Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
34a9e870 by security tracker role at 2021-09-23T20:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2021-41572
+ RESERVED
+CVE-2021-41571
+ RESERVED
CVE-2021-41570
RESERVED
CVE-2021-41569
@@ -22,8 +26,8 @@ CVE-2021-41561
RESERVED
CVE-2021-3825
RESERVED
-CVE-2021-3824
- RESERVED
+CVE-2021-3824 (OpenVPN Access Server 2.9.0 through 2.9.4 allow remote
attackers to in ...)
+ TODO: check
CVE-2021-3823
RESERVED
CVE-2021-3822
@@ -302,8 +306,8 @@ CVE-2021-41430
RESERVED
CVE-2021-41429
RESERVED
-CVE-2021-41428
- RESERVED
+CVE-2021-41428 (Insecure permissions in Update Manager <= 5.8.0.2300 and
DFL <= ...)
+ TODO: check
CVE-2021-41427
RESERVED
CVE-2021-41426
@@ -397,8 +401,8 @@ CVE-2021-41383 (setup.cgi on NETGEAR R6020 1.0.0.48 devices
allows an admin to e
NOT-FOR-US: Netgear
CVE-2021-41382 (Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server
managem ...)
NOT-FOR-US: Plastic SCM
-CVE-2021-41381
- RESERVED
+CVE-2021-41381 (Payara Micro Community 5.2021.6 and below allows Directory
Traversal. ...)
+ TODO: check
CVE-2021-3816
RESERVED
CVE-2021-41380 (RealVNC Viewer 6.21.406 allows remote VNC servers to cause a
denial of ...)
@@ -6153,8 +6157,8 @@ CVE-2021-38879
RESERVED
CVE-2021-38878
RESERVED
-CVE-2021-38877
- RESERVED
+CVE-2021-38877 (IBM Jazz for Service Management 1.1.3.10 is vulnerable to
stored cross ...)
+ TODO: check
CVE-2021-38876
RESERVED
CVE-2021-38875
@@ -6167,8 +6171,8 @@ CVE-2021-38872
RESERVED
CVE-2021-38871
RESERVED
-CVE-2021-38870
- RESERVED
+CVE-2021-38870 (IBM Aspera Cloud is vulnerable to stored cross-site scripting.
This vu ...)
+ TODO: check
CVE-2021-38869
RESERVED
CVE-2021-38868
@@ -6179,10 +6183,10 @@ CVE-2021-38866
RESERVED
CVE-2021-38865
RESERVED
-CVE-2021-38864
- RESERVED
-CVE-2021-38863
- RESERVED
+CVE-2021-38864 (IBM Security Verify Bridge 1.0.5.0 could allow a user to
obtain sensit ...)
+ TODO: check
+CVE-2021-38863 (IBM Security Verify Bridge 1.0.5.0 stores user credentials in
plain cl ...)
+ TODO: check
CVE-2021-38862
RESERVED
CVE-2021-38861
@@ -10783,10 +10787,10 @@ CVE-2021-36875
RESERVED
CVE-2021-36874
RESERVED
-CVE-2021-36873
- RESERVED
-CVE-2021-36872
- RESERVED
+CVE-2021-36873 (Authenticated Persistent Cross-Site Scripting (XSS)
vulnerability in W ...)
+ TODO: check
+CVE-2021-36872 (Authenticated Persistent Cross-Site Scripting (XSS)
vulnerability in W ...)
+ TODO: check
CVE-2021-36871 (Multiple Authenticated Persistent Cross-Site Scripting (XSS)
vulnerabi ...)
NOT-FOR-US: Wordpress plugin
CVE-2021-36870 (Multiple Authenticated Persistent Cross-Site Scripting (XSS)
vulnerabi ...)
@@ -10883,8 +10887,8 @@ CVE-2021-36825
RESERVED
CVE-2021-36824
RESERVED
-CVE-2021-36823
- RESERVED
+CVE-2021-36823 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability
in WordP ...)
+ TODO: check
CVE-2021-36822
RESERVED
CVE-2021-36821
@@ -19836,8 +19840,8 @@ CVE-2021-33037 (Apache Tomcat 10.0.0-M1 to 10.0.6,
9.0.0.M1 to 9.0.46 and 8.5.0
NOTE:
https://github.com/apache/tomcat/commit/8874fa02e9b36baa9ca6b226c0882c0190ca5a02
(8.5.67)
CVE-2021-33036
RESERVED
-CVE-2021-33035
- RESERVED
+CVE-2021-33035 (Apache OpenOffice opens dBase/DBF documents and shows the
contents as ...)
+ TODO: check
CVE-2021-33034 (In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c
has a use ...)
{DLA-2690-1 DLA-2689-1}
- linux 5.10.38-1
@@ -19915,8 +19919,8 @@ CVE-2021-33001
RESERVED
CVE-2021-33000 (Parsing a maliciously crafted project file may cause a
heap-based buff ...)
NOT-FOR-US: WebAccess HMI Designer
-CVE-2021-32999
- RESERVED
+CVE-2021-32999 (Improper handling of exceptional conditions in SuiteLink
server while ...)
+ TODO: check
CVE-2021-32998
RESERVED
CVE-2021-32997
@@ -19939,8 +19943,8 @@ CVE-2021-32989
RESERVED
CVE-2021-32988 (FATEK Automation WinProladder Versions 3.30 and prior are
vulnerable t ...)
NOT-FOR-US: FATEK Automation WinProladder
-CVE-2021-32987
- RESERVED
+CVE-2021-32987 (Null pointer dereference in SuiteLink server while processing
command ...)
+ TODO: check
CVE-2021-32986
RESERVED
CVE-2021-32985
@@ -19955,8 +19959,8 @@ CVE-2021-32981
RESERVED
CVE-2021-32980
RESERVED
-CVE-2021-32979
- RESERVED
+CVE-2021-32979 (Null pointer dereference in SuiteLink server while processing
commands ...)
+ TODO: check
CVE-2021-32978
RESERVED
CVE-2021-32977
@@ -19971,8 +19975,8 @@ CVE-2021-32973
RESERVED
CVE-2021-32972 (Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an
attacke ...)
NOT-FOR-US: Panasonic
-CVE-2021-32971
- RESERVED
+CVE-2021-32971 (Null pointer dereference in SuiteLink server while processing
command ...)
+ TODO: check
CVE-2021-32970
RESERVED
CVE-2021-32969
@@ -19987,16 +19991,16 @@ CVE-2021-32965
RESERVED
CVE-2021-32964
RESERVED
-CVE-2021-32963
- RESERVED
+CVE-2021-32963 (Null pointer dereference in SuiteLink server while processing
commands ...)
+ TODO: check
CVE-2021-32962
RESERVED
CVE-2021-32961
RESERVED
CVE-2021-32960
RESERVED
-CVE-2021-32959
- RESERVED
+CVE-2021-32959 (Heap-based buffer overflow in SuiteLink server while
processing comman ...)
+ TODO: check
CVE-2021-32958
RESERVED
CVE-2021-32957
@@ -28118,10 +28122,10 @@ CVE-2021-29907 (IBM OpenPages with Watson 8.1 and 8.2
could allow an authenticat
NOT-FOR-US: IBM
CVE-2021-29906
RESERVED
-CVE-2021-29905
- RESERVED
-CVE-2021-29904
- RESERVED
+CVE-2021-29905 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli
Netcool/OMNIbu ...)
+ TODO: check
+CVE-2021-29904 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli
Netcool/OMNIbu ...)
+ TODO: check
CVE-2021-29903
RESERVED
CVE-2021-29902
@@ -28262,10 +28266,10 @@ CVE-2021-29835
RESERVED
CVE-2021-29834
RESERVED
-CVE-2021-29833
- RESERVED
-CVE-2021-29832
- RESERVED
+CVE-2021-29833 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli
Netcool/OMNIbu ...)
+ TODO: check
+CVE-2021-29832 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli
Netcool/OMNIbu ...)
+ TODO: check
CVE-2021-29831 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli
Netcool/OMNIbu ...)
NOT-FOR-US: IBM
CVE-2021-29830
@@ -28296,20 +28300,20 @@ CVE-2021-29818 (IBM Jazz for Service Management and
IBM Tivoli Netcool/OMNIbus_G
NOT-FOR-US: IBM
CVE-2021-29817 (IBM Jazz for Service Management and IBM Tivoli
Netcool/OMNIbus_GUI 8.1 ...)
NOT-FOR-US: IBM
-CVE-2021-29816
- RESERVED
-CVE-2021-29815
- RESERVED
-CVE-2021-29814
- RESERVED
-CVE-2021-29813
- RESERVED
-CVE-2021-29812
- RESERVED
+CVE-2021-29816 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli
Netcool/OMNIbu ...)
+ TODO: check
+CVE-2021-29815 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli
Netcool/OMNIbu ...)
+ TODO: check
+CVE-2021-29814 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli
Netcool/OMNIbu ...)
+ TODO: check
+CVE-2021-29813 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli
Netcool/OMNIbu ...)
+ TODO: check
+CVE-2021-29812 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli
Netcool/OMNIbu ...)
+ TODO: check
CVE-2021-29811 (IBM Jazz for Service Management and IBM Tivoli
Netcool/OMNIbus_GUI 8.1 ...)
NOT-FOR-US: IBM
-CVE-2021-29810
- RESERVED
+CVE-2021-29810 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli
Netcool/OMNIbu ...)
+ TODO: check
CVE-2021-29809 (IBM Jazz for Service Management and IBM Tivoli
Netcool/OMNIbus_GUI 8.1 ...)
NOT-FOR-US: IBM
CVE-2021-29808 (IBM Jazz for Service Management and IBM Tivoli
Netcool/OMNIbus_GUI 8.1 ...)
@@ -28328,8 +28332,8 @@ CVE-2021-29802 (IBM Security SOAR performs an operation
at a privilege level tha
NOT-FOR-US: IBM
CVE-2021-29801 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged
local user ...)
NOT-FOR-US: IBM
-CVE-2021-29800
- RESERVED
+CVE-2021-29800 (IBM Tivoli Netcool/OMNIbus_GUI and IBM Jazz for Service
Management 1.1 ...)
+ TODO: check
CVE-2021-29799
RESERVED
CVE-2021-29798
@@ -35636,8 +35640,8 @@ CVE-2021-26796
RESERVED
CVE-2021-26795
RESERVED
-CVE-2021-26794
- RESERVED
+CVE-2021-26794 (Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5
allows ...)
+ TODO: check
CVE-2021-26793
RESERVED
CVE-2021-26792
@@ -35724,8 +35728,8 @@ CVE-2021-26752 (NeDi 1.9C allows an authenticated user
to execute operating syst
NOT-FOR-US: NeDi
CVE-2021-26751 (NeDi 1.9C allows an authenticated user to perform a SQL
Injection in t ...)
NOT-FOR-US: NeDi
-CVE-2021-26750
- RESERVED
+CVE-2021-26750 (DLL hijacking in Panda Agent <=1.16.11 in Panda Security,
S.L.U. Pa ...)
+ TODO: check
CVE-2021-26749
RESERVED
CVE-2021-26748
@@ -44711,18 +44715,18 @@ CVE-2021-22955
RESERVED
CVE-2021-22954
RESERVED
-CVE-2021-22953
- RESERVED
-CVE-2021-22952
- RESERVED
+CVE-2021-22953 (A CSRF in Concrete CMS version 8.5.5 and below allows an
attacker to c ...)
+ TODO: check
+CVE-2021-22952 (A vulnerability found in UniFi Talk application V1.12.3 and
earlier pe ...)
+ TODO: check
CVE-2021-22951
RESERVED
-CVE-2021-22950
- RESERVED
-CVE-2021-22949
- RESERVED
-CVE-2021-22948
- RESERVED
+CVE-2021-22950 (Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing
attachme ...)
+ TODO: check
+CVE-2021-22949 (A CSRF in Concrete CMS version 8.5.5 and below allows an
attacker to d ...)
+ TODO: check
+CVE-2021-22948 (Vulnerability in the generation of session IDs in
revive-adserver < ...)
+ TODO: check
CVE-2021-22947 [STARTTLS protocol injection via MITM]
RESERVED
- curl <unfixed>
@@ -44733,8 +44737,7 @@ CVE-2021-22946 [Protocol downgrade required TLS
bypassed]
- curl <unfixed>
NOTE: https://curl.se/docs/CVE-2021-22946.html
NOTE: Fixed by:
https://github.com/curl/curl/commit/364f174724ef115c63d5e5dc1d3342c8a43b1cca
(curl-7_79_0)
-CVE-2021-22945 [UAF and double-free in MQTT sending]
- RESERVED
+CVE-2021-22945 (When sending data to an MQTT server, libcurl <= 7.73.0 and
7.78.0 c ...)
- curl <unfixed>
[buster] - curl <not-affected> (Vulnerable code introduced later)
[stretch] - curl <not-affected> (Vulnerable code introduced later)
@@ -44751,8 +44754,8 @@ CVE-2021-22942 [ossible Open Redirect in Host
Authorization Middleware]
[buster] - rails <not-affected> (Vulnerable code not present)
[stretch] - rails <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2021/08/20/1
-CVE-2021-22941
- RESERVED
+CVE-2021-22941 (Improper Access Control in Citrix ShareFile storage zones
controller b ...)
+ TODO: check
CVE-2021-22940 (Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a
use aft ...)
- nodejs 12.22.5~dfsg-1
[bullseye] - nodejs <not-affected> (Incomplete fix for CVE-2021-22930
not applied)
@@ -46344,8 +46347,8 @@ CVE-2021-22278
RESERVED
CVE-2021-22277
RESERVED
-CVE-2021-22276
- RESERVED
+CVE-2021-22276 (The vulnerability allows a successful attacker to bypass the
integrity ...)
+ TODO: check
CVE-2021-22275
RESERVED
CVE-2021-22274
@@ -46935,38 +46938,38 @@ CVE-2021-22022 (The vRealize Operations Manager API
(8.x prior to 8.5) contains
NOT-FOR-US: VMware
CVE-2021-22021 (VMware vRealize Log Insight (8.x prior to 8.4) contains a
Cross Site S ...)
NOT-FOR-US: VMware
-CVE-2021-22020
- RESERVED
-CVE-2021-22019
- RESERVED
-CVE-2021-22018
- RESERVED
-CVE-2021-22017
- RESERVED
-CVE-2021-22016
- RESERVED
-CVE-2021-22015
- RESERVED
-CVE-2021-22014
- RESERVED
-CVE-2021-22013
- RESERVED
-CVE-2021-22012
- RESERVED
-CVE-2021-22011
- RESERVED
-CVE-2021-22010
- RESERVED
-CVE-2021-22009
- RESERVED
-CVE-2021-22008
- RESERVED
-CVE-2021-22007
- RESERVED
-CVE-2021-22006
- RESERVED
-CVE-2021-22005
- RESERVED
+CVE-2021-22020 (The vCenter Server contains a denial-of-service vulnerability
in the A ...)
+ TODO: check
+CVE-2021-22019 (The vCenter Server contains a denial-of-service vulnerability
in VAPI ...)
+ TODO: check
+CVE-2021-22018 (The vCenter Server contains an arbitrary file deletion
vulnerability i ...)
+ TODO: check
+CVE-2021-22017 (Rhttproxy as used in vCenter Server contains a vulnerability
due to im ...)
+ TODO: check
+CVE-2021-22016 (The vCenter Server contains a reflected cross-site scripting
vulnerabi ...)
+ TODO: check
+CVE-2021-22015 (The vCenter Server contains multiple local privilege
escalation vulner ...)
+ TODO: check
+CVE-2021-22014 (The vCenter Server contains an authenticated code execution
vulnerabil ...)
+ TODO: check
+CVE-2021-22013 (The vCenter Server contains a file path traversal
vulnerability leadin ...)
+ TODO: check
+CVE-2021-22012 (The vCenter Server contains an information disclosure
vulnerability du ...)
+ TODO: check
+CVE-2021-22011 (vCenter Server contains an unauthenticated API endpoint
vulnerability ...)
+ TODO: check
+CVE-2021-22010 (The vCenter Server contains a denial-of-service vulnerability
in VPXD ...)
+ TODO: check
+CVE-2021-22009 (The vCenter Server contains multiple denial-of-service
vulnerabilities ...)
+ TODO: check
+CVE-2021-22008 (The vCenter Server contains an information disclosure
vulnerability in ...)
+ TODO: check
+CVE-2021-22007 (The vCenter Server contains a local information disclosure
vulnerabili ...)
+ TODO: check
+CVE-2021-22006 (The vCenter Server contains a reverse proxy bypass
vulnerability due t ...)
+ TODO: check
+CVE-2021-22005 (The vCenter Server contains an arbitrary file upload
vulnerability in ...)
+ TODO: check
CVE-2021-22004 (An issue was discovered in SaltStack Salt before 3003.3. The
salt mini ...)
- salt <unfixed> (bug #994016)
NOTE:
https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/
@@ -46991,8 +46994,8 @@ CVE-2021-21995 (OpenSLP as used in ESXi has a
denial-of-service vulnerability du
NOT-FOR-US: VMware
CVE-2021-21994 (SFCB (Small Footprint CIM Broker) as used in ESXi has an
authenticatio ...)
NOT-FOR-US: VMware
-CVE-2021-21993
- RESERVED
+CVE-2021-21993 (The vCenter Server contains an SSRF (Server Side Request
Forgery) vuln ...)
+ TODO: check
CVE-2021-21992 (The vCenter Server contains a denial-of-service vulnerability
due to i ...)
NOT-FOR-US: VMware
CVE-2021-21991 (The vCenter Server contains a local privilege escalation
vulnerability ...)
@@ -47167,8 +47170,8 @@ CVE-2021-21915
RESERVED
CVE-2021-21914
RESERVED
-CVE-2021-21913
- RESERVED
+CVE-2021-21913 (An information disclosure vulnerability exists in the WiFi
Smart Mesh ...)
+ TODO: check
CVE-2021-21912
RESERVED
CVE-2021-21911
@@ -51998,8 +52001,8 @@ CVE-2021-20565 (IBM Cloud Pak for Security (CP4S)
1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6
NOT-FOR-US: IBM
CVE-2021-20564 (IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1,
1.6.0.0, ...)
NOT-FOR-US: IBM
-CVE-2021-20563
- RESERVED
+CVE-2021-20563 (IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow
a remote ...)
+ TODO: check
CVE-2021-20562 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through
5.2.6.5_3 ...)
NOT-FOR-US: IBM
CVE-2021-20561
@@ -52154,10 +52157,10 @@ CVE-2021-20487 (IBM Power9 Self Boot Engine(SBE)
could allow a privileged user t
NOT-FOR-US: IBM
CVE-2021-20486 (IBM Cloud Pak for Data 3.0 could allow an authenticated user
to obtain ...)
NOT-FOR-US: IBM
-CVE-2021-20485
- RESERVED
-CVE-2021-20484
- RESERVED
+CVE-2021-20485 (IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow
a remote ...)
+ TODO: check
+CVE-2021-20484 (IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 is
vulnerable to cro ...)
+ TODO: check
CVE-2021-20483 (IBM Security Identity Manager 6.0.2 is vulnerable to
server-side reque ...)
NOT-FOR-US: IBM
CVE-2021-20482 (IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 are
vulnerable to ...)
@@ -52254,10 +52257,10 @@ CVE-2021-20437
RESERVED
CVE-2021-20436
RESERVED
-CVE-2021-20435
- RESERVED
-CVE-2021-20434
- RESERVED
+CVE-2021-20435 (IBM Security Verify Bridge 1.0.5.0 does not properly validate
a certif ...)
+ TODO: check
+CVE-2021-20434 (IBM Security Verify Bridge 1.0.5.0 stores user credentials in
plain cl ...)
+ TODO: check
CVE-2021-20433 (IBM Security Guardium 11.3 could allow a an authenticated user
to obta ...)
NOT-FOR-US: IBM
CVE-2021-20432 (IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses
Cross-Origin Reso ...)
@@ -52370,8 +52373,8 @@ CVE-2021-20379 (IBM Guardium Data Encryption (GDE)
3.0.0.3 and 4.0.0.4 uses weak
NOT-FOR-US: IBM
CVE-2021-20378 (IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does
not invali ...)
NOT-FOR-US: IBM
-CVE-2021-20377
- RESERVED
+CVE-2021-20377 (IBM Security Guardium 11.3 could allow a remote attacker to
obtain sen ...)
+ TODO: check
CVE-2021-20376
RESERVED
CVE-2021-20375
@@ -72933,8 +72936,8 @@ CVE-2020-24329
RESERVED
CVE-2020-24328
RESERVED
-CVE-2020-24327
- RESERVED
+CVE-2020-24327 (Server Side Request Forgery (SSRF) vulnerability exists in
Discourse 2 ...)
+ TODO: check
CVE-2020-24326
RESERVED
CVE-2020-24325
@@ -82877,6 +82880,7 @@ CVE-2020-19611
CVE-2020-19610
RESERVED
CVE-2020-19609 (Artifex MuPDF before 1.18.0 has a heap based buffer over-write
in tiff ...)
+ {DLA-2765-1}
- mupdf 1.17.0+ds1-2 (bug #991401)
[buster] - mupdf <no-dsa> (Minor issue; can be fixed via point release)
NOTE:
http://git.ghostscript.com/?p=mupdf.git;h=b7892cdc7fae62aa57d63ae62144e1f11b5f9275
@@ -121511,8 +121515,8 @@ CVE-2020-4943
RESERVED
CVE-2020-4942 (IBM Curam Social Program Management 7.0.9 and 7.0.11 is
vulnerable to ...)
NOT-FOR-US: IBM
-CVE-2020-4941
- RESERVED
+CVE-2020-4941 (IBM Edge 4.2 could reveal sensitive version information about
the serv ...)
+ TODO: check
CVE-2020-4940
RESERVED
CVE-2020-4939
@@ -121775,20 +121779,20 @@ CVE-2020-4811 (IBM Cloud Pak for Security (CP4S)
1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.
NOT-FOR-US: IBM
CVE-2020-4810
RESERVED
-CVE-2020-4809
- RESERVED
+CVE-2020-4809 (IBM Edge 4.2 allows web pages to be stored locally which can be
read b ...)
+ TODO: check
CVE-2020-4808
RESERVED
CVE-2020-4807
RESERVED
CVE-2020-4806
RESERVED
-CVE-2020-4805
- RESERVED
+CVE-2020-4805 (IBM Edge 4.2 allows web pages to be stored locally which can be
read b ...)
+ TODO: check
CVE-2020-4804
RESERVED
-CVE-2020-4803
- RESERVED
+CVE-2020-4803 (IBM Edge 4.2 allows web pages to be stored locally which can be
read b ...)
+ TODO: check
CVE-2020-4802
RESERVED
CVE-2020-4801
@@ -122016,8 +122020,8 @@ CVE-2020-4692 (IBM Sterling B2B Integrator Standard
Edition 6.0.0.0 through 6.0.
NOT-FOR-US: IBM
CVE-2020-4691 (IBM Jazz Foundation Products are vulnerable to cross-site
scripting. T ...)
NOT-FOR-US: IBM
-CVE-2020-4690
- RESERVED
+CVE-2020-4690 (IBM Security Guardium 11.3 contains hard-coded credentials,
such as a ...)
+ TODO: check
CVE-2020-4689 (IBM Security Guardium 11.2 is vulnerable to CVS Injection. A
remote pr ...)
NOT-FOR-US: IBM
CVE-2020-4688 (IBM Security Guardium 10.6 and 11.2 could allow a local
attacker to ex ...)
@@ -216116,6 +216120,7 @@ CVE-2018-10291
CVE-2018-10290
RESERVED
CVE-2018-10289 (In MuPDF 1.13.0, there is an infinite loop in the
fz_skip_space functi ...)
+ {DLA-2765-1}
- mupdf 1.13.0+ds1-3 (unimportant; bug #896545)
[jessie] - mupdf <not-affected> (Vulnerable code introduced later)
[wheezy] - mupdf <not-affected> (Vulnerable code introduced later)
@@ -226384,6 +226389,7 @@ CVE-2018-1000037 (In MuPDF 1.12.0 and earlier,
multiple reachable assertions in
NOTE:
https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=8a3257b01faa899dd9b5e35c6bb3403cd709c371;hp=de39f005f12a1afc6973c1f5cec362d6545f70cb
NOTE:
https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=b2e7d38e845c7d4922d05e6e41f3a2dc1bc1b14a;hp=f51836b9732c38d945b87fda0770009a77ba680c
CVE-2018-1000036 (In MuPDF 1.12.0 and earlier, multiple memory leaks in the
PDF parser a ...)
+ {DLA-2765-1}
- mupdf 1.14.0+ds1-1 (unimportant; bug #900129)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5502
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699695
@@ -277708,12 +277714,14 @@ CVE-2016-10248 (The jpc_tsfb_synthesize function in
jpc_tsfb.c in JasPer before
NOTE: Not suitable for code injection, hardly denial of service
NOTE:
https://github.com/mdadams/jasper/commit/2e82fa00466ae525339754bb3ab0a0474a31d4bd
CVE-2016-10247 (Buffer overflow in the my_getline function in jstest_main.c in
Mujstes ...)
+ {DLA-2765-1}
- mupdf 1.11+ds1-1 (unimportant)
[wheezy] - mupdf <not-affected> (Vulnerable code not present)
NOTE: Although jstest_main.c compiled during build and mujstest is
created
NOTE: it is not included in the produced binary packages
NOTE: https://www.openwall.com/lists/oss-security/2016/10/16/19
CVE-2016-10246 (Buffer overflow in the main function in jstest_main.c in
Mujstest in A ...)
+ {DLA-2765-1}
- mupdf 1.11+ds1-1 (unimportant)
[wheezy] - mupdf <not-affected> (Vulnerable code not present)
NOTE: Although jstest_main.c compiled during build and mujstest is
created
@@ -279961,6 +279969,7 @@ CVE-2016-10226 (JavaScriptCore in WebKit, as
distributed in Safari Technology Pr
CVE-2017-6061 (Cross-site scripting (XSS) vulnerability in the help component
of SAP ...)
NOT-FOR-US: SAP
CVE-2017-6060 (Stack-based buffer overflow in jstest_main.c in mujstest in
Artifex So ...)
+ {DLA-2765-1}
- mupdf 1.12.0+ds1-1 (unimportant)
[wheezy] - mupdf <not-affected> (Vulnerable code not present)
NOTE: Although jstest_main.c compiled during build and mujstest is
created
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34a9e870f22b8f8739c99a9b7ace0b92945b7997
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34a9e870f22b8f8739c99a9b7ace0b92945b7997
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
