Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: e980287e by security tracker role at 2022-06-21T20:10:28+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,57 @@ +CVE-2022-34169 + RESERVED +CVE-2022-34168 + RESERVED +CVE-2022-34151 + RESERVED +CVE-2022-33971 + RESERVED +CVE-2022-33208 + RESERVED +CVE-2022-2165 + RESERVED +CVE-2022-2164 + RESERVED +CVE-2022-2163 + RESERVED +CVE-2022-2162 + RESERVED +CVE-2022-2161 + RESERVED +CVE-2022-2160 + RESERVED +CVE-2022-2159 + RESERVED +CVE-2022-2158 + RESERVED +CVE-2022-2157 + RESERVED +CVE-2022-2156 + RESERVED +CVE-2022-2155 + RESERVED +CVE-2022-2154 + RESERVED +CVE-2022-2153 + RESERVED +CVE-2022-2152 + RESERVED +CVE-2022-2151 + RESERVED +CVE-2022-2150 + RESERVED +CVE-2022-2149 + RESERVED +CVE-2022-2148 + RESERVED +CVE-2022-2147 + RESERVED +CVE-2022-2146 + RESERVED +CVE-2022-2145 + RESERVED +CVE-2022-2144 + RESERVED CVE-2022-34167 RESERVED CVE-2022-34166 @@ -327,8 +381,8 @@ CVE-2022-34010 RESERVED CVE-2022-34009 RESERVED -CVE-2022-34008 - RESERVED +CVE-2022-34008 (Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privile ...) + TODO: check CVE-2022-34007 RESERVED CVE-2022-34006 (An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2 ...) @@ -356,8 +410,8 @@ CVE-2022-33997 RESERVED CVE-2022-33996 RESERVED -CVE-2022-33995 - RESERVED +CVE-2022-33995 (A path traversal issue in entry attachments in Devolutions Remote Desk ...) + TODO: check CVE-2022-33994 RESERVED CVE-2017-20091 @@ -2372,8 +2426,8 @@ CVE-2022-33147 RESERVED CVE-2022-33140 (The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 an ...) NOT-FOR-US: Apache NiFi -CVE-2022-33139 - RESERVED +CVE-2022-33139 (A vulnerability has been identified in SIMATIC WinCC OA V3.16 (All ver ...) + TODO: check CVE-2022-33138 RESERVED CVE-2022-33137 @@ -2412,8 +2466,8 @@ CVE-2022-33121 RESERVED CVE-2022-33120 RESERVED -CVE-2022-33119 - RESERVED +CVE-2022-33119 (NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contai ...) + TODO: check CVE-2022-33118 RESERVED CVE-2022-33117 @@ -2538,10 +2592,10 @@ CVE-2022-33058 RESERVED CVE-2022-33057 RESERVED -CVE-2022-33056 - RESERVED -CVE-2022-33055 - RESERVED +CVE-2022-33056 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...) + TODO: check +CVE-2022-33055 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...) + TODO: check CVE-2022-33054 RESERVED CVE-2022-33053 @@ -2552,10 +2606,10 @@ CVE-2022-33051 RESERVED CVE-2022-33050 RESERVED -CVE-2022-33049 - RESERVED -CVE-2022-33048 - RESERVED +CVE-2022-33049 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...) + TODO: check +CVE-2022-33048 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...) + TODO: check CVE-2022-33047 RESERVED CVE-2022-33046 @@ -2708,8 +2762,7 @@ CVE-2022-2070 RESERVED CVE-2022-2069 RESERVED -CVE-2022-2068 [The c_rehash script allows command injection] - RESERVED +CVE-2022-2068 (In addition to the c_rehash shell command injection identified in CVE- ...) - openssl <unfixed> NOTE: https://github.com/openssl/openssl/commit/2c9c35870601b4a44d86ddbf512b38df38285cfa (openssl-3.0.4) NOTE: https://github.com/openssl/openssl/commit/9639817dac8bbbaa64d09efad7464ccc405527c7 (OpenSSL_1_1_1p) @@ -2799,10 +2852,10 @@ CVE-2022-32976 RESERVED CVE-2022-32975 RESERVED -CVE-2022-32974 - RESERVED -CVE-2022-32973 - RESERVED +CVE-2022-32974 (An authenticated attacker could read arbitrary files from the underlyi ...) + TODO: check +CVE-2022-32973 (An authenticated attacker could create an audit file that bypasses Pow ...) + TODO: check CVE-2022-32972 RESERVED CVE-2022-32969 @@ -4127,8 +4180,8 @@ CVE-2022-32416 RESERVED CVE-2022-32415 RESERVED -CVE-2022-32414 - RESERVED +CVE-2022-32414 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation in ...) + TODO: check CVE-2022-32413 RESERVED CVE-2022-32412 @@ -4547,7 +4600,7 @@ CVE-2022-32274 RESERVED CVE-2022-32273 (As a result of an observable discrepancy in returned messages, OPSWAT ...) NOT-FOR-US: OPSWAT MetaDefender Core -CVE-2022-32272 (OPSWAT MetaDefender Core (MDCore) before 5.1.2 has incorrect access co ...) +CVE-2022-32272 (OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1 ...) NOT-FOR-US: OPSWAT MetaDefender Core CVE-2022-32271 (In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code ...) NOT-FOR-US: Real Player @@ -5641,10 +5694,10 @@ CVE-2022-31803 RESERVED CVE-2022-31802 RESERVED -CVE-2022-31801 - RESERVED -CVE-2022-31800 - RESERVED +CVE-2022-31801 (An unauthenticated, remote attacker could upload malicious logic to th ...) + TODO: check +CVE-2022-31800 (An unauthenticated, remote attacker could upload malicious logic to de ...) + TODO: check CVE-2022-1945 (The Coming Soon & Maintenance Mode by Colorlib WordPress plugin be ...) NOT-FOR-US: WordPress plugin CVE-2022-1944 (When the feature is configured, improper authorization in the Interact ...) @@ -5766,8 +5819,8 @@ CVE-2022-31788 (IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/Class NOT-FOR-US: IdeaLMS CVE-2022-31787 RESERVED -CVE-2022-31786 - RESERVED +CVE-2022-31786 (IdeaLMS 2022 allows reflected Cross Site Scripting (XSS) via the IdeaL ...) + TODO: check CVE-2022-31785 RESERVED CVE-2022-31784 (A vulnerability in the management interface of MiVoice Business throug ...) @@ -6846,8 +6899,8 @@ CVE-2022-31480 (An unauthenticated attacker could arbitrarily upload firmware fi NOT-FOR-US: HID Mercury Intelligent Controllers CVE-2022-31479 (An unauthenticated attacker can update the hostname with a specially c ...) NOT-FOR-US: HID Mercury Intelligent Controllers -CVE-2022-31478 - RESERVED +CVE-2022-31478 (The UserTakeOver plugin before 4.0.1 for ILIAS allows an attacker to l ...) + TODO: check CVE-2022-1841 RESERVED CVE-2022-1840 (A vulnerability, which was classified as problematic, has been found i ...) @@ -7050,10 +7103,10 @@ CVE-2022-31376 RESERVED CVE-2022-31375 RESERVED -CVE-2022-31374 - RESERVED -CVE-2022-31373 - RESERVED +CVE-2022-31374 (An arbitrary file upload vulnerability /images/background/1.php in of ...) + TODO: check +CVE-2022-31373 (SolarView Compact v6.0 was discovered to contain a cross-site scriptin ...) + TODO: check CVE-2022-31372 (Wiris Mathtype v7.28.0 was discovered to contain a path traversal vuln ...) NOT-FOR-US: Wiris Mathtype CVE-2022-31371 @@ -7184,18 +7237,18 @@ CVE-2022-31309 (A vulnerability in live_check.shtml of WAVLINK AERIAL X 1200M M7 NOT-FOR-US: WAVLINK CVE-2022-31308 (A vulnerability in live_mfg.shtml of WAVLINK AERIAL X 1200M M79X3.V503 ...) NOT-FOR-US: WAVLINK -CVE-2022-31307 - RESERVED -CVE-2022-31306 - RESERVED +CVE-2022-31307 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation in ...) + TODO: check +CVE-2022-31306 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation in ...) + TODO: check CVE-2022-31305 RESERVED CVE-2022-31304 RESERVED -CVE-2022-31303 - RESERVED -CVE-2022-31302 - RESERVED +CVE-2022-31303 (maccms10 was discovered to contain a stored cross-site scripting (XSS) ...) + TODO: check +CVE-2022-31302 (maccms8 was discovered to contain a stored cross-site scripting (XSS) ...) + TODO: check CVE-2022-31301 (Haraj v3.7 was discovered to contain a stored cross-site scripting (XS ...) NOT-FOR-US: Haraj CVE-2022-31300 (A cross-site scripting vulnerability in the DM Section component of Ha ...) @@ -7281,8 +7334,7 @@ CVE-2022-1834 {DSA-5158-1 DLA-3041-1} - thunderbird 1:91.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-1834 -CVE-2022-1833 - RESERVED +CVE-2022-1833 (A flaw was found in AMQ Broker Operator 7.9.4 installed via UI using O ...) NOT-FOR-US: Red Hat AMQ Broker CVE-2022-1832 (The CaPa Protect WordPress plugin through 0.5.8.2 does not have CSRF c ...) NOT-FOR-US: WordPress plugin @@ -8536,8 +8588,8 @@ CVE-2022-30876 RESERVED CVE-2022-30875 (Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Er ...) - dolibarr <removed> -CVE-2022-30874 - RESERVED +CVE-2022-30874 (There is a Cross Site Scripting Stored (XSS) vulnerability in NukeViet ...) + TODO: check CVE-2022-30873 RESERVED CVE-2022-30872 @@ -8709,14 +8761,14 @@ CVE-2022-30790 (Das U-Boot 2022.01 has a Buffer Overflow, a different issue than NOTE: https://research.nccgroup.com/2022/06/03/technical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-30552/ NOTE: Fixed by: https://source.denx.de/u-boot/u-boot/-/commit/b85d130ea0cac152c21ec38ac9417b31d41b5552 (v2022.07-rc4~4) CVE-2022-30789 (A crafted NTFS image can cause a heap-based buffer overflow in ntfs_ch ...) - {DSA-5160-1} + {DSA-5160-1 DLA-3055-1} - ntfs-3g 1:2022.5.17-1 (bug #1011770) NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x NOTE: Patches: https://github.com/tuxera/ntfs-3g/compare/2021.8.22...2022.5.17 NOTE: https://github.com/tuxera/ntfs-3g/commit/6efc1305c1951c1d72181f449f2fab68fa25fae8 (2022.5.17) CVE-2022-30788 (A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mf ...) - {DSA-5160-1} + {DSA-5160-1 DLA-3055-1} - ntfs-3g 1:2022.5.17-1 (bug #1011770) NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x @@ -8724,7 +8776,7 @@ CVE-2022-30788 (A crafted NTFS image can cause a heap-based buffer overflow in n NOTE: https://github.com/tuxera/ntfs-3g/commit/a8818cf779d3a32f2f52337c6f258c16719625a3 (2022.5.17) NOTE: https://github.com/tuxera/ntfs-3g/commit/bce5734a757fd59d70a52f4d4fe9abe260629b3a (2022.5.17) CVE-2022-30787 (An integer underflow in fuse_lib_readdir enables arbitrary memory read ...) - {DSA-5160-1} + {DSA-5160-1 DLA-3055-1} - ntfs-3g 1:2022.5.17-1 (bug #1011770) NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/2 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58 @@ -8734,7 +8786,7 @@ CVE-2022-30787 (An integer underflow in fuse_lib_readdir enables arbitrary memor NOTE: https://unparalleled.eu/publications/2022/advisory-unpar-2022-0.txt NOTE: https://unparalleled.eu/blog/2022/20220607-help-to-heap-suid-privilege-escalation/ CVE-2022-30786 (A crafted NTFS image can cause a heap-based buffer overflow in ntfs_na ...) - {DSA-5160-1} + {DSA-5160-1 DLA-3055-1} - ntfs-3g 1:2022.5.17-1 (bug #1011770) NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x @@ -8742,7 +8794,7 @@ CVE-2022-30786 (A crafted NTFS image can cause a heap-based buffer overflow in n NOTE: https://github.com/tuxera/ntfs-3g/commit/838b6e35b43062353998853eab50cd0675201ed7 (2022.5.17) NOTE: https://github.com/tuxera/ntfs-3g/commit/5ce8941bf47291cd6ffe7cdb1797253f1cc3a86f (2022.5.17) CVE-2022-30785 (A file handle created in fuse_lib_opendir, and later used in fuse_lib_ ...) - {DSA-5160-1} + {DSA-5160-1 DLA-3055-1} - ntfs-3g 1:2022.5.17-1 (bug #1011770) NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/2 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58 @@ -8752,14 +8804,14 @@ CVE-2022-30785 (A file handle created in fuse_lib_opendir, and later used in fus NOTE: https://unparalleled.eu/publications/2022/advisory-unpar-2022-0.txt NOTE: https://unparalleled.eu/blog/2022/20220607-help-to-heap-suid-privilege-escalation/ CVE-2022-30784 (A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_v ...) - {DSA-5160-1} + {DSA-5160-1 DLA-3055-1} - ntfs-3g 1:2022.5.17-1 (bug #1011770) NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x NOTE: Patches: https://github.com/tuxera/ntfs-3g/compare/2021.8.22...2022.5.17 NOTE: https://github.com/tuxera/ntfs-3g/commit/60717a846deaaea47e50ce58872869f7bd1103b5 (2022.5.17) CVE-2022-30783 (An invalid return code in fuse_kern_mount enables intercepting of libf ...) - {DSA-5160-1} + {DSA-5160-1 DLA-3055-1} - ntfs-3g 1:2022.5.17-1 (bug #1011770) NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/2 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58 @@ -9396,8 +9448,8 @@ CVE-2022-1667 RESERVED CVE-2022-1666 RESERVED -CVE-2022-1665 - RESERVED +CVE-2022-1665 (A set of pre-production kernel packages of Red Hat Enterprise Linux fo ...) + TODO: check CVE-2022-1664 (Dpkg::Source::Archive in dpkg, the Debian package management system, b ...) {DSA-5147-1 DLA-3022-1} - dpkg 1.21.8 @@ -10135,8 +10187,8 @@ CVE-2022-1598 (The WPQA Builder WordPress plugin before 5.4 which is a companion NOT-FOR-US: WordPress plugin CVE-2022-1597 (The WPQA Builder WordPress plugin before 5.4, used as a companion for ...) NOT-FOR-US: WordPress plugin -CVE-2022-1596 - RESERVED +CVE-2022-1596 (Incorrect Permission Assignment for Critical Resource vulnerability in ...) + TODO: check CVE-2022-1595 (The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secr ...) NOT-FOR-US: WordPress plugin CVE-2022-1594 (The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have ...) @@ -11795,10 +11847,10 @@ CVE-2022-29777 (Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 an NOT-FOR-US: Onlyoffice Document Server CVE-2022-29776 (Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and belo ...) NOT-FOR-US: Onlyoffice Document Server -CVE-2022-29775 - RESERVED -CVE-2022-29774 - RESERVED +CVE-2022-29775 (iSpyConnect iSpy v7.2.2.0 allows attackers to bypass authentication vi ...) + TODO: check +CVE-2022-29774 (iSpyConnect iSpy v7.2.2.0 is vulnerable to path traversal. ...) + TODO: check CVE-2022-29773 (An access control issue in aleksis/core/util/auth_helpers.py: ClientPr ...) NOT-FOR-US: AlekSIS CVE-2022-29772 @@ -17273,18 +17325,18 @@ CVE-2022-27881 (engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has NOT-FOR-US: slaacd from OpenBSD CVE-2022-27873 RESERVED -CVE-2022-27872 - RESERVED -CVE-2022-27871 - RESERVED -CVE-2022-27870 - RESERVED -CVE-2022-27869 - RESERVED -CVE-2022-27868 - RESERVED -CVE-2022-27867 - RESERVED +CVE-2022-27872 (A maliciously crafted PDF file may be used to dereference a pointer fo ...) + TODO: check +CVE-2022-27871 (Autodesk AutoCAD product suite, Revit, Design Review and Navisworks re ...) + TODO: check +CVE-2022-27870 (A maliciously crafted TGA file in Autodesk AutoCAD 2023 may be used to ...) + TODO: check +CVE-2022-27869 (A maliciously crafted TIFF file in Autodesk AutoCAD 2023 can be forced ...) + TODO: check +CVE-2022-27868 (A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be used to ...) + TODO: check +CVE-2022-27867 (A maliciously crafted JT file in Autodesk AutoCAD 2022, 2021, 2020, 20 ...) + TODO: check CVE-2022-27866 RESERVED CVE-2022-27865 @@ -22270,8 +22322,8 @@ CVE-2022-26149 (MODX Revolution through 2.8.3-pl allows remote authenticated adm NOT-FOR-US: MODX Revolution CVE-2022-26148 (An issue was discovered in Grafana through 7.3.4, when integrated with ...) - grafana <removed> -CVE-2022-26147 - RESERVED +CVE-2022-26147 (The Quectel RG502Q-EA modem before 2022-02-23 allow OS Command Injecti ...) + TODO: check CVE-2022-26146 (Tricentis qTest before 10.4 allows stored XSS by an authenticated atta ...) NOT-FOR-US: Tricentis qTest CVE-2022-26145 @@ -23684,8 +23736,8 @@ CVE-2022-25587 RESERVED CVE-2022-25586 RESERVED -CVE-2022-25585 - RESERVED +CVE-2022-25585 (Unioncms v1.0.13 was discovered to contain a stored cross-site scripti ...) + TODO: check CVE-2022-25584 (Seyeon Tech Co., Ltd FlexWATCH FW3170-PS-E Network Video System 4.23-3 ...) NOT-FOR-US: FlexWATCH FW3170-PS-E CVE-2022-25583 @@ -31089,8 +31141,8 @@ CVE-2022-23344 RESERVED CVE-2022-23343 RESERVED -CVE-2022-23342 - RESERVED +CVE-2022-23342 (The Hyland Onbase Application Server releases prior to 20.3.58.1000 an ...) + TODO: check CVE-2022-23341 RESERVED CVE-2022-23340 (Joplin 2.6.10 allows remote attackers to execute system commands throu ...) @@ -32020,8 +32072,8 @@ CVE-2022-23173 RESERVED CVE-2022-23172 RESERVED -CVE-2022-23171 - RESERVED +CVE-2022-23171 (AtlasVPN - Privilege Escalation Lack of proper security controls on na ...) + TODO: check CVE-2022-23170 RESERVED CVE-2022-23169 (attacker needs to craft a SQL payload. the vulnerable parameter is "ag ...) @@ -32341,12 +32393,12 @@ CVE-2022-23076 RESERVED CVE-2022-23075 RESERVED -CVE-2022-23074 - RESERVED -CVE-2022-23073 - RESERVED -CVE-2022-23072 - RESERVED +CVE-2022-23074 (In Recipes, versions 0.17.0 through 1.2.5 are vulnerable to Stored Cro ...) + TODO: check +CVE-2022-23073 (In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cros ...) + TODO: check +CVE-2022-23072 (In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cros ...) + TODO: check CVE-2022-23071 (In Recipes, versions 0.9.1 through 1.2.5 are vulnerable to Server Side ...) NOT-FOR-US: Recipes CVE-2022-23070 @@ -32579,8 +32631,8 @@ CVE-2022-22981 RESERVED CVE-2022-22980 RESERVED -CVE-2022-22979 - RESERVED +CVE-2022-22979 (In Spring Cloud Function versions prior to 3.2.6, it is possible for a ...) + TODO: check CVE-2022-22978 (In Spring Security versions 5.5.6 and 5.6.3 and older unsupported vers ...) - libspring-security-2.0-java <removed> CVE-2022-22977 (VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML Ex ...) @@ -51362,8 +51414,8 @@ CVE-2021-41926 RESERVED CVE-2021-41925 RESERVED -CVE-2021-41924 - RESERVED +CVE-2021-41924 (Webkul krayin crm before 1.2.2 is vulnerable to Cross Site Scripting ( ...) + TODO: check CVE-2021-41923 RESERVED CVE-2021-41922 @@ -54980,10 +55032,10 @@ CVE-2021-40513 RESERVED CVE-2021-40512 RESERVED -CVE-2021-40511 - RESERVED -CVE-2021-40510 - RESERVED +CVE-2021-40511 (OBDA systems’ Mastro 1.0 is vulnerable to XML Entity Expansion ( ...) + TODO: check +CVE-2021-40510 (XML eXternal Entity (XXE) in OBDA systems’ Mastro 1.0 allows rem ...) + TODO: check CVE-2021-40509 (ViewCommon.java in JForum2 2.7.0 allows XSS via a user signature. ...) NOT-FOR-US: JForum2 CVE-2021-3768 (bookstack is vulnerable to Improper Neutralization of Input During Web ...) @@ -58733,8 +58785,8 @@ CVE-2021-39008 RESERVED CVE-2021-39007 RESERVED -CVE-2021-39006 - RESERVED +CVE-2021-39006 (IBM QRadar WinCollect Agent 10.0 and 10.0.1 could allow an attacker to ...) + TODO: check CVE-2021-39005 RESERVED CVE-2021-39004 @@ -64426,8 +64478,8 @@ CVE-2021-36763 (In CODESYS V3 web server before 3.5.17.10, files or directories NOT-FOR-US: CODESYS V3 web server CVE-2021-36762 (An issue was discovered in HCC Embedded InterNiche NicheStack through ...) NOT-FOR-US: HCC Embedded InterNiche NicheStack -CVE-2021-36761 - RESERVED +CVE-2021-36761 (The GeoAnalytics feature in Qlik Sense April 2020 patch 4 allows SSRF. ...) + TODO: check CVE-2021-36760 (In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server ...) NOT-FOR-US: WSO2 CVE-2021-36759 @@ -220736,7 +220788,7 @@ CVE-2019-9203 (Authorization bypass in Nagios IM (component of Nagios XI) before NOT-FOR-US: Nagios XI CVE-2019-9202 (Nagios IM (component of Nagios XI) before 2.2.7 allows authenticated u ...) NOT-FOR-US: Nagios XI -CVE-2019-9201 (Phoenix Contact ILC 131 ETH, ILC 131 ETH/XC, ILC 151 ETH, ILC 151 ETH/ ...) +CVE-2019-9201 (Multiple Phoenix Contact devices allow remote attackers to establish T ...) NOT-FOR-US: Phoenix Contact ILC CVE-2019-9200 (A heap-based buffer underwrite exists in ImageStream::getLine() locate ...) {DLA-2287-1 DLA-1706-1} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e980287e1f285be82fdd810add480e8152aadf5d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e980287e1f285be82fdd810add480e8152aadf5d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits