Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 3f4368e2 by security tracker role at 2023-02-03T20:10:18+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,85 @@ +CVE-2023-25173 + RESERVED +CVE-2023-25172 + RESERVED +CVE-2023-25171 + RESERVED +CVE-2023-25170 + RESERVED +CVE-2023-25169 + RESERVED +CVE-2023-25168 + RESERVED +CVE-2023-25167 + RESERVED +CVE-2023-25166 + RESERVED +CVE-2023-25165 + RESERVED +CVE-2023-25164 + RESERVED +CVE-2023-25163 + RESERVED +CVE-2023-25162 + RESERVED +CVE-2023-25161 + RESERVED +CVE-2023-25160 + RESERVED +CVE-2023-25159 + RESERVED +CVE-2023-25158 + RESERVED +CVE-2023-25157 + RESERVED +CVE-2023-25156 + RESERVED +CVE-2023-25155 + RESERVED +CVE-2023-25154 + RESERVED +CVE-2023-25153 + RESERVED +CVE-2023-25152 + RESERVED +CVE-2023-25151 + RESERVED +CVE-2023-25150 + RESERVED +CVE-2023-25149 + RESERVED +CVE-2023-25148 + RESERVED +CVE-2023-25147 + RESERVED +CVE-2023-25146 + RESERVED +CVE-2023-25145 + RESERVED +CVE-2023-25144 + RESERVED +CVE-2023-25143 + RESERVED +CVE-2023-25142 + RESERVED +CVE-2023-25141 + RESERVED +CVE-2023-25140 + RESERVED +CVE-2023-0662 + RESERVED +CVE-2023-0661 (Improper access control in Devolutions Server allows an authenticated ...) + TODO: check +CVE-2023-0660 + RESERVED +CVE-2023-0659 (A vulnerability was found in BDCOM 1704-WGL 2.0.6314. It has been clas ...) + TODO: check +CVE-2022-4901 + RESERVED +CVE-2022-48310 + RESERVED +CVE-2022-48309 + RESERVED CVE-2023-25139 (sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-o ...) - glibc <undetermined> NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=30068 @@ -292,7 +374,7 @@ CVE-2023-0636 RESERVED CVE-2023-0635 RESERVED -CVE-2023-25136 [double-free vulnerability] +CVE-2023-25136 (OpenSSH server (sshd) 9.1 introduced a double-free vulnerability durin ...) - openssh <unfixed> [bullseye] - openssh <not-affected> (Vulnerable code not present) [buster] - openssh <not-affected> (Vulnerable code not present) @@ -1522,8 +1604,8 @@ CVE-2020-36658 (In Apache::Session::LDAP before 0.5, validity of the X.509 certi {DLA-3284-1} - libapache-session-ldap-perl 0.5-1 NOTE: Fixed by: https://github.com/LemonLDAPNG/Apache-Session-LDAP/commit/490722b71eed1ed1ab33d58c78578f23e043561f (v0.5) -CVE-2023-24576 - RESERVED +CVE-2023-24576 (EMC NetWorker may potentially be vulnerable to an unauthenticated remo ...) + TODO: check CVE-2023-24575 RESERVED CVE-2023-24574 (Dell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an "Unc ...) @@ -2560,46 +2642,46 @@ CVE-2023-24159 RESERVED CVE-2023-24158 RESERVED -CVE-2023-24157 - RESERVED -CVE-2023-24156 - RESERVED -CVE-2023-24155 - RESERVED -CVE-2023-24154 - RESERVED -CVE-2023-24153 - RESERVED -CVE-2023-24152 - RESERVED -CVE-2023-24151 - RESERVED -CVE-2023-24150 - RESERVED -CVE-2023-24149 - RESERVED -CVE-2023-24148 - RESERVED -CVE-2023-24147 - RESERVED -CVE-2023-24146 - RESERVED -CVE-2023-24145 - RESERVED -CVE-2023-24144 - RESERVED -CVE-2023-24143 - RESERVED -CVE-2023-24142 - RESERVED -CVE-2023-24141 - RESERVED -CVE-2023-24140 - RESERVED -CVE-2023-24139 - RESERVED -CVE-2023-24138 - RESERVED +CVE-2023-24157 (A command injection vulnerability in the serverIp parameter in the fun ...) + TODO: check +CVE-2023-24156 (A command injection vulnerability in the ip parameter in the function ...) + TODO: check +CVE-2023-24155 (TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password fo ...) + TODO: check +CVE-2023-24154 (TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vul ...) + TODO: check +CVE-2023-24153 (A command injection vulnerability in the version parameter in the func ...) + TODO: check +CVE-2023-24152 (A command injection vulnerability in the serverIp parameter in the fun ...) + TODO: check +CVE-2023-24151 (A command injection vulnerability in the ip parameter in the function ...) + TODO: check +CVE-2023-24150 (A command injection vulnerability in the serverIp parameter in the fun ...) + TODO: check +CVE-2023-24149 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code pas ...) + TODO: check +CVE-2023-24148 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...) + TODO: check +CVE-2023-24147 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code pas ...) + TODO: check +CVE-2023-24146 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...) + TODO: check +CVE-2023-24145 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...) + TODO: check +CVE-2023-24144 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...) + TODO: check +CVE-2023-24143 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...) + TODO: check +CVE-2023-24142 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...) + TODO: check +CVE-2023-24141 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...) + TODO: check +CVE-2023-24140 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...) + TODO: check +CVE-2023-24139 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...) + TODO: check +CVE-2023-24138 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...) + TODO: check CVE-2023-24137 RESERVED CVE-2023-24136 @@ -4628,8 +4710,8 @@ CVE-2023-23479 RESERVED CVE-2023-23478 RESERVED -CVE-2023-23477 - RESERVED +CVE-2023-23477 (IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a ...) + TODO: check CVE-2023-23476 RESERVED CVE-2023-23475 @@ -5554,12 +5636,12 @@ CVE-2014-125074 (A vulnerability was found in Nayshlok Voyager. It has been decl NOT-FOR-US: Nayshlok Voyager CVE-2013-10010 (A vulnerability classified as problematic has been found in zerochplus ...) NOT-FOR-US: zerochplus -CVE-2023-23088 - RESERVED -CVE-2023-23087 - RESERVED -CVE-2023-23086 - RESERVED +CVE-2023-23088 (Buffer OverFlow Vulnerability in Barenboim json-parser master and v1.1 ...) + TODO: check +CVE-2023-23087 (An issue was found in MojoJson v1.2.3 allows attackers to execute arbi ...) + TODO: check +CVE-2023-23086 (Buffer OverFlow Vulnerability in MojoJson v1.2.3 allows an attacker to ...) + TODO: check CVE-2023-23085 RESERVED CVE-2023-23084 @@ -5780,8 +5862,8 @@ CVE-2023-22977 RESERVED CVE-2023-22976 RESERVED -CVE-2023-22975 - RESERVED +CVE-2023-22975 (jfinal_cms 5.1.0 is vulnerable to Cross Site Scripting (XSS). ...) + TODO: check CVE-2023-22974 RESERVED CVE-2023-22973 @@ -6471,7 +6553,7 @@ CVE-2023-22849 RESERVED CVE-2023-0114 (A vulnerability was found in Netis Netcore Router. It has been rated a ...) NOT-FOR-US: Netis Netcore Router -CVE-2023-0113 (A vulnerability was found in Netis Netcore Router. It has been declare ...) +CVE-2023-0113 (A vulnerability was found in Netis Netcore Router up to 2.2.6. It has ...) NOT-FOR-US: Netis Netcore Router CVE-2022-4880 (A vulnerability was found in stakira OpenUtau. It has been classified ...) NOT-FOR-US: stakira OpenUtau @@ -17732,7 +17814,7 @@ CVE-2022-4001 RESERVED CVE-2022-4000 (The WooCommerce Shipping WordPress plugin through 1.2.11 does not sani ...) NOT-FOR-US: WordPress plugin -CVE-2022-3999 (The WooCommerce Shipping WordPress plugin through 1.2.11 does not have ...) +CVE-2022-3999 (The DPD Baltic Shipping WordPress plugin before 1.2.57 does not have a ...) NOT-FOR-US: WordPress plugin CVE-2022-3998 (A vulnerability, which was classified as critical, was found in Monika ...) NOT-FOR-US: MonikaBrzica scm @@ -21372,8 +21454,8 @@ CVE-2023-20856 (VMware vRealize Operations (vROps) contains a CSRF bypass vulner TODO: check CVE-2023-20855 RESERVED -CVE-2023-20854 - RESERVED +CVE-2023-20854 (VMware Workstation contains an arbitrary file deletion vulnerability. ...) + TODO: check CVE-2022-44605 RESERVED CVE-2022-44604 @@ -25030,8 +25112,8 @@ CVE-2022-43781 (There is a command injection vulnerability using environment var NOT-FOR-US: Atlassian CVE-2022-43780 (Certain HP ENVY, OfficeJet, and DeskJet printers may be vulnerable to ...) NOT-FOR-US: HP -CVE-2022-43779 - RESERVED +CVE-2022-43779 (A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has be ...) + TODO: check CVE-2022-43778 RESERVED CVE-2022-43777 @@ -27645,10 +27727,10 @@ CVE-2022-42911 RESERVED CVE-2022-42910 RESERVED -CVE-2022-42909 - RESERVED -CVE-2022-42908 - RESERVED +CVE-2022-42909 (WEPA Print Away does not verify that a user has authorization to acces ...) + TODO: check +CVE-2022-42908 (WEPA Print Away is vulnerable to a stored XSS. It does not properly sa ...) + TODO: check CVE-2022-3499 (An authenticated attacker could utilize the identical agent and cluste ...) NOT-FOR-US: Nessus CVE-2022-3498 @@ -33640,7 +33722,7 @@ CVE-2022-3207 (The Simple File List WordPress plugin before 4.4.12 does not sani NOT-FOR-US: WordPress plugin CVE-2022-3206 (The Passster WordPress plugin before 3.5.5.5.2 stores the password ins ...) NOT-FOR-US: WordPress plugin -CVE-2022-3205 (An XSS exists in automation controller UI where the project name is su ...) +CVE-2022-3205 (CVE-2022-3205 Controller: Cross site scripting in automation controlle ...) NOT-FOR-US: Red Hat Ansible Automation Controller CVE-2022-3204 (A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation ...) - unbound 1.16.3-1 @@ -39599,8 +39681,8 @@ CVE-2022-2886 (A vulnerability, which was classified as critical, was found in L NOTE: Additional misreport for laravel, likely to be rejected CVE-2022-2885 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...) NOT-FOR-US: yetiforcecrm -CVE-2022-38396 - RESERVED +CVE-2022-38396 (HP Factory Preinstalled Images on certain systems that shipped with Wi ...) + TODO: check CVE-2022-38395 (HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. ...) NOT-FOR-US: HP CVE-2022-38393 (A denial of service vulnerability exists in the cfg_server cm_processC ...) @@ -51447,8 +51529,8 @@ CVE-2022-34140 (A stored cross-site scripting (XSS) vulnerability in /index.php? NOT-FOR-US: Feehi CMS CVE-2022-34139 RESERVED -CVE-2022-34138 - RESERVED +CVE-2022-34138 (Insecure direct object references (IDOR) in the web server of Biltema ...) + TODO: check CVE-2022-34137 RESERVED CVE-2022-34136 @@ -57831,8 +57913,8 @@ CVE-2022-1894 (The Popup Builder WordPress plugin before 4.1.11 does not escape NOT-FOR-US: WordPress plugin CVE-2021-4232 (A vulnerability classified as problematic has been found in Zoo Manage ...) NOT-FOR-US: Zoo Management System -CVE-2022-31733 - RESERVED +CVE-2022-31733 (Starting with diego-release 2.55.0 and up to 2.69.0, and starting with ...) + TODO: check CVE-2022-31732 RESERVED CVE-2022-31731 @@ -115387,10 +115469,10 @@ CVE-2021-37521 RESERVED CVE-2021-37520 RESERVED -CVE-2021-37519 - RESERVED -CVE-2021-37518 - RESERVED +CVE-2021-37519 (Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows att ...) + TODO: check +CVE-2021-37518 (Universal Cross Site Scripting (UXSS) vulnerability in Vimium Extensio ...) + TODO: check CVE-2021-37517 (An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fix ...) - dolibarr <removed> CVE-2021-37516 @@ -115421,18 +115503,18 @@ CVE-2021-37504 (A cross-site scripting (XSS) vulnerability in the fileNameStr pa NOT-FOR-US: hayageek/jquery-upload-file CVE-2021-37503 RESERVED -CVE-2021-37502 - RESERVED -CVE-2021-37501 - RESERVED +CVE-2021-37502 (Cross Site Scripting (XSS) vulnerability in automad 1.7.5 allows remot ...) + TODO: check +CVE-2021-37501 (Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1 ...) + TODO: check CVE-2021-37500 (Directory traversal vulnerability in Reprise License Manager (RLM) web ...) TODO: check CVE-2021-37499 (CRLF vulnerability in Reprise License Manager (RLM) web interface thro ...) TODO: check CVE-2021-37498 (An SSRF issue was discovered in Reprise License Manager (RLM) web inte ...) TODO: check -CVE-2021-37497 - RESERVED +CVE-2021-37497 (SQL injection vulnerability in route of PbootCMS 3.0.5 allows remote a ...) + TODO: check CVE-2021-37496 RESERVED CVE-2021-37495 @@ -115685,20 +115767,20 @@ CVE-2021-37381 (Southsoft GMIS 5.0 is vulnerable to CSRF attacks. Attackers can NOT-FOR-US: Southsoft GMIS CVE-2021-37380 RESERVED -CVE-2021-37379 - RESERVED -CVE-2021-37378 - RESERVED -CVE-2021-37377 - RESERVED -CVE-2021-37376 - RESERVED -CVE-2021-37375 - RESERVED -CVE-2021-37374 - RESERVED -CVE-2021-37373 - RESERVED +CVE-2021-37379 (** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerabili ...) + TODO: check +CVE-2021-37378 (** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerabili ...) + TODO: check +CVE-2021-37377 (** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerabili ...) + TODO: check +CVE-2021-37376 (** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerabili ...) + TODO: check +CVE-2021-37375 (** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerabili ...) + TODO: check +CVE-2021-37374 (** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerabili ...) + TODO: check +CVE-2021-37373 (** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerabili ...) + TODO: check CVE-2021-37372 (Online Student Admission System 1.0 is affected by an insecure file up ...) NOT-FOR-US: Online Student Admission System CVE-2021-37371 (Online Student Admission System 1.0 is affected by an unauthenticated ...) @@ -115811,20 +115893,20 @@ CVE-2021-37319 RESERVED CVE-2021-37318 RESERVED -CVE-2021-37317 - RESERVED -CVE-2021-37316 - RESERVED -CVE-2021-37315 - RESERVED +CVE-2021-37317 (Directory Traversal vulnerability in Cloud Disk in ASUS RT-AC68U route ...) + TODO: check +CVE-2021-37316 (SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firm ...) + TODO: check +CVE-2021-37315 (Incorrect Access Control issue discoverd in Cloud Disk in ASUS RT-AC68 ...) + TODO: check CVE-2021-37314 RESERVED CVE-2021-37313 RESERVED CVE-2021-37312 RESERVED -CVE-2021-37311 - RESERVED +CVE-2021-37311 (Buffer Overflow vulnerability in fcitx5 5.0.8 allows attackers to caus ...) + TODO: check CVE-2021-37310 RESERVED CVE-2021-37309 @@ -115833,12 +115915,12 @@ CVE-2021-37308 RESERVED CVE-2021-37307 RESERVED -CVE-2021-37306 - RESERVED -CVE-2021-37305 - RESERVED -CVE-2021-37304 - RESERVED +CVE-2021-37306 (An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows r ...) + TODO: check +CVE-2021-37305 (An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows r ...) + TODO: check +CVE-2021-37304 (An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticat ...) + TODO: check CVE-2021-37303 RESERVED CVE-2021-37302 @@ -115977,8 +116059,8 @@ CVE-2021-37236 RESERVED CVE-2021-37235 RESERVED -CVE-2021-37234 - RESERVED +CVE-2021-37234 (Incorrect Access Control vulnerability in Modern Honey Network commit ...) + TODO: check CVE-2021-37233 RESERVED CVE-2021-37232 (A stack overflow vulnerability occurs in Atomicparsley 20210124.204813 ...) @@ -117312,8 +117394,8 @@ CVE-2021-36714 RESERVED CVE-2021-36713 RESERVED -CVE-2021-36712 - RESERVED +CVE-2021-36712 (Cross Site Scripting (XSS) vulnerability in yzmcms 6.1 allows attacker ...) + TODO: check CVE-2021-36711 (WebInterface in OctoBot before 0.4.4 allows remote code execution beca ...) NOT-FOR-US: OctoBot CVE-2021-36710 (ToaruOS 1.99.2 is affected by incorrect access control via the kernel. ...) @@ -117609,10 +117691,10 @@ CVE-2021-36572 (Cross Site Scripting (XSS) vulnerability in Feehi CMS thru 2.1.1 NOT-FOR-US: Feehi CMS CVE-2021-36571 RESERVED -CVE-2021-36570 - RESERVED -CVE-2021-36569 - RESERVED +CVE-2021-36570 (Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows rem ...) + TODO: check +CVE-2021-36569 (Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows rem ...) + TODO: check CVE-2021-36568 (In certain Moodle products after creating a course, it is possible to ...) - moodle <removed> CVE-2021-36567 (ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerabil ...) @@ -117657,12 +117739,12 @@ CVE-2021-36548 (A remote code execution (RCE) vulnerability in the component /ad NOT-FOR-US: Monstra CMS CVE-2021-36547 (A remote code execution (RCE) vulnerability in the component /codebase ...) NOT-FOR-US: Mara CMS -CVE-2021-36546 - RESERVED -CVE-2021-36545 - RESERVED -CVE-2021-36544 - RESERVED +CVE-2021-36546 (Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote ...) + TODO: check +CVE-2021-36545 (Cross Site Scripting (XSS) vulnerability in tpcms 3.2 allows remote at ...) + TODO: check +CVE-2021-36544 (Incorrect Access Control issue discovered in tpcms 3.2 allows remote a ...) + TODO: check CVE-2021-36543 (Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.UnlockDo ...) NOT-FOR-US: SeedDMS CVE-2021-36542 (Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.LockDocu ...) @@ -117673,20 +117755,20 @@ CVE-2021-36540 RESERVED CVE-2021-36539 (Instructure Canvas LMS didn't properly deny access to locked/unpublish ...) TODO: check -CVE-2021-36538 - RESERVED +CVE-2021-36538 (Cross Site Scripting (XSS) vulnerability in Gurock TestRail before 7.1 ...) + TODO: check CVE-2021-36537 RESERVED CVE-2021-36536 RESERVED -CVE-2021-36535 - RESERVED +CVE-2021-36535 (Buffer Overflow vulnerability in Cesanta mJS 1.26 allows remote attack ...) + TODO: check CVE-2021-36534 RESERVED CVE-2021-36533 RESERVED -CVE-2021-36532 - RESERVED +CVE-2021-36532 (Race condition vulnerability discovered in portfolioCMS 1.0 allows rem ...) + TODO: check CVE-2021-36531 (ngiflib 0.4 has a heap overflow in GetByte() at ngiflib.c:70 in NGIFLI ...) NOT-FOR-US: ngiflib CVE-2021-36530 (ngiflib 0.4 has a heap overflow in GetByteStr() at ngiflib.c:108 in NG ...) @@ -117743,8 +117825,8 @@ CVE-2021-36505 RESERVED CVE-2021-36504 RESERVED -CVE-2021-36503 - RESERVED +CVE-2021-36503 (SQL injection vulnerability in native-php-cms 1.0 allows remote attack ...) + TODO: check CVE-2021-36502 RESERVED CVE-2021-36501 @@ -117763,16 +117845,16 @@ CVE-2021-36495 RESERVED CVE-2021-36494 RESERVED -CVE-2021-36493 - RESERVED +CVE-2021-36493 (Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attacke ...) + TODO: check CVE-2021-36492 RESERVED CVE-2021-36491 RESERVED CVE-2021-36490 RESERVED -CVE-2021-36489 - RESERVED +CVE-2021-36489 (Buffer Overflow vulnerability in Allegro through 5.2.6 allows attacker ...) + TODO: check CVE-2021-36488 RESERVED CVE-2021-36487 @@ -117781,8 +117863,8 @@ CVE-2021-36486 RESERVED CVE-2021-36485 RESERVED -CVE-2021-36484 - RESERVED +CVE-2021-36484 (SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run ...) + TODO: check CVE-2021-36483 (DevExpress.XtraReports.UI through v21.1 allows attackers to execute ar ...) NOT-FOR-US: DevExpress.XtraReports.UI CVE-2021-36482 @@ -117861,10 +117943,10 @@ CVE-2021-36446 RESERVED CVE-2021-36445 RESERVED -CVE-2021-36444 - RESERVED -CVE-2021-36443 - RESERVED +CVE-2021-36444 (Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows re ...) + TODO: check +CVE-2021-36443 (Cross Site Request Forgery vulnerability in imcat 5.4 allows remote at ...) + TODO: check CVE-2021-36442 RESERVED CVE-2021-36441 @@ -117881,14 +117963,14 @@ CVE-2021-36436 RESERVED CVE-2021-36435 RESERVED -CVE-2021-36434 - RESERVED -CVE-2021-36433 - RESERVED -CVE-2021-36432 - RESERVED -CVE-2021-36431 - RESERVED +CVE-2021-36434 (SQL injection vulnerability in jocms 0.8 allows remote attackers to ru ...) + TODO: check +CVE-2021-36433 (SQL injection vulnerability in jocms 0.8 allows remote attackers to ru ...) + TODO: check +CVE-2021-36432 (SQL injection vulnerability in jocms 0.8 allows remote attackers to ru ...) + TODO: check +CVE-2021-36431 (SQL injection vulnerability in jocms 0.8 allows remote attackers to ru ...) + TODO: check CVE-2021-36430 RESERVED CVE-2021-36429 @@ -117897,12 +117979,12 @@ CVE-2021-36428 RESERVED CVE-2021-36427 RESERVED -CVE-2021-36426 - RESERVED -CVE-2021-36425 - RESERVED -CVE-2021-36424 - RESERVED +CVE-2021-36426 (File Upload vulnerability in phpwcms 1.9.25 allows remote attackers to ...) + TODO: check +CVE-2021-36425 (Directory traversal vulnerability in phpcms 1.9.25 allows remote attac ...) + TODO: check +CVE-2021-36424 (An issue discovered in phpwcms 1.9.25 allows remote attackers to run a ...) + TODO: check CVE-2021-36423 RESERVED CVE-2021-36422 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f4368e2218a0f275996a966df978bfc121d5b1e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f4368e2218a0f275996a966df978bfc121d5b1e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits