Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3f4368e2 by security tracker role at 2023-02-03T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,85 @@
+CVE-2023-25173
+ RESERVED
+CVE-2023-25172
+ RESERVED
+CVE-2023-25171
+ RESERVED
+CVE-2023-25170
+ RESERVED
+CVE-2023-25169
+ RESERVED
+CVE-2023-25168
+ RESERVED
+CVE-2023-25167
+ RESERVED
+CVE-2023-25166
+ RESERVED
+CVE-2023-25165
+ RESERVED
+CVE-2023-25164
+ RESERVED
+CVE-2023-25163
+ RESERVED
+CVE-2023-25162
+ RESERVED
+CVE-2023-25161
+ RESERVED
+CVE-2023-25160
+ RESERVED
+CVE-2023-25159
+ RESERVED
+CVE-2023-25158
+ RESERVED
+CVE-2023-25157
+ RESERVED
+CVE-2023-25156
+ RESERVED
+CVE-2023-25155
+ RESERVED
+CVE-2023-25154
+ RESERVED
+CVE-2023-25153
+ RESERVED
+CVE-2023-25152
+ RESERVED
+CVE-2023-25151
+ RESERVED
+CVE-2023-25150
+ RESERVED
+CVE-2023-25149
+ RESERVED
+CVE-2023-25148
+ RESERVED
+CVE-2023-25147
+ RESERVED
+CVE-2023-25146
+ RESERVED
+CVE-2023-25145
+ RESERVED
+CVE-2023-25144
+ RESERVED
+CVE-2023-25143
+ RESERVED
+CVE-2023-25142
+ RESERVED
+CVE-2023-25141
+ RESERVED
+CVE-2023-25140
+ RESERVED
+CVE-2023-0662
+ RESERVED
+CVE-2023-0661 (Improper access control in Devolutions Server allows an
authenticated ...)
+ TODO: check
+CVE-2023-0660
+ RESERVED
+CVE-2023-0659 (A vulnerability was found in BDCOM 1704-WGL 2.0.6314. It has
been clas ...)
+ TODO: check
+CVE-2022-4901
+ RESERVED
+CVE-2022-48310
+ RESERVED
+CVE-2022-48309
+ RESERVED
CVE-2023-25139 (sprintf in the GNU C Library (glibc) 2.37 has a buffer
overflow (out-o ...)
- glibc <undetermined>
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=30068
@@ -292,7 +374,7 @@ CVE-2023-0636
RESERVED
CVE-2023-0635
RESERVED
-CVE-2023-25136 [double-free vulnerability]
+CVE-2023-25136 (OpenSSH server (sshd) 9.1 introduced a double-free
vulnerability durin ...)
- openssh <unfixed>
[bullseye] - openssh <not-affected> (Vulnerable code not present)
[buster] - openssh <not-affected> (Vulnerable code not present)
@@ -1522,8 +1604,8 @@ CVE-2020-36658 (In Apache::Session::LDAP before 0.5,
validity of the X.509 certi
{DLA-3284-1}
- libapache-session-ldap-perl 0.5-1
NOTE: Fixed by:
https://github.com/LemonLDAPNG/Apache-Session-LDAP/commit/490722b71eed1ed1ab33d58c78578f23e043561f
(v0.5)
-CVE-2023-24576
- RESERVED
+CVE-2023-24576 (EMC NetWorker may potentially be vulnerable to an
unauthenticated remo ...)
+ TODO: check
CVE-2023-24575
RESERVED
CVE-2023-24574 (Dell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains
an "Unc ...)
@@ -2560,46 +2642,46 @@ CVE-2023-24159
RESERVED
CVE-2023-24158
RESERVED
-CVE-2023-24157
- RESERVED
-CVE-2023-24156
- RESERVED
-CVE-2023-24155
- RESERVED
-CVE-2023-24154
- RESERVED
-CVE-2023-24153
- RESERVED
-CVE-2023-24152
- RESERVED
-CVE-2023-24151
- RESERVED
-CVE-2023-24150
- RESERVED
-CVE-2023-24149
- RESERVED
-CVE-2023-24148
- RESERVED
-CVE-2023-24147
- RESERVED
-CVE-2023-24146
- RESERVED
-CVE-2023-24145
- RESERVED
-CVE-2023-24144
- RESERVED
-CVE-2023-24143
- RESERVED
-CVE-2023-24142
- RESERVED
-CVE-2023-24141
- RESERVED
-CVE-2023-24140
- RESERVED
-CVE-2023-24139
- RESERVED
-CVE-2023-24138
- RESERVED
+CVE-2023-24157 (A command injection vulnerability in the serverIp parameter in
the fun ...)
+ TODO: check
+CVE-2023-24156 (A command injection vulnerability in the ip parameter in the
function ...)
+ TODO: check
+CVE-2023-24155 (TOTOLINK T8 V4.1.5cu was discovered to contain a hard code
password fo ...)
+ TODO: check
+CVE-2023-24154 (TOTOLINK T8 V4.1.5cu was discovered to contain a command
injection vul ...)
+ TODO: check
+CVE-2023-24153 (A command injection vulnerability in the version parameter in
the func ...)
+ TODO: check
+CVE-2023-24152 (A command injection vulnerability in the serverIp parameter in
the fun ...)
+ TODO: check
+CVE-2023-24151 (A command injection vulnerability in the ip parameter in the
function ...)
+ TODO: check
+CVE-2023-24150 (A command injection vulnerability in the serverIp parameter in
the fun ...)
+ TODO: check
+CVE-2023-24149 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard
code pas ...)
+ TODO: check
+CVE-2023-24148 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a
command injec ...)
+ TODO: check
+CVE-2023-24147 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard
code pas ...)
+ TODO: check
+CVE-2023-24146 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a
command injec ...)
+ TODO: check
+CVE-2023-24145 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a
command injec ...)
+ TODO: check
+CVE-2023-24144 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a
command injec ...)
+ TODO: check
+CVE-2023-24143 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a
command injec ...)
+ TODO: check
+CVE-2023-24142 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a
command injec ...)
+ TODO: check
+CVE-2023-24141 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a
command injec ...)
+ TODO: check
+CVE-2023-24140 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a
command injec ...)
+ TODO: check
+CVE-2023-24139 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a
command injec ...)
+ TODO: check
+CVE-2023-24138 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a
command injec ...)
+ TODO: check
CVE-2023-24137
RESERVED
CVE-2023-24136
@@ -4628,8 +4710,8 @@ CVE-2023-23479
RESERVED
CVE-2023-23478
RESERVED
-CVE-2023-23477
- RESERVED
+CVE-2023-23477 (IBM WebSphere Application Server 8.5 and 9.0 traditional could
allow a ...)
+ TODO: check
CVE-2023-23476
RESERVED
CVE-2023-23475
@@ -5554,12 +5636,12 @@ CVE-2014-125074 (A vulnerability was found in Nayshlok
Voyager. It has been decl
NOT-FOR-US: Nayshlok Voyager
CVE-2013-10010 (A vulnerability classified as problematic has been found in
zerochplus ...)
NOT-FOR-US: zerochplus
-CVE-2023-23088
- RESERVED
-CVE-2023-23087
- RESERVED
-CVE-2023-23086
- RESERVED
+CVE-2023-23088 (Buffer OverFlow Vulnerability in Barenboim json-parser master
and v1.1 ...)
+ TODO: check
+CVE-2023-23087 (An issue was found in MojoJson v1.2.3 allows attackers to
execute arbi ...)
+ TODO: check
+CVE-2023-23086 (Buffer OverFlow Vulnerability in MojoJson v1.2.3 allows an
attacker to ...)
+ TODO: check
CVE-2023-23085
RESERVED
CVE-2023-23084
@@ -5780,8 +5862,8 @@ CVE-2023-22977
RESERVED
CVE-2023-22976
RESERVED
-CVE-2023-22975
- RESERVED
+CVE-2023-22975 (jfinal_cms 5.1.0 is vulnerable to Cross Site Scripting (XSS).
...)
+ TODO: check
CVE-2023-22974
RESERVED
CVE-2023-22973
@@ -6471,7 +6553,7 @@ CVE-2023-22849
RESERVED
CVE-2023-0114 (A vulnerability was found in Netis Netcore Router. It has been
rated a ...)
NOT-FOR-US: Netis Netcore Router
-CVE-2023-0113 (A vulnerability was found in Netis Netcore Router. It has been
declare ...)
+CVE-2023-0113 (A vulnerability was found in Netis Netcore Router up to 2.2.6.
It has ...)
NOT-FOR-US: Netis Netcore Router
CVE-2022-4880 (A vulnerability was found in stakira OpenUtau. It has been
classified ...)
NOT-FOR-US: stakira OpenUtau
@@ -17732,7 +17814,7 @@ CVE-2022-4001
RESERVED
CVE-2022-4000 (The WooCommerce Shipping WordPress plugin through 1.2.11 does
not sani ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3999 (The WooCommerce Shipping WordPress plugin through 1.2.11 does
not have ...)
+CVE-2022-3999 (The DPD Baltic Shipping WordPress plugin before 1.2.57 does not
have a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3998 (A vulnerability, which was classified as critical, was found in
Monika ...)
NOT-FOR-US: MonikaBrzica scm
@@ -21372,8 +21454,8 @@ CVE-2023-20856 (VMware vRealize Operations (vROps)
contains a CSRF bypass vulner
TODO: check
CVE-2023-20855
RESERVED
-CVE-2023-20854
- RESERVED
+CVE-2023-20854 (VMware Workstation contains an arbitrary file deletion
vulnerability. ...)
+ TODO: check
CVE-2022-44605
RESERVED
CVE-2022-44604
@@ -25030,8 +25112,8 @@ CVE-2022-43781 (There is a command injection
vulnerability using environment var
NOT-FOR-US: Atlassian
CVE-2022-43780 (Certain HP ENVY, OfficeJet, and DeskJet printers may be
vulnerable to ...)
NOT-FOR-US: HP
-CVE-2022-43779
- RESERVED
+CVE-2022-43779 (A potential Time-of-Check to Time-of-Use (TOCTOU)
vulnerability has be ...)
+ TODO: check
CVE-2022-43778
RESERVED
CVE-2022-43777
@@ -27645,10 +27727,10 @@ CVE-2022-42911
RESERVED
CVE-2022-42910
RESERVED
-CVE-2022-42909
- RESERVED
-CVE-2022-42908
- RESERVED
+CVE-2022-42909 (WEPA Print Away does not verify that a user has authorization
to acces ...)
+ TODO: check
+CVE-2022-42908 (WEPA Print Away is vulnerable to a stored XSS. It does not
properly sa ...)
+ TODO: check
CVE-2022-3499 (An authenticated attacker could utilize the identical agent and
cluste ...)
NOT-FOR-US: Nessus
CVE-2022-3498
@@ -33640,7 +33722,7 @@ CVE-2022-3207 (The Simple File List WordPress plugin
before 4.4.12 does not sani
NOT-FOR-US: WordPress plugin
CVE-2022-3206 (The Passster WordPress plugin before 3.5.5.5.2 stores the
password ins ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3205 (An XSS exists in automation controller UI where the project
name is su ...)
+CVE-2022-3205 (CVE-2022-3205 Controller: Cross site scripting in automation
controlle ...)
NOT-FOR-US: Red Hat Ansible Automation Controller
CVE-2022-3204 (A vulnerability named 'Non-Responsive Delegation Attack'
(NRDelegation ...)
- unbound 1.16.3-1
@@ -39599,8 +39681,8 @@ CVE-2022-2886 (A vulnerability, which was classified as
critical, was found in L
NOTE: Additional misreport for laravel, likely to be rejected
CVE-2022-2885 (Cross-site Scripting (XSS) - Stored in GitHub repository
yetiforcecomp ...)
NOT-FOR-US: yetiforcecrm
-CVE-2022-38396
- RESERVED
+CVE-2022-38396 (HP Factory Preinstalled Images on certain systems that shipped
with Wi ...)
+ TODO: check
CVE-2022-38395 (HP Support Assistant uses HP Performance Tune-up as a
diagnostic tool. ...)
NOT-FOR-US: HP
CVE-2022-38393 (A denial of service vulnerability exists in the cfg_server
cm_processC ...)
@@ -51447,8 +51529,8 @@ CVE-2022-34140 (A stored cross-site scripting (XSS)
vulnerability in /index.php?
NOT-FOR-US: Feehi CMS
CVE-2022-34139
RESERVED
-CVE-2022-34138
- RESERVED
+CVE-2022-34138 (Insecure direct object references (IDOR) in the web server of
Biltema ...)
+ TODO: check
CVE-2022-34137
RESERVED
CVE-2022-34136
@@ -57831,8 +57913,8 @@ CVE-2022-1894 (The Popup Builder WordPress plugin
before 4.1.11 does not escape
NOT-FOR-US: WordPress plugin
CVE-2021-4232 (A vulnerability classified as problematic has been found in Zoo
Manage ...)
NOT-FOR-US: Zoo Management System
-CVE-2022-31733
- RESERVED
+CVE-2022-31733 (Starting with diego-release 2.55.0 and up to 2.69.0, and
starting with ...)
+ TODO: check
CVE-2022-31732
RESERVED
CVE-2022-31731
@@ -115387,10 +115469,10 @@ CVE-2021-37521
RESERVED
CVE-2021-37520
RESERVED
-CVE-2021-37519
- RESERVED
-CVE-2021-37518
- RESERVED
+CVE-2021-37519 (Buffer Overflow vulnerability in authfile.c memcached 1.6.9
allows att ...)
+ TODO: check
+CVE-2021-37518 (Universal Cross Site Scripting (UXSS) vulnerability in Vimium
Extensio ...)
+ TODO: check
CVE-2021-37517 (An Access Control vulnerability exists in Dolibarr ERP/CRM
13.0.2, fix ...)
- dolibarr <removed>
CVE-2021-37516
@@ -115421,18 +115503,18 @@ CVE-2021-37504 (A cross-site scripting (XSS)
vulnerability in the fileNameStr pa
NOT-FOR-US: hayageek/jquery-upload-file
CVE-2021-37503
RESERVED
-CVE-2021-37502
- RESERVED
-CVE-2021-37501
- RESERVED
+CVE-2021-37502 (Cross Site Scripting (XSS) vulnerability in automad 1.7.5
allows remot ...)
+ TODO: check
+CVE-2021-37501 (Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0
through 1 ...)
+ TODO: check
CVE-2021-37500 (Directory traversal vulnerability in Reprise License Manager
(RLM) web ...)
TODO: check
CVE-2021-37499 (CRLF vulnerability in Reprise License Manager (RLM) web
interface thro ...)
TODO: check
CVE-2021-37498 (An SSRF issue was discovered in Reprise License Manager (RLM)
web inte ...)
TODO: check
-CVE-2021-37497
- RESERVED
+CVE-2021-37497 (SQL injection vulnerability in route of PbootCMS 3.0.5 allows
remote a ...)
+ TODO: check
CVE-2021-37496
RESERVED
CVE-2021-37495
@@ -115685,20 +115767,20 @@ CVE-2021-37381 (Southsoft GMIS 5.0 is vulnerable to
CSRF attacks. Attackers can
NOT-FOR-US: Southsoft GMIS
CVE-2021-37380
RESERVED
-CVE-2021-37379
- RESERVED
-CVE-2021-37378
- RESERVED
-CVE-2021-37377
- RESERVED
-CVE-2021-37376
- RESERVED
-CVE-2021-37375
- RESERVED
-CVE-2021-37374
- RESERVED
-CVE-2021-37373
- RESERVED
+CVE-2021-37379 (** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS)
vulnerabili ...)
+ TODO: check
+CVE-2021-37378 (** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS)
vulnerabili ...)
+ TODO: check
+CVE-2021-37377 (** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS)
vulnerabili ...)
+ TODO: check
+CVE-2021-37376 (** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS)
vulnerabili ...)
+ TODO: check
+CVE-2021-37375 (** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS)
vulnerabili ...)
+ TODO: check
+CVE-2021-37374 (** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS)
vulnerabili ...)
+ TODO: check
+CVE-2021-37373 (** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS)
vulnerabili ...)
+ TODO: check
CVE-2021-37372 (Online Student Admission System 1.0 is affected by an insecure
file up ...)
NOT-FOR-US: Online Student Admission System
CVE-2021-37371 (Online Student Admission System 1.0 is affected by an
unauthenticated ...)
@@ -115811,20 +115893,20 @@ CVE-2021-37319
RESERVED
CVE-2021-37318
RESERVED
-CVE-2021-37317
- RESERVED
-CVE-2021-37316
- RESERVED
-CVE-2021-37315
- RESERVED
+CVE-2021-37317 (Directory Traversal vulnerability in Cloud Disk in ASUS
RT-AC68U route ...)
+ TODO: check
+CVE-2021-37316 (SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U
router firm ...)
+ TODO: check
+CVE-2021-37315 (Incorrect Access Control issue discoverd in Cloud Disk in ASUS
RT-AC68 ...)
+ TODO: check
CVE-2021-37314
RESERVED
CVE-2021-37313
RESERVED
CVE-2021-37312
RESERVED
-CVE-2021-37311
- RESERVED
+CVE-2021-37311 (Buffer Overflow vulnerability in fcitx5 5.0.8 allows attackers
to caus ...)
+ TODO: check
CVE-2021-37310
RESERVED
CVE-2021-37309
@@ -115833,12 +115915,12 @@ CVE-2021-37308
RESERVED
CVE-2021-37307
RESERVED
-CVE-2021-37306
- RESERVED
-CVE-2021-37305
- RESERVED
-CVE-2021-37304
- RESERVED
+CVE-2021-37306 (An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier
allows r ...)
+ TODO: check
+CVE-2021-37305 (An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier
allows r ...)
+ TODO: check
+CVE-2021-37304 (An Insecure Permissions issue in jeecg-boot 2.4.5 allows
unauthenticat ...)
+ TODO: check
CVE-2021-37303
RESERVED
CVE-2021-37302
@@ -115977,8 +116059,8 @@ CVE-2021-37236
RESERVED
CVE-2021-37235
RESERVED
-CVE-2021-37234
- RESERVED
+CVE-2021-37234 (Incorrect Access Control vulnerability in Modern Honey Network
commit ...)
+ TODO: check
CVE-2021-37233
RESERVED
CVE-2021-37232 (A stack overflow vulnerability occurs in Atomicparsley
20210124.204813 ...)
@@ -117312,8 +117394,8 @@ CVE-2021-36714
RESERVED
CVE-2021-36713
RESERVED
-CVE-2021-36712
- RESERVED
+CVE-2021-36712 (Cross Site Scripting (XSS) vulnerability in yzmcms 6.1 allows
attacker ...)
+ TODO: check
CVE-2021-36711 (WebInterface in OctoBot before 0.4.4 allows remote code
execution beca ...)
NOT-FOR-US: OctoBot
CVE-2021-36710 (ToaruOS 1.99.2 is affected by incorrect access control via the
kernel. ...)
@@ -117609,10 +117691,10 @@ CVE-2021-36572 (Cross Site Scripting (XSS)
vulnerability in Feehi CMS thru 2.1.1
NOT-FOR-US: Feehi CMS
CVE-2021-36571
RESERVED
-CVE-2021-36570
- RESERVED
-CVE-2021-36569
- RESERVED
+CVE-2021-36570 (Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13
allows rem ...)
+ TODO: check
+CVE-2021-36569 (Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13
allows rem ...)
+ TODO: check
CVE-2021-36568 (In certain Moodle products after creating a course, it is
possible to ...)
- moodle <removed>
CVE-2021-36567 (ThinkPHP v6.0.8 was discovered to contain a deserialization
vulnerabil ...)
@@ -117657,12 +117739,12 @@ CVE-2021-36548 (A remote code execution (RCE)
vulnerability in the component /ad
NOT-FOR-US: Monstra CMS
CVE-2021-36547 (A remote code execution (RCE) vulnerability in the component
/codebase ...)
NOT-FOR-US: Mara CMS
-CVE-2021-36546
- RESERVED
-CVE-2021-36545
- RESERVED
-CVE-2021-36544
- RESERVED
+CVE-2021-36546 (Incorrect Access Control issue discovered in KiteCMS 1.1
allows remote ...)
+ TODO: check
+CVE-2021-36545 (Cross Site Scripting (XSS) vulnerability in tpcms 3.2 allows
remote at ...)
+ TODO: check
+CVE-2021-36544 (Incorrect Access Control issue discovered in tpcms 3.2 allows
remote a ...)
+ TODO: check
CVE-2021-36543 (Cross-Site Request Forgery (CSRF) vulnerability in the
/op/op.UnlockDo ...)
NOT-FOR-US: SeedDMS
CVE-2021-36542 (Cross-Site Request Forgery (CSRF) vulnerability in the
/op/op.LockDocu ...)
@@ -117673,20 +117755,20 @@ CVE-2021-36540
RESERVED
CVE-2021-36539 (Instructure Canvas LMS didn't properly deny access to
locked/unpublish ...)
TODO: check
-CVE-2021-36538
- RESERVED
+CVE-2021-36538 (Cross Site Scripting (XSS) vulnerability in Gurock TestRail
before 7.1 ...)
+ TODO: check
CVE-2021-36537
RESERVED
CVE-2021-36536
RESERVED
-CVE-2021-36535
- RESERVED
+CVE-2021-36535 (Buffer Overflow vulnerability in Cesanta mJS 1.26 allows
remote attack ...)
+ TODO: check
CVE-2021-36534
RESERVED
CVE-2021-36533
RESERVED
-CVE-2021-36532
- RESERVED
+CVE-2021-36532 (Race condition vulnerability discovered in portfolioCMS 1.0
allows rem ...)
+ TODO: check
CVE-2021-36531 (ngiflib 0.4 has a heap overflow in GetByte() at ngiflib.c:70
in NGIFLI ...)
NOT-FOR-US: ngiflib
CVE-2021-36530 (ngiflib 0.4 has a heap overflow in GetByteStr() at
ngiflib.c:108 in NG ...)
@@ -117743,8 +117825,8 @@ CVE-2021-36505
RESERVED
CVE-2021-36504
RESERVED
-CVE-2021-36503
- RESERVED
+CVE-2021-36503 (SQL injection vulnerability in native-php-cms 1.0 allows
remote attack ...)
+ TODO: check
CVE-2021-36502
RESERVED
CVE-2021-36501
@@ -117763,16 +117845,16 @@ CVE-2021-36495
RESERVED
CVE-2021-36494
RESERVED
-CVE-2021-36493
- RESERVED
+CVE-2021-36493 (Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows
attacke ...)
+ TODO: check
CVE-2021-36492
RESERVED
CVE-2021-36491
RESERVED
CVE-2021-36490
RESERVED
-CVE-2021-36489
- RESERVED
+CVE-2021-36489 (Buffer Overflow vulnerability in Allegro through 5.2.6 allows
attacker ...)
+ TODO: check
CVE-2021-36488
RESERVED
CVE-2021-36487
@@ -117781,8 +117863,8 @@ CVE-2021-36486
RESERVED
CVE-2021-36485
RESERVED
-CVE-2021-36484
- RESERVED
+CVE-2021-36484 (SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers
to run ...)
+ TODO: check
CVE-2021-36483 (DevExpress.XtraReports.UI through v21.1 allows attackers to
execute ar ...)
NOT-FOR-US: DevExpress.XtraReports.UI
CVE-2021-36482
@@ -117861,10 +117943,10 @@ CVE-2021-36446
RESERVED
CVE-2021-36445
RESERVED
-CVE-2021-36444
- RESERVED
-CVE-2021-36443
- RESERVED
+CVE-2021-36444 (Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4
allows re ...)
+ TODO: check
+CVE-2021-36443 (Cross Site Request Forgery vulnerability in imcat 5.4 allows
remote at ...)
+ TODO: check
CVE-2021-36442
RESERVED
CVE-2021-36441
@@ -117881,14 +117963,14 @@ CVE-2021-36436
RESERVED
CVE-2021-36435
RESERVED
-CVE-2021-36434
- RESERVED
-CVE-2021-36433
- RESERVED
-CVE-2021-36432
- RESERVED
-CVE-2021-36431
- RESERVED
+CVE-2021-36434 (SQL injection vulnerability in jocms 0.8 allows remote
attackers to ru ...)
+ TODO: check
+CVE-2021-36433 (SQL injection vulnerability in jocms 0.8 allows remote
attackers to ru ...)
+ TODO: check
+CVE-2021-36432 (SQL injection vulnerability in jocms 0.8 allows remote
attackers to ru ...)
+ TODO: check
+CVE-2021-36431 (SQL injection vulnerability in jocms 0.8 allows remote
attackers to ru ...)
+ TODO: check
CVE-2021-36430
RESERVED
CVE-2021-36429
@@ -117897,12 +117979,12 @@ CVE-2021-36428
RESERVED
CVE-2021-36427
RESERVED
-CVE-2021-36426
- RESERVED
-CVE-2021-36425
- RESERVED
-CVE-2021-36424
- RESERVED
+CVE-2021-36426 (File Upload vulnerability in phpwcms 1.9.25 allows remote
attackers to ...)
+ TODO: check
+CVE-2021-36425 (Directory traversal vulnerability in phpcms 1.9.25 allows
remote attac ...)
+ TODO: check
+CVE-2021-36424 (An issue discovered in phpwcms 1.9.25 allows remote attackers
to run a ...)
+ TODO: check
CVE-2021-36423
RESERVED
CVE-2021-36422
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f4368e2218a0f275996a966df978bfc121d5b1e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f4368e2218a0f275996a966df978bfc121d5b1e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
