Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 319de1ca by security tracker role at 2022-06-01T08:10:14+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,95 @@ +CVE-2022-32202 (In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::Fe ...) + TODO: check +CVE-2022-32201 (In libjpeg 1.63, there is a NULL pointer dereference in Component::Sub ...) + TODO: check +CVE-2022-32200 (libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_strin ...) + TODO: check +CVE-2022-32199 + RESERVED +CVE-2022-32198 + RESERVED +CVE-2022-32197 + RESERVED +CVE-2022-32196 + RESERVED +CVE-2022-32195 + RESERVED +CVE-2022-32194 + RESERVED +CVE-2022-32193 + RESERVED +CVE-2022-32192 + RESERVED +CVE-2022-32191 + RESERVED +CVE-2022-32190 + RESERVED +CVE-2022-32189 + RESERVED +CVE-2022-32188 + RESERVED +CVE-2022-32187 + RESERVED +CVE-2022-32186 + RESERVED +CVE-2022-32185 + RESERVED +CVE-2022-32184 + RESERVED +CVE-2022-32183 + RESERVED +CVE-2022-32182 + RESERVED +CVE-2022-32181 + RESERVED +CVE-2022-32180 + RESERVED +CVE-2022-32179 + RESERVED +CVE-2022-32178 + RESERVED +CVE-2022-32177 + RESERVED +CVE-2022-32176 + RESERVED +CVE-2022-32175 + RESERVED +CVE-2022-32174 + RESERVED +CVE-2022-32173 + RESERVED +CVE-2022-32172 + RESERVED +CVE-2022-32171 + RESERVED +CVE-2022-32170 + RESERVED +CVE-2022-32169 + RESERVED +CVE-2022-32168 + RESERVED +CVE-2022-32167 + RESERVED +CVE-2022-32166 + RESERVED +CVE-2022-32165 + RESERVED +CVE-2022-32164 + RESERVED +CVE-2022-32163 + RESERVED +CVE-2022-32162 + RESERVED +CVE-2022-32161 + RESERVED +CVE-2022-32160 + RESERVED +CVE-2022-32159 + RESERVED +CVE-2022-1963 + RESERVED +CVE-2021-4233 + RESERVED CVE-2022-32158 RESERVED CVE-2022-32157 @@ -722,8 +814,8 @@ CVE-2022-31814 RESERVED CVE-2022-1948 RESERVED -CVE-2022-1947 - RESERVED +CVE-2022-1947 (Use of Incorrect Operator in GitHub repository polonel/trudesk prior t ...) + TODO: check CVE-2022-1946 RESERVED CVE-2022-31813 @@ -1402,8 +1494,8 @@ CVE-2022-31620 (In libjpeg before 1.64, BitStream<false>::Get in bitstream NOTE: https://github.com/thorfdbg/libjpeg/commit/ef4a29a62ab48b8dc235f4af52cfd6319eda9a6a CVE-2022-30533 RESERVED -CVE-2022-1893 - RESERVED +CVE-2022-1893 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...) + TODO: check CVE-2022-1892 RESERVED CVE-2022-1891 @@ -2436,8 +2528,8 @@ CVE-2022-31259 (The route lookup process in beego through 1.12.4 and 2.x through NOT-FOR-US: Beego CVE-2022-31258 (In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1. ...) - check-mk <removed> -CVE-2022-1808 - RESERVED +CVE-2022-1808 (Execution with Unnecessary Privileges in GitHub repository polonel/tru ...) + TODO: check CVE-2022-31257 RESERVED CVE-2022-31256 @@ -2583,8 +2675,8 @@ CVE-2022-31200 RESERVED CVE-2022-31199 RESERVED -CVE-2022-1797 - RESERVED +CVE-2022-1797 (A malformed Class 3 common industrial protocol message with a cached c ...) + TODO: check CVE-2022-31198 RESERVED CVE-2022-31197 @@ -2951,36 +3043,36 @@ CVE-2022-31017 RESERVED CVE-2022-31016 RESERVED -CVE-2022-31015 - RESERVED +CVE-2022-31015 (Waitress is a Web Server Gateway Interface server for Python 2 and 3. ...) + TODO: check CVE-2022-31014 RESERVED -CVE-2022-31013 - RESERVED +CVE-2022-31013 (Chat Server is the chat server for Vartalap, an open-source messaging ...) + TODO: check CVE-2022-31012 RESERVED -CVE-2022-31011 - RESERVED +CVE-2022-31011 (TiDB is an open-source NewSQL database that supports Hybrid Transactio ...) + TODO: check CVE-2022-31010 RESERVED CVE-2022-31009 RESERVED CVE-2022-31008 RESERVED -CVE-2022-31007 - RESERVED +CVE-2022-31007 (eLabFTW is an electronic lab notebook manager for research teams. Prio ...) + TODO: check CVE-2022-31006 RESERVED -CVE-2022-31005 - RESERVED +CVE-2022-31005 (Vapor is an HTTP web framework for Swift. Users of Vapor prior to vers ...) + TODO: check CVE-2022-31004 (CVEProject/cve-services is an open source project used to operate the ...) NOT-FOR-US: CVEProject/cve-services -CVE-2022-31003 - RESERVED +CVE-2022-31003 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...) + TODO: check CVE-2022-31002 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...) TODO: check -CVE-2022-31001 - RESERVED +CVE-2022-31001 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...) + TODO: check CVE-2022-31000 RESERVED CVE-2022-30999 (FriendsofFlarum (FoF) Upload is an extension that handles file uploads ...) @@ -3047,16 +3139,14 @@ CVE-2022-1791 RESERVED CVE-2022-1790 RESERVED -CVE-2022-1789 [KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID] - RESERVED +CVE-2022-1789 (With shadow paging enabled, the INVPCID instruction results in a call ...) - linux 5.17.11-1 NOTE: https://git.kernel.org/linus/9f46c187e2e680ecd9de7983e4d081c3391acc76 CVE-2022-1788 RESERVED CVE-2022-1787 RESERVED -CVE-2022-1786 [io_uring: always use original task when preparing req identity] - RESERVED +CVE-2022-1786 (A use-after-free flaw was found in the Linux kernel’s io_uring s ...) - linux 5.14.6-1 [buster] - linux <not-affected> (Vulnerable code introduced later) [stretch] - linux <not-affected> (Vulnerable code introduced later) @@ -4352,10 +4442,10 @@ CVE-2022-30527 CVE-2022-1662 RESERVED NOT-FOR-US: Red Hat convert2rhel -CVE-2022-1661 - RESERVED -CVE-2022-1660 - RESERVED +CVE-2022-1661 (The affected products are vulnerable to directory traversal, which may ...) + TODO: check +CVE-2022-1660 (The affected products are vulnerable of untrusted data due to deserial ...) + TODO: check CVE-2022-1659 RESERVED CVE-2022-1658 @@ -4556,8 +4646,8 @@ CVE-2022-30492 RESERVED CVE-2022-30491 RESERVED -CVE-2022-30490 - RESERVED +CVE-2022-30490 (Badminton Center Management System V1.0 is vulnerable to SQL Injection ...) + TODO: check CVE-2022-30489 (WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS ...) NOT-FOR-US: WAVLINK CVE-2022-30488 @@ -4572,16 +4662,16 @@ CVE-2022-30484 RESERVED CVE-2022-30483 RESERVED -CVE-2022-30482 - RESERVED -CVE-2022-30481 - RESERVED +CVE-2022-30482 (Ecommerce-project-with-php-and-mysqli-Fruits-Bazar- 1.0 is vulnerable ...) + TODO: check +CVE-2022-30481 (Food-order-and-table-reservation-system- 1.0 is vulnerable to SQL Inje ...) + TODO: check CVE-2022-30480 RESERVED CVE-2022-30479 RESERVED -CVE-2022-30478 - RESERVED +CVE-2022-30478 (Ecommerce-project-with-php-and-mysqli-Fruits-Bazar 1.0 is vulnerable t ...) + TODO: check CVE-2022-30477 (Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to conta ...) NOT-FOR-US: Tenda CVE-2022-30476 (Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to conta ...) @@ -5043,10 +5133,12 @@ CVE-2022-30295 (uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predict NOTE: https://mailman.openadk.org/mailman3/hyperkitty/list/de...@uclibc-ng.org/thread/6JWRW3P4VN54J5FHUDK7IQOU4V35HHDZ/ NOTE: src:uclibc switched to the uClibc-ng source codebase with the 1.0.20-1 upload. CVE-2022-30294 (In WebKitGTK through 2.36.0 (and WPE WebKit), there is a use-after-fre ...) + {DSA-5155-1 DSA-5154-1} - webkit2gtk 2.36.1-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) - wpewebkit 2.36.1-1 CVE-2022-30293 (In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based bu ...) + {DSA-5155-1 DSA-5154-1} - webkit2gtk 2.36.1-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) - wpewebkit 2.36.1-1 @@ -6947,8 +7039,8 @@ CVE-2022-29655 (An arbitrary file upload vulnerability in the Upload Photos modu NOT-FOR-US: Wedding Management System CVE-2022-29654 RESERVED -CVE-2022-29653 - RESERVED +CVE-2022-29653 (OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vu ...) + TODO: check CVE-2022-29652 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...) NOT-FOR-US: Sourcecodester Online Sports Complex Booking System CVE-2022-29651 (An arbitrary file upload vulnerability in the Select Image function of ...) @@ -6957,10 +7049,10 @@ CVE-2022-29650 (Online Food Ordering System v1.0 was discovered to contain a SQL NOT-FOR-US: Online Food Ordering System CVE-2022-29649 RESERVED -CVE-2022-29648 - RESERVED -CVE-2022-29647 - RESERVED +CVE-2022-29648 (A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows ...) + TODO: check +CVE-2022-29647 (An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability t ...) + TODO: check CVE-2022-29646 (An access control issue in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and ...) NOT-FOR-US: TOTOLINK CVE-2022-29645 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...) @@ -7005,8 +7097,8 @@ CVE-2022-29626 RESERVED CVE-2022-29625 RESERVED -CVE-2022-29624 - RESERVED +CVE-2022-29624 (An arbitrary file upload vulnerability in the Add File function of TPC ...) + TODO: check CVE-2022-29623 (An arbitrary file upload vulnerability in the file upload module of Co ...) NOT-FOR-US: expressjs/connect-multiparty CVE-2022-29622 (An arbitrary file upload vulnerability in formidable v3.1.4 allows att ...) @@ -7294,8 +7386,8 @@ CVE-2022-29542 RESERVED CVE-2022-29541 RESERVED -CVE-2022-29540 - RESERVED +CVE-2022-29540 (resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issu ...) + TODO: check CVE-2022-29539 (resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Inject ...) NOT-FOR-US: RESI Gemini-Net CVE-2022-29538 (RESI Gemini-Net Web 4.2 is affected by Improper Access Control in auth ...) @@ -9003,8 +9095,8 @@ CVE-2022-28947 RESERVED CVE-2022-28946 (An issue in the component ast/parser.go of Open Policy Agent v0.39.0 c ...) NOT-FOR-US: Open Policy Agent -CVE-2022-28945 - RESERVED +CVE-2022-28945 (An issue in Webbank WeCube v3.2.2 allows attackers to execute a direct ...) + TODO: check CVE-2022-28944 (Certain EMCO Software products are affected by: CWE-494: Download of C ...) NOT-FOR-US: EMCO CVE-2022-28943 @@ -9205,8 +9297,8 @@ CVE-2022-28861 RESERVED CVE-2022-28860 RESERVED -CVE-2022-1285 - RESERVED +CVE-2022-1285 (Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prio ...) + TODO: check CVE-2022-28857 RESERVED CVE-2022-28856 @@ -9923,8 +10015,7 @@ CVE-2022-1217 (The Custom TinyMCE Shortcode Button WordPress plugin through 1.1 NOT-FOR-US: WordPress plugin CVE-2022-1216 (The Advanced Image Sitemap WordPress plugin through 1.2 does not sanit ...) NOT-FOR-US: WordPress plugin -CVE-2022-1215 - RESERVED +CVE-2022-1215 (A format string vulnerability was found in libinput ...) - libinput 1.20.1-1 [bullseye] - libinput <no-dsa> (Minor issue) [buster] - libinput <no-dsa> (Minor issue) @@ -9943,8 +10034,8 @@ CVE-2022-28607 RESERVED CVE-2022-28606 (An arbitrary file upload vulnerability exists in Wenzhou Huoyin Inform ...) NOT-FOR-US: BossCMS -CVE-2022-28605 - RESERVED +CVE-2022-28605 (LinkPlay Sound Bar v1.0 allows attackers to escalate privileges via a ...) + TODO: check CVE-2022-28604 RESERVED CVE-2022-28603 @@ -13121,7 +13212,7 @@ CVE-2022-27183 (The Monitoring Console app configured in Distributed mode allows NOT-FOR-US: Splunk CVE-2022-27180 RESERVED -CVE-2022-26889 (The lack of sanitization in a relative url path in a search parameter ...) +CVE-2022-26889 (In Splunk Enterprise versions before 8.1.2, the uri path to load a rel ...) NOT-FOR-US: Splunk CVE-2022-26888 RESERVED @@ -15416,6 +15507,7 @@ CVE-2022-26720 (An out-of-bounds write issue was addressed with improved bounds NOT-FOR-US: Apple CVE-2022-26719 RESERVED + {DSA-5155-1 DSA-5154-1} - webkit2gtk 2.36.3-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) - wpewebkit 2.36.3-1 @@ -15424,12 +15516,14 @@ CVE-2022-26718 (An out-of-bounds read issue was addressed with improved input va NOT-FOR-US: Apple CVE-2022-26717 RESERVED + {DSA-5155-1 DSA-5154-1} - webkit2gtk 2.36.3-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) - wpewebkit 2.36.3-1 NOTE: https://webkitgtk.org/security/WSA-2022-0005.html CVE-2022-26716 RESERVED + {DSA-5155-1 DSA-5154-1} - webkit2gtk 2.36.3-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) - wpewebkit 2.36.3-1 @@ -15448,6 +15542,7 @@ CVE-2022-26710 RESERVED CVE-2022-26709 RESERVED + {DSA-5155-1 DSA-5154-1} - webkit2gtk 2.36.3-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) - wpewebkit 2.36.3-1 @@ -15470,6 +15565,7 @@ CVE-2022-26701 (A race condition was addressed with improved locking. This issue NOT-FOR-US: Apple CVE-2022-26700 RESERVED + {DSA-5155-1 DSA-5154-1} - webkit2gtk 2.36.3-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) - wpewebkit 2.36.3-1 @@ -21163,12 +21259,12 @@ CVE-2022-0557 (OS Command Injection in Packagist microweber/microweber prior to NOT-FOR-US: microweber CVE-2022-24703 RESERVED -CVE-2022-24702 - RESERVED -CVE-2022-24701 - RESERVED -CVE-2022-24700 - RESERVED +CVE-2022-24702 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in WinAPRS 2.9 ...) + TODO: check +CVE-2022-24701 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in WinAPRS 2.9 ...) + TODO: check +CVE-2022-24700 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in WinAPRS 2.9 ...) + TODO: check CVE-2022-0556 (A local privilege escalation vulnerability caused by incorrect permiss ...) NOT-FOR-US: Zyxel CVE-2022-0555 @@ -36872,14 +36968,14 @@ CVE-2021-44100 RESERVED CVE-2021-44099 RESERVED -CVE-2021-44098 - RESERVED -CVE-2021-44097 - RESERVED -CVE-2021-44096 - RESERVED -CVE-2021-44095 - RESERVED +CVE-2021-44098 (EGavilan Media Expense-Management-System 1.0 is vulnerable to SQL Inje ...) + TODO: check +CVE-2021-44097 (EGavilan Media Contact-Form-With-Messages-Entry-Management 1.0 is vuln ...) + TODO: check +CVE-2021-44096 (EGavilan Media User-Registration-and-Login-System-With-Admin-Panel 1.0 ...) + TODO: check +CVE-2021-44095 (Project Worlds Official Hospital Management System in php 1.0 is vulne ...) + TODO: check CVE-2021-44094 (ZrLog 2.2.2 has a remote command execution vulnerability at plugin dow ...) NOT-FOR-US: zrlog CVE-2021-44093 (A Remote Command Execution vulnerability on the background in zrlog 2. ...) @@ -36908,8 +37004,8 @@ CVE-2021-44082 (textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) vi NOT-FOR-US: Textpattern CMS CVE-2021-44081 (A buffer overflow vulnerability exists in the AMF of open5gs 2.1.4. Wh ...) NOT-FOR-US: Open5GS -CVE-2021-44080 - RESERVED +CVE-2021-44080 (A Command Injection vulnerability in httpd web server (setup.cgi) in S ...) + TODO: check CVE-2021-4001 (A race condition was found in the Linux kernel's ebpf verifier between ...) - linux 5.15.5-1 [bullseye] - linux 5.10.84-1 @@ -39798,8 +39894,8 @@ CVE-2021-43514 RESERVED CVE-2021-43513 RESERVED -CVE-2021-43512 - RESERVED +CVE-2021-43512 (An issue was discovered in FlightRadar24 v8.9.0, v8.10.0, v8.10.2, v8. ...) + TODO: check CVE-2021-43511 RESERVED CVE-2021-43510 (SQL Injection vulnerability exists in Sourcecodester Simple Client Man ...) @@ -42410,8 +42506,8 @@ CVE-2021-42874 RESERVED CVE-2021-42873 RESERVED -CVE-2021-42872 - RESERVED +CVE-2021-42872 (TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vuln ...) + TODO: check CVE-2021-42871 RESERVED CVE-2021-42870 (ACCEL-PPP 1.12.0 has an out-of-bounds read in post_msg when processing ...) @@ -43146,7 +43242,7 @@ CVE-2021-42583 (A Broken or Risky Cryptographic Algorithm exists in Max Mazurov NOT-FOR-US: Max Mazurov Maddy CVE-2021-42582 RESERVED -CVE-2021-42581 (Prototype poisoning in function mapObjIndexed in Ramda 0.27.0 and earl ...) +CVE-2021-42581 (** DISPUTED ** Prototype poisoning in function mapObjIndexed in Ramda ...) NOTE: Disputed issue against Node ramda NOTE: https://github.com/ramda/ramda/pull/3192 NOTE: https://jsfiddle.net/3pomzw5g/2/ @@ -45326,14 +45422,14 @@ CVE-2021-42206 RESERVED CVE-2021-42205 RESERVED -CVE-2021-42204 - RESERVED -CVE-2021-42203 - RESERVED -CVE-2021-42202 - RESERVED -CVE-2021-42201 - RESERVED +CVE-2021-42204 (An issue was discovered in swftools through 20201222. A heap-buffer-ov ...) + TODO: check +CVE-2021-42203 (An issue was discovered in swftools through 20201222. A heap-use-after ...) + TODO: check +CVE-2021-42202 (An issue was discovered in swftools through 20201222. A NULL pointer d ...) + TODO: check +CVE-2021-42201 (An issue was discovered in swftools through 20201222. A heap-buffer-ov ...) + TODO: check CVE-2021-42200 (An issue was discovered in swftools through 20201222. A NULL pointer d ...) TODO: check CVE-2021-42199 (An issue was discovered in swftools through 20201222. A heap buffer ov ...) @@ -50446,8 +50542,8 @@ CVE-2021-40188 (PHPFusion 9.03.110 is affected by an arbitrary file upload vulne NOT-FOR-US: PHP-Fusion CVE-2021-40187 RESERVED -CVE-2021-40186 - RESERVED +CVE-2021-40186 (The AppCheck research team identified a Server-Side Request Forgery (S ...) + TODO: check CVE-2021-40185 RESERVED CVE-2021-40184 @@ -58726,8 +58822,8 @@ CVE-2021-36892 RESERVED CVE-2021-36891 RESERVED -CVE-2021-36890 - RESERVED +CVE-2021-36890 (Cross-Site Request Forgery (CSRF) vulnerability in Social Share Button ...) + TODO: check CVE-2021-36889 (Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabiliti ...) NOT-FOR-US: WordPress plugin CVE-2021-36888 (Unauthenticated Arbitrary Options Update vulnerability leading to full ...) @@ -58774,8 +58870,8 @@ CVE-2021-36868 RESERVED CVE-2021-36867 (Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko ...) NOT-FOR-US: WordPress plugin -CVE-2021-36866 - RESERVED +CVE-2021-36866 (Authenticated (author or higher role) Stored Cross-Site Scripting (XSS ...) + TODO: check CVE-2021-36865 RESERVED CVE-2021-36864 @@ -66882,8 +66978,8 @@ CVE-2021-33506 (jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensu NOT-FOR-US: jitsi-meet-prosody CVE-2021-33505 (A local malicious user can circumvent the Falco detection engine throu ...) - falco <itp> (bug #842306) -CVE-2021-33504 - RESERVED +CVE-2021-33504 (Couchbase Server before 7.1.0 has Incorrect Access Control. ...) + TODO: check CVE-2021-33503 (An issue was discovered in urllib3 before 1.26.5. When provided with a ...) - python-urllib3 1.26.5-1~exp1 (bug #989848) [buster] - python-urllib3 <no-dsa> (Minor issue) @@ -69386,8 +69482,8 @@ CVE-2021-32548 (It was discovered that read_file() in apport/hookutils.py would NOT-FOR-US: Apport CVE-2021-32547 (It was discovered that read_file() in apport/hookutils.py would follow ...) NOT-FOR-US: Apport -CVE-2021-32546 - RESERVED +CVE-2021-32546 (Missing input validation in internal/db/repo_editor.go in Gogs before ...) + TODO: check CVE-2021-32545 (Pexip Infinity before 26 allows remote denial of service because of mi ...) NOT-FOR-US: Pexip Infinity CVE-2021-32544 (Special characters of IGT search function in igt+ are not filtered in ...) @@ -81964,8 +82060,8 @@ CVE-2021-27780 (The software may be vulnerable to both Un-Auth XML interaction a TODO: check CVE-2021-27779 (VersionVault Express exposes sensitive information that an attacker ca ...) NOT-FOR-US: HCL -CVE-2021-27778 - RESERVED +CVE-2021-27778 (HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by i ...) + TODO: check CVE-2021-27777 (XML External Entity (XXE) injection vulnerabilities occur when poorly ...) NOT-FOR-US: HCL CVE-2021-27776 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/319de1caf6b84b2c71fc6396c987139109a99ce4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/319de1caf6b84b2c71fc6396c987139109a99ce4 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits