVE-2020-20227 (Mikrotik RouterOs stable 6.47 suffers from a memory corruption v NOT-FOR-US: Mikrotik RouterOs CVE-2020-20226 RESERVED -CVE-2020-20225 - RESERVED +CVE-2020-20225 (Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion ...) + TODO: check CVE-2020-20224 RESERVED CVE-2020-20223 @@ -67548,18 +67568,18 @@ CVE-2020-20218 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory NOT-FOR-US: Mikrotik RouterOs CVE-2020-20217 RESERVED -CVE-2020-20216 - RESERVED -CVE-2020-20215 - RESERVED +CVE-2020-20216 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corrup ...) + TODO: check +CVE-2020-20215 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corrup ...) + TODO: check CVE-2020-20214 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion fa ...) NOT-FOR-US: Mikrotik RouterOs -CVE-2020-20213 - RESERVED -CVE-2020-20212 - RESERVED -CVE-2020-20211 - RESERVED +CVE-2020-20213 (Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaus ...) + TODO: check +CVE-2020-20212 (Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corrup ...) + TODO: check +CVE-2020-20211 (Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion fa ...) + TODO: check CVE-2020-20210 RESERVED CVE-2020-20209 @@ -139244,7 +139264,7 @@ CVE-2019-13225 (A NULL Pointer Dereference in match_at() in regexec.c in Oniguru [jessie] - libonig <not-affected> (vulnerable code was introduced later) NOTE: https://github.com/kkos/oniguruma/commit/c509265c5f6ae7264f7b8a8aae1cfa5fc59d108c CVE-2019-13224 (A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 a ...) - {DLA-2431-1 DLA-1854-1} + {DSA-4527-1 DLA-2431-1 DLA-1854-1} - libonig 6.9.2-1 (low; bug #931878) [buster] - libonig <no-dsa> (Minor issue) - php7.0 <removed> @@ -157585,7 +157605,7 @@ CVE-2019-1000029 [DoS due to changing # of allowed users in root channel] NOTE: Introduced in: https://github.com/mumble-voip/mumble/commit/84b1bcecef790a84d10b2d1f2060c1681a2bb836 NOTE: Fixed by: https://github.com/mumble-voip/mumble/commit/3edc46ff7308691d342f8c08ce1afaaefce35a5c CVE-2019-6977 (gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka ...) - {DSA-4384-1 DLA-1651-1} + {DSA-4384-1 DLA-1679-1 DLA-1651-1} - libgd2 2.2.5-5.1 (bug #920645) - php7.3 7.3.1-1 (unimportant) - php7.0 <removed> (unimportant) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c92f8bf488544b2aa5daf7f9729f06639456c499 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c92f8bf488544b2aa5daf7f9729f06639456c499 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits