Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8a9d1827 by security tracker role at 2023-08-11T20:12:39+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2023-3937 (Cross site scripting vulnerability in web portal in Snow
Software Lice ...)
+ TODO: check
+CVE-2023-3864 (Blind SQL injection in a service running in Snow Software
license mana ...)
+ TODO: check
+CVE-2023-39949 (eprosima Fast DDS is a C++ implementation of the Data
Distribution Ser ...)
+ TODO: check
+CVE-2023-39948 (eprosima Fast DDS is a C++ implementation of the Data
Distribution Ser ...)
+ TODO: check
+CVE-2023-39947 (eprosima Fast DDS is a C++ implementation of the Data
Distribution Ser ...)
+ TODO: check
+CVE-2023-39946 (eprosima Fast DDS is a C++ implementation of the Data
Distribution Ser ...)
+ TODO: check
+CVE-2023-39945 (eprosima Fast DDS is a C++ implementation of the Data
Distribution Ser ...)
+ TODO: check
+CVE-2023-39534 (eprosima Fast DDS is a C++ implementation of the Data
Distribution Ser ...)
+ TODO: check
+CVE-2023-32267 (A potential vulnerability has been identified in OpenText /
Micro Focu ...)
+ TODO: check
CVE-2023-4304 (Business Logic Errors in GitHub repository froxlor/froxlor
prior to 2. ...)
- froxlor <itp> (bug #581792)
CVE-2023-4108 (Mattermost fails to sanitize post metadata during audit logging
result ...)
@@ -9,6 +27,7 @@ CVE-2023-4106 (Mattermost fails to check if the requesting
user is a guest befor
CVE-2023-4105 (Mattermost fails to delete the attachments when deleting a
message in ...)
TODO: check
CVE-2023-40267 (GitPython before 3.1.32 does not block insecure non-multi
options in c ...)
+ {DLA-3502-1}
- python-git <unfixed>
NOTE: https://github.com/gitpython-developers/GitPython/pull/1609
NOTE:
https://github.com/gitpython-developers/GitPython/commit/5c59e0d63da6180db8a0b349f0ad36fef42aceed
(3.1.32)
@@ -266,14 +285,14 @@ CVE-2023-32561 (A previously generated artifact by an
administrator could be acc
NOT-FOR-US: Ivanti
CVE-2023-32560 (An attacker can send a specially crafted message to the
Wavelink Avala ...)
NOT-FOR-US: Ivanti
-CVE-2023-39418 [MERGE fails to enforce UPDATE or SELECT row security policies]
+CVE-2023-39418 (A vulnerability was found in PostgreSQL with the use of the
MERGE comm ...)
- postgresql-15 15.4-1
- postgresql-13 <not-affected> (Only affects 15.x)
- postgresql-11 <not-affected> (Only affects 15.x)
NOTE: https://www.postgresql.org/support/security/CVE-2023-39418/
NOTE:
https://www.postgresql.org/about/news/postgresql-154-149-1312-1216-1121-and-postgresql-16-beta-3-released-2689/
NOTE:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229
(REL_15_4)
-CVE-2023-39417 [Extension script @substitutions@ within quoting allow SQL
injection]
+CVE-2023-39417 (IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was
found in Po ...)
- postgresql-15 15.4-1
- postgresql-13 <removed>
- postgresql-11 <removed>
@@ -27878,8 +27897,8 @@ CVE-2023-25910 (A vulnerability has been identified in
SIMATIC PCS 7 (All versio
NOT-FOR-US: Siemens
CVE-2023-0872
RESERVED
-CVE-2023-0871
- RESERVED
+CVE-2023-0871 (XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8
and ver ...)
+ TODO: check
CVE-2023-0870 (A form can be manipulated with cross-site request forgery in
multiple ...)
NOT-FOR-US: OpenNMS
CVE-2023-0869 (Cross-site scripting in outage/list.htm in multiple versions of
OpenNM ...)
@@ -36792,12 +36811,12 @@ CVE-2023-22959 (WebChess through 0.9.0 and 1.0.0.rc2
allows SQL injection: mainm
NOT-FOR-US: WebChess
CVE-2023-22958 (The Syracom Secure Login plugin before 3.1.1.0 for Jira may
allow spoo ...)
NOT-FOR-US: Syracom Secure Login plugin
-CVE-2023-22957
- RESERVED
-CVE-2023-22956
- RESERVED
-CVE-2023-22955
- RESERVED
+CVE-2023-22957 (An issue was discovered in libac_des3.so on AudioCodes VoIP
desk phone ...)
+ TODO: check
+CVE-2023-22956 (An issue was discovered on AudioCodes VoIP desk phones through
3.4.4.1 ...)
+ TODO: check
+CVE-2023-22955 (An issue was discovered on AudioCodes VoIP desk phones through
3.4.4.1 ...)
+ TODO: check
CVE-2023-22954
RESERVED
CVE-2023-22953 (In ExpressionEngine before 7.2.6, remote code execution can be
achieve ...)
@@ -61271,7 +61290,7 @@ CVE-2022-3405 (Code execution and sensitive information
disclosure due to excess
CVE-2022-3404
REJECTED
CVE-2022-3403
- RESERVED
+ REJECTED
CVE-2022-3402 (The Log HTTP Requests plugin for WordPress is vulnerable to
Stored Cro ...)
NOT-FOR-US: Log HTTP Requests plugin for WordPress
CVE-2022-3401 (The Bricks theme for WordPress is vulnerable to remote code
execution ...)
@@ -168713,8 +168732,8 @@ CVE-2021-29380
RESERVED
CVE-2021-29379 (An issue was discovered on D-Link DIR-802 A1 devices through
1.00b05. ...)
NOT-FOR-US: D-Link
-CVE-2021-29378
- RESERVED
+CVE-2021-29378 (SQL Injection in pear-admin-think version 2.1.2, allows
attackers to e ...)
+ TODO: check
CVE-2021-29377 (Pear Admin Think through 2.1.2 has an arbitrary file upload
vulnerabil ...)
NOT-FOR-US: Pear Admin Think
CVE-2021-29376 (ircII before 20210314 allows remote attackers to cause a
denial of ser ...)
@@ -169458,8 +169477,8 @@ CVE-2021-29059 (A vulnerability was discovered in
IS-SVG version 2.1.0 to 4.2.2
NOT-FOR-US: Node is-svg
CVE-2021-29058
RESERVED
-CVE-2021-29057
- RESERVED
+CVE-2021-29057 (An issue was discovered in StaticPool in SUCHMOKUO
node-worker-threads ...)
+ TODO: check
CVE-2021-29056 (Cross Site Scripting (XSS) vulnerability exists in Pixelimity
1.0 via ...)
NOT-FOR-US: Pixelimity
CVE-2021-29055 (Cross Site Scripting (XSS) vulnerability in sourcecodester
School File ...)
@@ -170008,8 +170027,8 @@ CVE-2021-28837
RESERVED
CVE-2021-28836
RESERVED
-CVE-2021-28835
- RESERVED
+CVE-2021-28835 (Buffer Overflow vulnerability in XNView before 2.50, allows
local atta ...)
+ TODO: check
CVE-2021-28834 (Kramdown before 2.3.1 does not restrict Rouge formatters to
the Rouge: ...)
{DSA-4890-1}
- ruby-kramdown 2.3.0-5 (bug #985569)
@@ -171048,12 +171067,12 @@ CVE-2021-28431
RESERVED
CVE-2021-28430
RESERVED
-CVE-2021-28429
- RESERVED
+CVE-2021-28429 (Integer overflow vulnerability in av_timecode_make_string in
libavutil ...)
+ TODO: check
CVE-2021-28428 (File upload vulnerability in HorizontCMS before 1.0.0-beta.3
via uploa ...)
NOT-FOR-US: HorizontCMS
-CVE-2021-28427
- RESERVED
+CVE-2021-28427 (Buffer Overflow vulnerability in XNView version 2.49.3, allows
local a ...)
+ TODO: check
CVE-2021-28426
RESERVED
CVE-2021-28425
@@ -171084,8 +171103,8 @@ CVE-2021-28413
RESERVED
CVE-2021-28412
RESERVED
-CVE-2021-28411
- RESERVED
+CVE-2021-28411 (An issue was discovered in getRememberedSerializedIdentity
function in ...)
+ TODO: check
CVE-2021-28410
RESERVED
CVE-2021-28409
@@ -172131,8 +172150,8 @@ CVE-2021-28027 (An issue was discovered in the bam
crate before 0.1.3 for Rust.
NOT-FOR-US: Rust crate bam
CVE-2021-28026 (jpeg-xl v0.3.2 is affected by a heap buffer overflow in
/lib/jxl/coeff ...)
- jpeg-xl <not-affected> (Fixed before initial release)
-CVE-2021-28025
- RESERVED
+CVE-2021-28025 (Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg
versions ...)
+ TODO: check
CVE-2021-28024 (Unauthorized system access in the login form in ServiceTonic
Helpdesk ...)
NOT-FOR-US: ServiceTonic
CVE-2021-28023 (Arbitrary file upload in Service import feature in
ServiceTonic Helpde ...)
@@ -173295,10 +173314,10 @@ CVE-2021-27526 (A cross-site scripting (XSS)
vulnerability in DynPG version 4.9.
NOT-FOR-US: DynPG
CVE-2021-27525
RESERVED
-CVE-2021-27524
- RESERVED
-CVE-2021-27523
- RESERVED
+CVE-2021-27524 (Cross Site Scripting (XSS) vulnerability in margox
braft-editor versio ...)
+ TODO: check
+CVE-2021-27523 (An issue was discovered in open-falcon dashboard version
0.2.0, allows ...)
+ TODO: check
CVE-2021-27522 (Learnsite 1.2.5.0 contains a remote privilege escalation
vulnerability ...)
NOT-FOR-US: Learnsite
CVE-2021-27521
@@ -175811,10 +175830,10 @@ CVE-2021-26507
RESERVED
CVE-2021-26506
RESERVED
-CVE-2021-26505
- RESERVED
-CVE-2021-26504
- RESERVED
+CVE-2021-26505 (Prototype pollution vulnerability in MrSwitch hello.js version
1.18.6, ...)
+ TODO: check
+CVE-2021-26504 (Directory Traversal vulnerability in Foddy
node-red-contrib-huemagic v ...)
+ TODO: check
CVE-2021-26503
RESERVED
CVE-2021-26502
@@ -177511,8 +177530,8 @@ CVE-2021-3238
RESERVED
CVE-2021-3237
RESERVED
-CVE-2021-3236
- RESERVED
+CVE-2021-3236 (vim 8.2.2348 is affected by null pointer dereference, allows
local att ...)
+ TODO: check
CVE-2021-3235
RESERVED
CVE-2021-3234
@@ -177676,10 +177695,10 @@ CVE-2021-25859
RESERVED
CVE-2021-25858
RESERVED
-CVE-2021-25857
- RESERVED
-CVE-2021-25856
- RESERVED
+CVE-2021-25857 (An issue was discovered in pcmt superMicro-CMS version 3.11,
allows au ...)
+ TODO: check
+CVE-2021-25856 (An issue was discovered in pcmt superMicro-CMS version 3.11,
allows at ...)
+ TODO: check
CVE-2021-25855
RESERVED
CVE-2021-25854
@@ -177826,8 +177845,8 @@ CVE-2021-25788
RESERVED
CVE-2021-25787
RESERVED
-CVE-2021-25786
- RESERVED
+CVE-2021-25786 (An issue was discovered in QPDF version 10.0.4, allows remote
attacker ...)
+ TODO: check
CVE-2021-25785 (Taocms v2.5Beta5 was discovered to contain a cross-site
scripting (XSS ...)
NOT-FOR-US: taocms
CVE-2021-25784 (Taocms v2.5Beta5 was discovered to contain a blind SQL
injection vulne ...)
@@ -187985,12 +188004,12 @@ CVE-2020-36140 (BloofoxCMS 0.5.2.1 allows
Cross-Site Request Forgery (CSRF) via
NOT-FOR-US: BloofoxCMS
CVE-2020-36139 (BloofoxCMS 0.5.2.1 allows Reflected Cross-Site Scripting (XSS)
vulnera ...)
NOT-FOR-US: BloofoxCMS
-CVE-2020-36138
- RESERVED
+CVE-2020-36138 (An issue was discovered in decode_frame in libavcodec/tiff.c
in FFmpeg ...)
+ TODO: check
CVE-2020-36137
RESERVED
-CVE-2020-36136
- RESERVED
+CVE-2020-36136 (SQL Injection vulnerability in cskaza cszcms version 1.2.9,
allows att ...)
+ TODO: check
CVE-2020-36135 (AOM v2.0.1 was discovered to contain a NULL pointer
dereference via th ...)
- aom 3.2.0-1
[bullseye] - aom <no-dsa> (Minor issue)
@@ -188129,8 +188148,8 @@ CVE-2020-36084
RESERVED
CVE-2020-36083
RESERVED
-CVE-2020-36082
- RESERVED
+CVE-2020-36082 (File Upload vulnerability in bloofoxCMS version 0.5.2.1,
allows remote ...)
+ TODO: check
CVE-2020-36081
RESERVED
CVE-2020-36080
@@ -188229,14 +188248,14 @@ CVE-2020-36039
RESERVED
CVE-2020-36038
RESERVED
-CVE-2020-36037
- RESERVED
+CVE-2020-36037 (An issue was disocvered in wuzhicms version 4.1.0, allows
remote attac ...)
+ TODO: check
CVE-2020-36036
RESERVED
CVE-2020-36035
RESERVED
-CVE-2020-36034
- RESERVED
+CVE-2020-36034 (SQL Injection vulnerability in oretnom23 School Faculty
Scheduling Sys ...)
+ TODO: check
CVE-2020-36033 (SQL injection vulnerability in SourceCodester Water Billing
System 1.0 ...)
NOT-FOR-US: SourceCodester
CVE-2020-36032
@@ -188255,10 +188274,10 @@ CVE-2020-36026
RESERVED
CVE-2020-36025
RESERVED
-CVE-2020-36024
- RESERVED
-CVE-2020-36023
- RESERVED
+CVE-2020-36024 (An issue was discovered in freedesktop poppler version
20.12.1, allows ...)
+ TODO: check
+CVE-2020-36023 (An issue was discovered in freedesktop poppler version
20.12.1, allows ...)
+ TODO: check
CVE-2020-36022
RESERVED
CVE-2020-36021
@@ -188323,8 +188342,8 @@ CVE-2020-35992 (Fiserv Prologue through 2020-12-16
does not properly protect the
NOT-FOR-US: Fiserv Prologue
CVE-2020-35991
RESERVED
-CVE-2020-35990
- RESERVED
+CVE-2020-35990 (Buffer Overflow vulnerability in cFilenameInit parameter in
browseForD ...)
+ TODO: check
CVE-2020-35989
RESERVED
CVE-2020-35988
@@ -194400,12 +194419,12 @@ CVE-2020-35143
RESERVED
CVE-2020-35142
RESERVED
-CVE-2020-35141
- RESERVED
+CVE-2020-35141 (An issue was discovered in OFPQueueGetConfigReply in parser.py
in Fauc ...)
+ TODO: check
CVE-2020-35140
RESERVED
-CVE-2020-35139
- RESERVED
+CVE-2020-35139 (An issue was discovered in OFPBundleCtrlMsg in parser.py in
Faucet SDN ...)
+ TODO: check
CVE-2020-35138 (The MobileIron agents through 2021-03-22 for Android and iOS
contain a ...)
NOT-FOR-US: MobileIron
CVE-2020-35137 (The MobileIron agents through 2021-03-22 for Android and iOS
contain a ...)
@@ -198395,10 +198414,10 @@ CVE-2020-28851 (In x/text in Go 1.15.4, an "index
out of range" panic occurs in
NOTE: https://github.com/golang/go/issues/42535
CVE-2020-28850
RESERVED
-CVE-2020-28849
- RESERVED
-CVE-2020-28848
- RESERVED
+CVE-2020-28849 (Cross Site Scripting (XSS) vulnerability in ChurchCRM version
4.2.1, a ...)
+ TODO: check
+CVE-2020-28848 (CSV Injection vulnerability in ChurchCRM version 4.2.0, allows
remote ...)
+ TODO: check
CVE-2020-28847 (Cross Site Scripting (XSS) vulnerability in xCss Valine
v1.4.14 via th ...)
NOT-FOR-US: Valine
CVE-2020-28846 (Cross Site Request Forgery (CSRF) vulnerability exists in
SeaCMS 10.7 ...)
@@ -198413,8 +198432,8 @@ CVE-2020-28842
RESERVED
CVE-2020-28841 (MyDrivers64.sys in DriverGenius 9.61.3708.3054 allows
attackers to cau ...)
NOT-FOR-US: DriverGenius
-CVE-2020-28840
- RESERVED
+CVE-2020-28840 (Buffer Overflow vulnerability in jpgfile.c in Matthias-Wandel
jhead ve ...)
+ TODO: check
CVE-2020-28839
RESERVED
CVE-2020-28838 (Cross Site Request Forgery (CSRF) in CART option in OpenCart
Ltd. Open ...)
@@ -198661,8 +198680,8 @@ CVE-2020-28719
RESERVED
CVE-2020-28718
RESERVED
-CVE-2020-28717
- RESERVED
+CVE-2020-28717 (Cross Site Scripting (XSS) vulnerability in content1 parameter
in demo ...)
+ TODO: check
CVE-2020-28716
RESERVED
CVE-2020-28715
@@ -205258,8 +205277,8 @@ CVE-2020-27545 (libdwarf before 20201017 has a
one-byte out-of-bounds read becau
[stretch] - dwarfutils <ignored> (Minor issue)
NOTE: https://www.prevanders.net/dwarfbug.html#DW202010-001
NOTE:
https://github.com/davea42/libdwarf-code/commit/95f634808c01f1c61bbec56ed2395af997f397ea
-CVE-2020-27544
- RESERVED
+CVE-2020-27544 (An issue was discovered in FoldingAtHome Client Advanced
Control GUI b ...)
+ TODO: check
CVE-2020-27543 (The restify-paginate package 0.0.5 for Node.js allows remote
attackers ...)
NOT-FOR-US: Node restify-paginate
CVE-2020-27542 (Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command
injection. ...)
@@ -205318,8 +205337,8 @@ CVE-2020-27516
RESERVED
CVE-2020-27515 (A Cross Site Scripting (XSS) vulnerability in Savsoft Quiz
v5.0 allows ...)
NOT-FOR-US: Savsoft Quiz
-CVE-2020-27514
- RESERVED
+CVE-2020-27514 (Directory Traversal vulnerability in delete function in
admin.api.Temp ...)
+ TODO: check
CVE-2020-27513
RESERVED
CVE-2020-27512
@@ -205459,8 +205478,8 @@ CVE-2020-27451
RESERVED
CVE-2020-27450
RESERVED
-CVE-2020-27449
- RESERVED
+CVE-2020-27449 (Cross Site Scripting (XSS) vulnerability in Query Report
feature in Zo ...)
+ TODO: check
CVE-2020-27448
RESERVED
CVE-2020-27447
@@ -209046,8 +209065,8 @@ CVE-2020-25917 (Stratodesk NoTouch Center before
4.4.68 is affected by: Incorrec
NOT-FOR-US: Stratodesk NoTouch Center
CVE-2020-25916
RESERVED
-CVE-2020-25915
- RESERVED
+CVE-2020-25915 (Cross Site Scripting (XSS) vulnerability in UserController.php
in Thin ...)
+ TODO: check
CVE-2020-25914
RESERVED
CVE-2020-25913
@@ -211586,8 +211605,8 @@ CVE-2020-24952
RESERVED
CVE-2020-24951
RESERVED
-CVE-2020-24950
- RESERVED
+CVE-2020-24950 (SQL Injection vulnerability in file Base_module_model.php in
Daylight ...)
+ TODO: check
CVE-2020-24949 (Privilege escalation in PHP-Fusion 9.03.50
downloads/downloads.php all ...)
NOT-FOR-US: PHP-Fusion
CVE-2020-24948 (The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin
2.7.6 doe ...)
@@ -211644,8 +211663,8 @@ CVE-2020-24924 (A Persistent Cross-site Scripting
vulnerability is found in Elka
- elkarbackup <itp> (bug #865046)
CVE-2020-24923
RESERVED
-CVE-2020-24922
- RESERVED
+CVE-2020-24922 (Cross Site Request Forgery (CSRF) vulnerability in
xxl-job-admin/user/ ...)
+ TODO: check
CVE-2020-24921
RESERVED
CVE-2020-24920
@@ -211683,8 +211702,8 @@ CVE-2020-24906
RESERVED
CVE-2020-24905
RESERVED
-CVE-2020-24904
- RESERVED
+CVE-2020-24904 (An issue was discovered in attach parameter in GNOME Gmail
version 2.5 ...)
+ TODO: check
CVE-2020-24903 (Cute Editor for ASP.NET 6.4 is vulnerable to reflected
cross-site scri ...)
NOT-FOR-US: Cute Editor for ASP.NET
CVE-2020-24902 (Quixplorer <=2.4.1 is vulnerable to reflected cross-site
scripting (XS ...)
@@ -211753,8 +211772,8 @@ CVE-2020-24874
RESERVED
CVE-2020-24873
RESERVED
-CVE-2020-24872
- RESERVED
+CVE-2020-24872 (Cross Site Scripting (XSS) vulnerability in
backend/pages/modify.php i ...)
+ TODO: check
CVE-2020-24871
RESERVED
CVE-2020-24870 (Libraw before 0.20.1 has a stack buffer overflow via
LibRaw::identify_ ...)
@@ -211948,8 +211967,8 @@ CVE-2020-24806
RESERVED
CVE-2020-24805
RESERVED
-CVE-2020-24804
- RESERVED
+CVE-2020-24804 (Plaintext Password vulnerability in AddAdmin.py in cms-dev/cms
v1.4.rc ...)
+ TODO: check
CVE-2020-24803
RESERVED
CVE-2020-24802
@@ -213335,10 +213354,10 @@ CVE-2020-24224
RESERVED
CVE-2020-24223 (Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php
via the ...)
NOT-FOR-US: Mara CMS
-CVE-2020-24222
- RESERVED
-CVE-2020-24221
- RESERVED
+CVE-2020-24222 (Buffer Overflow vulnerability in jfif_decode() function in
rockcarry f ...)
+ TODO: check
+CVE-2020-24221 (An issue was discovered in GetByte function in miniupnp
ngiflib versio ...)
+ TODO: check
CVE-2020-24220 (ShopXO v1.8.1 has a command execution vulnerability. Attackers
can use ...)
NOT-FOR-US: ShopXO
CVE-2020-24219 (An issue was discovered on URayTech IPTV/H.264/H.265 video
encoders th ...)
@@ -213405,8 +213424,8 @@ CVE-2020-24189
RESERVED
CVE-2020-24188 (Cross-site scripting (XSS) vulnerability in the search
functionality i ...)
NOT-FOR-US: United Planet Intrexx Professional
-CVE-2020-24187
- RESERVED
+CVE-2020-24187 (An issue was discovered in ecma-helpers.c in jerryscript
version 2.3.0 ...)
+ TODO: check
CVE-2020-24186 (A Remote Code Execution vulnerability exists in the gVectors
wpDiscuz ...)
NOT-FOR-US: gVectors wpDiscuz plugin for WordPress
CVE-2020-24185
@@ -213631,8 +213650,8 @@ CVE-2020-24077
RESERVED
CVE-2020-24076
RESERVED
-CVE-2020-24075
- RESERVED
+CVE-2020-24075 (Cross Site Scripting (XSS) vulnerability in Name Input Field
in Contac ...)
+ TODO: check
CVE-2020-24074 (The decode program in silk-v3-decoder Version:20160922 Build
By kn007 ...)
NOT-FOR-US: silk-v3-decoder
CVE-2020-24073
@@ -214658,8 +214677,8 @@ CVE-2020-23597
RESERVED
CVE-2020-23596
RESERVED
-CVE-2020-23595
- RESERVED
+CVE-2020-23595 (Cross Site Request Forgery (CSRF) vulnerability in yzmcms
version 5.6, ...)
+ TODO: check
CVE-2020-23594
RESERVED
CVE-2020-23593 (A vulnerability in OPTILINK OP-XT71000N Hardware Version:
V2.2, Firmwa ...)
@@ -221294,8 +221313,8 @@ CVE-2020-20525
RESERVED
CVE-2020-20524
RESERVED
-CVE-2020-20523
- RESERVED
+CVE-2020-20523 (Cross Site Scripting (XSS) vulnerability in adm_user parameter
in Gila ...)
+ TODO: check
CVE-2020-20522 (Cross Site Scripting vulnerability found in KiteCMS v.1.1
allows a rem ...)
NOT-FOR-US: KiteCMS
CVE-2020-20521 (Cross Site Scripting vulnerability found in KiteCMS v.1.1
allows a rem ...)
@@ -222469,8 +222488,8 @@ CVE-2020-19954 (An XML External Entity (XXE)
vulnerability was discovered in /ap
NOT-FOR-US: S-CMS
CVE-2020-19953
RESERVED
-CVE-2020-19952
- RESERVED
+CVE-2020-19952 (Cross Site Scripting (XSS) vulnerability in Rendering Engine
in jbt Ma ...)
+ TODO: check
CVE-2020-19951 (A cross-site request forgery (CSRF) in
/controller/pay.class.php of Yz ...)
NOT-FOR-US: YzmCMS
CVE-2020-19950 (A cross-site scripting (XSS) vulnerability in the
/banner/add.html com ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a9d1827493aedb5f01216973df50864ad7d51aa
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a9d1827493aedb5f01216973df50864ad7d51aa
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
