Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
12729387 by security tracker role at 2022-06-24T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,59 @@
+CVE-2022-34485
+ RESERVED
+CVE-2022-34484
+ RESERVED
+CVE-2022-34483
+ RESERVED
+CVE-2022-34482
+ RESERVED
+CVE-2022-34481
+ RESERVED
+CVE-2022-34480
+ RESERVED
+CVE-2022-34479
+ RESERVED
+CVE-2022-34478
+ RESERVED
+CVE-2022-34477
+ RESERVED
+CVE-2022-34476
+ RESERVED
+CVE-2022-34475
+ RESERVED
+CVE-2022-34474
+ RESERVED
+CVE-2022-34473
+ RESERVED
+CVE-2022-34472
+ RESERVED
+CVE-2022-34471
+ RESERVED
+CVE-2022-34470
+ RESERVED
+CVE-2022-34469
+ RESERVED
+CVE-2022-34468
+ RESERVED
+CVE-2022-34467
+ RESERVED
+CVE-2022-34466
+ RESERVED
+CVE-2022-34465
+ RESERVED
+CVE-2022-34464
+ RESERVED
+CVE-2022-2198
+ RESERVED
+CVE-2022-2197
+ RESERVED
+CVE-2022-2196
+ RESERVED
+CVE-2022-2195
+ RESERVED
+CVE-2022-2194
+ RESERVED
+CVE-2019-25071
+ RESERVED
CVE-2022-34463
RESERVED
CVE-2022-34462
@@ -246,18 +302,18 @@ CVE-2022-2187
RESERVED
CVE-2022-2186
RESERVED
-CVE-2017-20097
- RESERVED
-CVE-2017-20096
- RESERVED
-CVE-2017-20095
- RESERVED
-CVE-2017-20094
- RESERVED
-CVE-2017-20093
- RESERVED
-CVE-2017-20092
- RESERVED
+CVE-2017-20097 (A vulnerability was found in WP-Filebase Download Manager
Plugin 3.4.4 ...)
+ TODO: check
+CVE-2017-20096 (A vulnerability classified as problematic has been found in
WP-SpamFre ...)
+ TODO: check
+CVE-2017-20095 (A vulnerability classified as critical was found in Simple Ads
Manager ...)
+ TODO: check
+CVE-2017-20094 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2017-20093 (A vulnerability, which was classified as problematic, was
found in Dow ...)
+ TODO: check
+CVE-2017-20092 (A vulnerability classified as problematic was found in Google
Analytic ...)
+ TODO: check
CVE-2022-34343
RESERVED
CVE-2022-34342
@@ -1299,8 +1355,8 @@ CVE-2022-33955
RESERVED
CVE-2022-33954
RESERVED
-CVE-2022-33953
- RESERVED
+CVE-2022-33953 (IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a
user wi ...)
+ TODO: check
CVE-2022-33952
RESERVED
CVE-2022-33951
@@ -1371,12 +1427,12 @@ CVE-2022-2123
RESERVED
CVE-2022-2122
RESERVED
-CVE-2022-2121
- RESERVED
-CVE-2022-2120
- RESERVED
-CVE-2022-2119
- RESERVED
+CVE-2022-2121 (OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer
derefer ...)
+ TODO: check
+CVE-2022-2120 (OFFIS DCMTK's (All versions prior to 3.6.7) service class user
(SCU) i ...)
+ TODO: check
+CVE-2022-2119 (OFFIS DCMTK's (All versions prior to 3.6.7) service class
provider (SC ...)
+ TODO: check
CVE-2022-2118
RESERVED
CVE-2014-125025 (A vulnerability classified as problematic has been found in
FFmpeg 2.0 ...)
@@ -1523,8 +1579,8 @@ CVE-2022-33912 (A permission issue affects users that
deployed the shipped versi
NOT-FOR-US: Check MK as packaged by upstream
CVE-2022-33911
RESERVED
-CVE-2022-33910
- RESERVED
+CVE-2022-33910 (An XSS vulnerability in MantisBT before 2.25.5 allows remote
attackers ...)
+ TODO: check
CVE-2022-33909
RESERVED
CVE-2022-33908
@@ -1599,14 +1655,14 @@ CVE-2022-2107
RESERVED
CVE-2022-2106
RESERVED
-CVE-2022-2105
- RESERVED
-CVE-2022-2104
- RESERVED
-CVE-2022-2103
- RESERVED
-CVE-2022-2102
- RESERVED
+CVE-2022-2105 (Client-side JavaScript controls may be bypassed to change user
credent ...)
+ TODO: check
+CVE-2022-2104 (The www-data (Apache web server) account is configured to run
sudo wit ...)
+ TODO: check
+CVE-2022-2103 (An attacker with weak credentials could access the TCP port via
an ope ...)
+ TODO: check
+CVE-2022-2102 (Controls limiting uploads to certain file extensions may be
bypassed. ...)
+ TODO: check
CVE-2022-2101
RESERVED
CVE-2022-33880
@@ -3454,8 +3510,8 @@ CVE-2022-32992 (Online Tours And Travels Management
System v1.0 was discovered t
NOT-FOR-US: Online Tours And Travels Management System
CVE-2022-32991 (Web Based Quiz System v1.0 was discovered to contain a SQL
injection v ...)
NOT-FOR-US: Web Based Quiz System
-CVE-2022-32990
- RESERVED
+CVE-2022-32990 (An issue in gimp_layer_invalidate_boundary of GNOME GIMP
2.10.30 allow ...)
+ TODO: check
CVE-2022-32989
RESERVED
CVE-2022-32988
@@ -4600,8 +4656,8 @@ CVE-2022-2015 (Cross-site Scripting (XSS) - Stored in
GitHub repository jgraph/d
NOT-FOR-US: jgraph/drawio
CVE-2022-2014 (Code Injection in GitHub repository jgraph/drawio prior to
19.0.2. ...)
NOT-FOR-US: jgraph/drawio
-CVE-2022-32530
- RESERVED
+CVE-2022-32530 (A CWE-668 Exposure of Resource to Wrong Sphere vulnerability
exists th ...)
+ TODO: check
CVE-2022-32529
RESERVED
CVE-2022-32528
@@ -5489,8 +5545,8 @@ CVE-2022-32211
RESERVED
CVE-2022-32210
RESERVED
-CVE-2022-32209
- RESERVED
+CVE-2022-32209 (# Possible XSS Vulnerability in Rails::Html::SanitizerThere is
a possi ...)
+ TODO: check
CVE-2022-32208
RESERVED
CVE-2022-32207
@@ -5558,8 +5614,8 @@ CVE-2022-1967
RESERVED
CVE-2022-1966
REJECTED
-CVE-2022-1965
- RESERVED
+CVE-2022-1965 (Multiple products of CODESYS implement a improper error
handling. A lo ...)
+ TODO: check
CVE-2022-1964
RESERVED
CVE-2022-32202 (In libjpeg 1.63, there is a NULL pointer dereference in
LineBuffer::Fe ...)
@@ -5696,22 +5752,22 @@ CVE-2022-32145 (A vulnerability has been identified in
Teamcenter Active Workspa
NOT-FOR-US: Siemens
CVE-2022-32144
RESERVED
-CVE-2022-32143
- RESERVED
-CVE-2022-32142
- RESERVED
-CVE-2022-32141
- RESERVED
-CVE-2022-32140
- RESERVED
-CVE-2022-32139
- RESERVED
-CVE-2022-32138
- RESERVED
-CVE-2022-32137
- RESERVED
-CVE-2022-32136
- RESERVED
+CVE-2022-32143 (In multiple CODESYS products, file download and upload
function allows ...)
+ TODO: check
+CVE-2022-32142 (Multiple CODESYS Products are prone to a out-of bounds read or
write a ...)
+ TODO: check
+CVE-2022-32141 (Multiple CODESYS Products are prone to a buffer over read. A
low privi ...)
+ TODO: check
+CVE-2022-32140 (Multiple CODESYS products are affected to a buffer overflow.A
low priv ...)
+ TODO: check
+CVE-2022-32139 (In multiple CODESYS products, a low privileged remote attacker
may cra ...)
+ TODO: check
+CVE-2022-32138 (In multiple CODESYS products, a remote attacker may craft a
request wh ...)
+ TODO: check
+CVE-2022-32137 (In multiple CODESYS products, a low privileged remote attacker
may cra ...)
+ TODO: check
+CVE-2022-32136 (In multiple CODESYS products, a low privileged remote attacker
may cra ...)
+ TODO: check
CVE-2022-30997
RESERVED
CVE-2022-29519
@@ -6417,16 +6473,16 @@ CVE-2022-31808
RESERVED
CVE-2022-31807
RESERVED
-CVE-2022-31806
- RESERVED
-CVE-2022-31805
- RESERVED
-CVE-2022-31804
- RESERVED
-CVE-2022-31803
- RESERVED
-CVE-2022-31802
- RESERVED
+CVE-2022-31806 (In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions
prior to V2. ...)
+ TODO: check
+CVE-2022-31805 (In the CODESYS Development System multiple components in
multiple vers ...)
+ TODO: check
+CVE-2022-31804 (The CODESYS Gateway Server V2 does not verifiy that the size
of a requ ...)
+ TODO: check
+CVE-2022-31803 (In CODESYS Gateway Server V2 an insufficient check for the
activity of ...)
+ TODO: check
+CVE-2022-31802 (In CODESYS Gateway Server V2 for versions prior to V2.3.9.38
only a pa ...)
+ TODO: check
CVE-2022-31801 (An unauthenticated, remote attacker could upload malicious
logic to th ...)
NOT-FOR-US: ProConOS/ProConOS eCLR SDK and MULTIPROG Engineering tool
CVE-2022-31800 (An unauthenticated, remote attacker could upload malicious
logic to de ...)
@@ -6596,8 +6652,8 @@ CVE-2022-31769 (IBM Spectrum Copy Data Management 2.2.0.0
through 2.2.15.0 could
NOT-FOR-US: IBM
CVE-2022-31768 (IBM InfoSphere Information Server 11.7 is vulnerable to SQL
injection. ...)
NOT-FOR-US: IBM
-CVE-2022-31767
- RESERVED
+CVE-2022-31767 (IBM CICS TX Standard and Advanced 11.1 could allow a remote
attacker t ...)
+ TODO: check
CVE-2022-31766
RESERVED
CVE-2022-31765
@@ -8010,7 +8066,8 @@ CVE-2022-31291 (An issue in dlt_config_file_parser.c of
dlt-daemon v2.18.8 allow
NOTE:
https://github.com/COVESA/dlt-daemon/commit/6a3bd901d825c7206797e36ea98e10a218f5aad2
CVE-2022-31290
RESERVED
-CVE-2022-31289 (** DISPUTED ** https://ossindex.sonatype.org/ Sonatype Nexus
Repositor ...)
+CVE-2022-31289
+ REJECTED
NOT-FOR-US: Sonatype Nexus Repository Manager OSS
CVE-2022-31288
RESERVED
@@ -8992,24 +9049,24 @@ CVE-2022-1749 (The WPMK Ajax Finder WordPress plugin is
vulnerable to Cross-Site
NOT-FOR-US: WordPress plugin
CVE-2022-1748
RESERVED
-CVE-2022-1747
- RESERVED
-CVE-2022-1746
- RESERVED
-CVE-2022-1745
- RESERVED
-CVE-2022-1744
- RESERVED
-CVE-2022-1743
- RESERVED
-CVE-2022-1742
- RESERVED
-CVE-2022-1741
- RESERVED
-CVE-2022-1740
- RESERVED
-CVE-2022-1739
- RESERVED
+CVE-2022-1747 (The authentication mechanism used by voters to activate a
voting sessi ...)
+ TODO: check
+CVE-2022-1746 (The authentication mechanism used by poll workers to administer
voting ...)
+ TODO: check
+CVE-2022-1745 (The authentication mechanism used by technicians on the tested
version ...)
+ TODO: check
+CVE-2022-1744 (Applications on the tested version of Dominion Voting Systems
ImageCas ...)
+ TODO: check
+CVE-2022-1743 (The tested version of Dominion Voting System ImageCast X can be
manipu ...)
+ TODO: check
+CVE-2022-1742 (The tested version of Dominion Voting Systems ImageCast X
allows for r ...)
+ TODO: check
+CVE-2022-1741 (The tested version of Dominion Voting Systems ImageCast X has a
Termin ...)
+ TODO: check
+CVE-2022-1740 (The tested version of Dominion Voting Systems ImageCast
X’s on-s ...)
+ TODO: check
+CVE-2022-1739 (The tested version of Dominion Voting Systems ImageCast X does
not val ...)
+ TODO: check
CVE-2022-1738
RESERVED
CVE-2022-1737
@@ -10184,12 +10241,12 @@ CVE-2022-1670 (When generating a user invitation code
in Octopus Server, the val
NOT-FOR-US: Octopus Server
CVE-2022-1669 (A buffer overflow vulnerability has been detected in the
firewall func ...)
NOT-FOR-US: Circutor
-CVE-2022-1668
- RESERVED
-CVE-2022-1667
- RESERVED
-CVE-2022-1666
- RESERVED
+CVE-2022-1668 (Weak default root user credentials allow remote attackers to
easily ob ...)
+ TODO: check
+CVE-2022-1667 (Client-side JavaScript controls may be bypassed by directly
running a ...)
+ TODO: check
+CVE-2022-1666 (The default password for the web application’s root user
(the ve ...)
+ TODO: check
CVE-2022-1665 (A set of pre-production kernel packages of Red Hat Enterprise
Linux fo ...)
NOT-FOR-US: pre-production kernel packages of Red Hat Enterprise Linux
for IBM Power architecture
CVE-2022-1664 (Dpkg::Source::Archive in dpkg, the Debian package management
system, b ...)
@@ -11444,14 +11501,14 @@ CVE-2022-30122 [Denial of Service Vulnerability in
Rack Multipart Parsing]
NOTE: https://github.com/advisories/GHSA-hxqx-xwvh-44m2
CVE-2022-30121
RESERVED
-CVE-2022-30120
- RESERVED
-CVE-2022-30119
- RESERVED
-CVE-2022-30118
- RESERVED
-CVE-2022-30117
- RESERVED
+CVE-2022-30120 (XSS in /dashboard/blocks/stacks/view_details/ - old browsers
only. Whe ...)
+ TODO: check
+CVE-2022-30119 (XSS in /dashboard/reports/logs/view - old browsers only. When
using In ...)
+ TODO: check
+CVE-2022-30118 (Title for CVE: XSS in
/dashboard/system/express/entities/forms/save_co ...)
+ TODO: check
+CVE-2022-30117 (Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2
allow t ...)
+ TODO: check
CVE-2022-30116
RESERVED
CVE-2022-30115 (Using its HSTS support, curl can be instructed to use HTTPS
directly i ...)
@@ -11653,8 +11710,8 @@ CVE-2022-30030
RESERVED
CVE-2022-30029
RESERVED
-CVE-2022-30028
- RESERVED
+CVE-2022-30028 (Dradis Professional Edition before 4.3.0 allows attackers to
change an ...)
+ TODO: check
CVE-2022-30027
RESERVED
CVE-2022-30026
@@ -11882,7 +11939,7 @@ CVE-2022-29932 (The HTTP Server in PRIMEUR SPAZIO
2.5.1.954 (File Transfer) allo
NOT-FOR-US: PRIMEUR
CVE-2022-29931
RESERVED
-CVE-2022-29930 (SHA1 implementation in JetBrains Ktor Native before 2.0.1 was
returnin ...)
+CVE-2022-29930 (SHA1 implementation in JetBrains Ktor Native 2.0.0 was
returning the s ...)
NOT-FOR-US: JetBrains Ktor
CVE-2022-29929 (In JetBrains TeamCity before 2022.04 potential XSS via
Referrer header ...)
NOT-FOR-US: JetBrains TeamCity
@@ -12110,25 +12167,25 @@ CVE-2022-26051
RESERVED
CVE-2022-1525
RESERVED
-CVE-2022-1524
- RESERVED
+CVE-2022-1524 (LRM version 2.4 and lower does not implement TLS encryption. A
malicio ...)
+ TODO: check
CVE-2022-1523
RESERVED
CVE-2022-1522
RESERVED
-CVE-2022-1521
- RESERVED
+CVE-2022-1521 (LRM does not implement authentication or authorization by
default. A m ...)
+ TODO: check
CVE-2022-1520
RESERVED
{DSA-5141-1 DLA-3020-1}
- thunderbird 1:91.9.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-1520
-CVE-2022-1519
- RESERVED
-CVE-2022-1518
- RESERVED
-CVE-2022-1517
- RESERVED
+CVE-2022-1519 (LRM does not restrict the types of files that can be uploaded
to the a ...)
+ TODO: check
+CVE-2022-1518 (LRM contains a directory traversal vulnerability that can allow
a mali ...)
+ TODO: check
+CVE-2022-1517 (LRM utilizes elevated privileges. An unauthenticated malicious
actor c ...)
+ TODO: check
CVE-2022-1516 (A NULL pointer dereference flaw was found in the Linux
kernel’s ...)
{DSA-5127-1}
- linux 5.17.3-1 (unimportant)
@@ -13091,8 +13148,8 @@ CVE-2022-29582 (In the Linux kernel before 5.17.3,
fs/io_uring.c has a use-after
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/04/22/4
NOTE:
https://git.kernel.org/linus/e677edbcabee849bfdd43f1602bccbecf736a646
-CVE-2022-29578
- RESERVED
+CVE-2022-29578 (Meridian Cooperative Utility Software versions 22.02 and 22.03
allows ...)
+ TODO: check
CVE-2022-29577 (OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling
on STYLE ...)
- libowasp-antisamy-java <not-affected> (Incomplete fix for
CVE-2022-28367 not applied)
NOTE:
https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0
(v1.6.7)
@@ -13771,8 +13828,8 @@ CVE-2022-29332 (D-LINK DIR-825 AC1200 R2 is vulnerable
to Directory Traversal. A
NOT-FOR-US: D-LINK
CVE-2022-29331
RESERVED
-CVE-2022-29330
- RESERVED
+CVE-2022-29330 (Missing access control in the backup system of Telesoft
VitalPBX befor ...)
+ TODO: check
CVE-2022-29329 (D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain
a heap ...)
NOT-FOR-US: D-Link
CVE-2022-29328 (D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain
a stack ...)
@@ -14443,10 +14500,10 @@ CVE-2022-29099
RESERVED
CVE-2022-29098 (Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x,
contain a weak ...)
NOT-FOR-US: Dell
-CVE-2022-29097
- RESERVED
-CVE-2022-29096
- RESERVED
+CVE-2022-29097 (Dell WMS 3.6.1 and below contains a Path Traversal
vulnerability in De ...)
+ TODO: check
+CVE-2022-29096 (Dell Wyse Management Suite 3.6.1 and below contains a
Reflected Cross- ...)
+ TODO: check
CVE-2022-29095 (Dell SupportAssist Client Consumer versions (3.10.4 and prior)
and Del ...)
NOT-FOR-US: Dell SupportAssist
CVE-2022-29094 (Dell SupportAssist Client Consumer versions (3.10.4 and
versions prior ...)
@@ -15816,10 +15873,10 @@ CVE-2022-28622
RESERVED
CVE-2022-28621
RESERVED
-CVE-2022-28620
- RESERVED
-CVE-2022-28619
- RESERVED
+CVE-2022-28620 (A remote authentication bypass vulnerability was discovered in
HPE Cra ...)
+ TODO: check
+CVE-2022-28619 (A potential security vulnerability has been identified in the
installe ...)
+ TODO: check
CVE-2022-28618 (A command injection security vulnerability has been identified
in HPE ...)
NOT-FOR-US: HPE
CVE-2022-28617 (A remote bypass security restrictions vulnerability was
discovered in ...)
@@ -19823,8 +19880,8 @@ CVE-2022-27239 (In cifs-utils through 6.14, a
stack-based buffer overflow when p
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1197216
NOTE: https://github.com/piastry/cifs-utils/pull/7
NOTE:
https://git.samba.org/cifs-utils.git/?p=cifs-utils.git;a=commit;h=007c07fd91b6d42f8bd45187cf78ebb06801139d
(cifs-utils-6.15)
-CVE-2022-27238
- RESERVED
+CVE-2022-27238 (BigBlueButton version 2.4.7 (or earlier) is vulnerable to
stored Cross ...)
+ TODO: check
CVE-2022-27237 (There is a cross-site scripting (XSS) vulnerability in an NI
Web Serve ...)
NOT-FOR-US: NI
CVE-2022-27236
@@ -32852,8 +32909,8 @@ CVE-2022-23172
RESERVED
CVE-2022-23171 (AtlasVPN - Privilege Escalation Lack of proper security
controls on na ...)
NOT-FOR-US: AtlasVPN
-CVE-2022-23170
- RESERVED
+CVE-2022-23170 (SysAid - Okta SSO integration - was found vulnerable to XML
External E ...)
+ TODO: check
CVE-2022-23169 (attacker needs to craft a SQL payload. the vulnerable
parameter is "ag ...)
NOT-FOR-US: Amodat
CVE-2022-23168 (The attacker could get access to the database. The SQL
injection is in ...)
@@ -35363,8 +35420,8 @@ CVE-2022-22504
RESERVED
CVE-2022-22503
RESERVED
-CVE-2022-22502
- RESERVED
+CVE-2022-22502 (IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable
to cros ...)
+ TODO: check
CVE-2022-22501
RESERVED
CVE-2022-22500
@@ -35587,10 +35644,10 @@ CVE-2022-22392 (IBM Planning Analytics Local 2.0
could allow an attacker to uplo
NOT-FOR-US: IBM
CVE-2022-22391 (IBM Aspera High-Speed Transfer 4.3.1 and earlier could allow
an authen ...)
NOT-FOR-US: IBM
-CVE-2022-22390
- RESERVED
-CVE-2022-22389
- RESERVED
+CVE-2022-22390 (IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and
11.5 ma ...)
+ TODO: check
+CVE-2022-22389 (IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and
11.5 is ...)
+ TODO: check
CVE-2022-22388
RESERVED
CVE-2022-22387
@@ -40547,8 +40604,8 @@ CVE-2022-21831 (A code injection vulnerability exists
in the Active Storage >
NOTE:
https://github.com/rails/rails/commit/94e2f00d2abedbea1ef62fc775d031ffda00662c
(v5.2.6.3)
CVE-2022-21830 (A blind self XSS vulnerability exists in RocketChat LiveChat
<v1.9 ...)
NOT-FOR-US: Rocket.Chat.Livechat
-CVE-2022-21829
- RESERVED
+CVE-2022-21829 (Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below
can down ...)
+ TODO: check
CVE-2022-21828 (A user with high privilege access to the Incapptic Connect web
console ...)
NOT-FOR-US: Ivanti
CVE-2022-21827 (An improper privilege vulnerability has been discovered in
Citrix Gate ...)
@@ -47115,10 +47172,10 @@ CVE-2022-20831
RESERVED
CVE-2022-20830
RESERVED
-CVE-2022-20829
- RESERVED
-CVE-2022-20828
- RESERVED
+CVE-2022-20829 (A vulnerability in the packaging of Cisco Adaptive Security
Device Man ...)
+ TODO: check
+CVE-2022-20828 (A vulnerability in the CLI parser of Cisco FirePOWER Software
for Adap ...)
+ TODO: check
CVE-2022-20827
RESERVED
CVE-2022-20826
@@ -51839,8 +51896,8 @@ CVE-2021-42058
RESERVED
CVE-2021-42057 (Obsidian Dataview through 0.4.12-hotfix1 allows eval
injection. The ev ...)
NOT-FOR-US: Obsidian Dataview
-CVE-2021-42056
- RESERVED
+CVE-2021-42056 (Thales Safenet Authentication Client (SAC) for Linux and
Windows throu ...)
+ TODO: check
CVE-2021-42055 (ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203
has Insec ...)
NOT-FOR-US: ASUSTek ZenBook Pro Due 15 UX582 laptop firmware
CVE-2021-42054 (ACCEL-PPP 1.12.0 has an out-of-bounds read in
triton_context_schedule ...)
@@ -52931,18 +52988,18 @@ CVE-2021-41641 (Deno <=1.14.0 file sandbox does
not handle symbolic links cor
NOT-FOR-US: Deno
CVE-2021-41640
RESERVED
-CVE-2021-41639
- RESERVED
-CVE-2021-41638
- RESERVED
-CVE-2021-41637
- RESERVED
-CVE-2021-41636
- RESERVED
-CVE-2021-41635
- RESERVED
-CVE-2021-41634
- RESERVED
+CVE-2021-41639 (MELAG FTP Server 2.2.0.4 stores unencrpyted passwords of FTP
users in ...)
+ TODO: check
+CVE-2021-41638 (The authentication checks of the MELAG FTP Server in version
2.2.0.4 a ...)
+ TODO: check
+CVE-2021-41637 (Weak access control permissions in MELAG FTP Server 2.2.0.4
allow the ...)
+ TODO: check
+CVE-2021-41636 (MELAG FTP Server 2.2.0.4 allows an attacker to use the CWD
command to ...)
+ TODO: check
+CVE-2021-41635 (When installed as Windows service MELAG FTP Server 2.2.0.4 is
run as S ...)
+ TODO: check
+CVE-2021-41634 (A user enumeration vulnerability in MELAG FTP Server 2.2.0.4
allows an ...)
+ TODO: check
CVE-2021-41633
RESERVED
CVE-2021-41632
@@ -54786,10 +54843,10 @@ CVE-2021-40895
RESERVED
CVE-2021-40894
RESERVED
-CVE-2021-40893
- RESERVED
-CVE-2021-40892
- RESERVED
+CVE-2021-40893 (A Regular Expression Denial of Service (ReDOS) vulnerability
was disco ...)
+ TODO: check
+CVE-2021-40892 (A Regular Expression Denial of Service (ReDOS) vulnerability
was disco ...)
+ TODO: check
CVE-2021-40891
RESERVED
CVE-2021-40890
@@ -58460,10 +58517,10 @@ CVE-2021-39411 (Multiple Cross Site Scripting (XSS)
vulnerabilities exist in PHP
NOT-FOR-US: PHPGurukul Hospital Management System
CVE-2021-39410
RESERVED
-CVE-2021-39409
- RESERVED
-CVE-2021-39408
- RESERVED
+CVE-2021-39409 (A vulnerability exists in Online Student Rate System v1.0 that
allows ...)
+ TODO: check
+CVE-2021-39408 (Cross Site Scripting (XSS) vulnerability exists in Online
Student Rate ...)
+ TODO: check
CVE-2021-39407
RESERVED
CVE-2021-39406
@@ -59484,8 +59541,8 @@ CVE-2021-39049 (IBM i2 Analyst's Notebook 9.2.0, 9.2.1,
and 9.2.2 is vulnerable
NOT-FOR-US: IBM
CVE-2021-39048 (IBM Spectrum Protect Client 7.1 and 8.1 is vulnerable to a
stack based ...)
NOT-FOR-US: IBM
-CVE-2021-39047
- RESERVED
+CVE-2021-39047 (IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1,
11.2.0, an ...)
+ TODO: check
CVE-2021-39046 (IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0
and IBM Bu ...)
NOT-FOR-US: IBM
CVE-2021-39045
@@ -59688,8 +59745,8 @@ CVE-2021-38947 (IBM Spectrum Copy Data Management
2.2.13 and earlier uses weaker
NOT-FOR-US: IBM
CVE-2021-38946 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable
to cross ...)
NOT-FOR-US: IBM
-CVE-2021-38945
- RESERVED
+CVE-2021-38945 (IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a
remote a ...)
+ TODO: check
CVE-2021-38944 (IBM DataPower Gateway 10.0.2.0 through 1.0.3.0, 10.0.1.0
through 10.0. ...)
NOT-FOR-US: IBM
CVE-2021-38943
@@ -59820,8 +59877,8 @@ CVE-2021-38881
RESERVED
CVE-2021-38880
RESERVED
-CVE-2021-38879
- RESERVED
+CVE-2021-38879 (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2
could allow ...)
+ TODO: check
CVE-2021-38878 (IBM QRadar 7.3, 7.4, and 7.5 could allow a malicious actor to
imperson ...)
NOT-FOR-US: IBM
CVE-2021-38877 (IBM Jazz for Service Management 1.1.3.10 is vulnerable to
stored cross ...)
@@ -59836,8 +59893,8 @@ CVE-2021-38873 (IBM Planning Analytics 2.0 is
potentially vulnerable to CSV Inje
NOT-FOR-US: IBM
CVE-2021-38872 (IBM DataPower Gateway 10.0.2.0, 10.0.3.0, 10.0.1.0 through
10.0.1.4, a ...)
NOT-FOR-US: IBM
-CVE-2021-38871
- RESERVED
+CVE-2021-38871 (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is
vulnerab ...)
+ TODO: check
CVE-2021-38870 (IBM Aspera Cloud is vulnerable to stored cross-site scripting.
This vu ...)
NOT-FOR-US: IBM
CVE-2021-38869 (IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not
automatic ...)
@@ -70411,7 +70468,7 @@ CVE-2021-34606 (A vulnerability exists in XINJE XD/E
Series PLC Program Tool in
CVE-2021-34605 (A zip slip vulnerability in XINJE XD/E Series PLC Program Tool
up to v ...)
NOT-FOR-US: XINJE PLC Program Tool
CVE-2021-34604
- RESERVED
+ REJECTED
CVE-2021-34603
RESERVED
CVE-2021-34602 (In Bender/ebee Charge Controllers in multiple versions are
prone to Co ...)
@@ -80474,8 +80531,8 @@ CVE-2021-30653 (This issue was addressed with improved
checks. This issue is fix
NOT-FOR-US: Apple
CVE-2021-30652 (A race condition was addressed with additional validation.
This issue ...)
NOT-FOR-US: Apple
-CVE-2021-30651
- RESERVED
+CVE-2021-30651 (A malicious authenticated SMG administrator user can obtain
passwords ...)
+ TODO: check
CVE-2021-30650 (A reflected cross-site scripting (XSS) vulnerability in the
Symantec L ...)
NOT-FOR-US: Symantec
CVE-2021-30649
@@ -82938,8 +82995,8 @@ CVE-2021-29867 (IBM Cognos Analytics 11.1.7 and 11.2.0
could allow an authentica
NOT-FOR-US: IBM
CVE-2021-29866
RESERVED
-CVE-2021-29865
- RESERVED
+CVE-2021-29865 (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2
could allow ...)
+ TODO: check
CVE-2021-29864
RESERVED
CVE-2021-29863 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side
request forge ...)
@@ -83132,8 +83189,8 @@ CVE-2021-29770 (IBM i2 Analyst's Notebook Premium (IBM
i2 Analyze 4.3.0, 4.3.1,
NOT-FOR-US: IBM
CVE-2021-29769 (IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0,
4.3.1, and 4. ...)
NOT-FOR-US: IBM
-CVE-2021-29768
- RESERVED
+CVE-2021-29768 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a
low leve ...)
+ TODO: check
CVE-2021-29767 (IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2
could allow ...)
NOT-FOR-US: IBM
CVE-2021-29766 (IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0,
4.3.1, and 4. ...)
@@ -107212,8 +107269,8 @@ CVE-2021-20553
RESERVED
CVE-2021-20552 (IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow
a remote ...)
NOT-FOR-US: IBM
-CVE-2021-20551
- RESERVED
+CVE-2021-20551 (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2
allows web ...)
+ TODO: check
CVE-2021-20550 (IBM Content Navigator 3.0.CD is vulnerable to cross-site
scripting. Th ...)
NOT-FOR-US: IBM
CVE-2021-20549 (IBM Content Navigator 3.0.CD is vulnerable to cross-site
scripting. Th ...)
@@ -107226,10 +107283,10 @@ CVE-2021-20546 (IBM Spectrum Protect Client 8.1.0.0
through 8.1.11.0 is vulnerab
NOT-FOR-US: IBM
CVE-2021-20545
RESERVED
-CVE-2021-20544
- RESERVED
-CVE-2021-20543
- RESERVED
+CVE-2021-20544 (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is
vulnerab ...)
+ TODO: check
+CVE-2021-20543 (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is
vulnerab ...)
+ TODO: check
CVE-2021-20542
RESERVED
CVE-2021-20541 (IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0,
1.6.1.0, ...)
@@ -107472,8 +107529,8 @@ CVE-2021-20423 (IBM Cloud Pak for Applications 4.3
could allow an authenticated
NOT-FOR-US: IBM
CVE-2021-20422 (IBM Cloud Pak for Applications 4.3 could disclose sensitive
informatio ...)
NOT-FOR-US: IBM
-CVE-2021-20421
- RESERVED
+CVE-2021-20421 (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is
vulnerab ...)
+ TODO: check
CVE-2021-20420 (IBM Security Guardium 11.2 could disclose sensitive
information due to ...)
NOT-FOR-US: IBM
CVE-2021-20419 (IBM Security Guardium 11.2 uses weaker than expected
cryptographic alg ...)
@@ -107604,8 +107661,8 @@ CVE-2021-20357 (IBM Jazz Foundation products is
vulnerable to cross-site scripti
NOT-FOR-US: IBM
CVE-2021-20356
RESERVED
-CVE-2021-20355
- RESERVED
+CVE-2021-20355 (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2
could allow ...)
+ TODO: check
CVE-2021-20354 (IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow
a remot ...)
NOT-FOR-US: IBM
CVE-2021-20353 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is
vulnerable ...)
@@ -135486,8 +135543,8 @@ CVE-2020-21048 (An issue in the dither.c component of
libsixel prior to v1.8.4 a
NOTE:
https://github.com/saitoha/libsixel/commit/26ac06f3623279348f0dce2d191a9b6ca0c80226
(v1.8.4)
CVE-2020-21047
RESERVED
-CVE-2020-21046
- RESERVED
+CVE-2020-21046 (A local privilege escalation vulnerability was identified
within the " ...)
+ TODO: check
CVE-2020-21045
RESERVED
CVE-2020-21044
@@ -447941,8 +447998,7 @@ CVE-2013-1917 (Xen 3.1 through 4.x, when running
64-bit hosts on Intel CPUs, doe
{DSA-2662-1}
- xen 4.1.4-3
NOTE:
http://lists.xen.org/archives/html/xen-announce/2013-04/msg00005.html
-CVE-2013-1916
- RESERVED
+CVE-2013-1916 (In WordPress Plugin User Photo 0.9.4, when a photo is uploaded,
it is ...)
NOT-FOR-US: WordPress plugin
CVE-2013-1915 (ModSecurity before 2.7.3 allows remote attackers to read
arbitrary fil ...)
{DSA-2659-1}
@@ -448022,8 +448078,8 @@ CVE-2013-1892 (MongoDB before 2.0.9 and 2.2.x before
2.2.4 does not properly val
[wheezy] - mongodb 1:2.0.6-1.1
[squeeze] - mongodb <no-dsa> (Minor isue, Spidermonkey in Lenny is
EOLed)
NOTE: https://www.openwall.com/lists/oss-security/2013/03/25/7
-CVE-2013-1891
- RESERVED
+CVE-2013-1891 (In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code
in filem ...)
+ TODO: check
CVE-2013-1890 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud
Server ...)
- owncloud <not-affected> (only affecting 5.0 branch)
CVE-2013-1889 (mod_ruid2 before 0.9.8 improperly handles file descriptors
which allow ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12729387497e0a9eb353f6b65eec2f718d4b047d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12729387497e0a9eb353f6b65eec2f718d4b047d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
