Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 12729387 by security tracker role at 2022-06-24T20:10:19+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,59 @@ +CVE-2022-34485 + RESERVED +CVE-2022-34484 + RESERVED +CVE-2022-34483 + RESERVED +CVE-2022-34482 + RESERVED +CVE-2022-34481 + RESERVED +CVE-2022-34480 + RESERVED +CVE-2022-34479 + RESERVED +CVE-2022-34478 + RESERVED +CVE-2022-34477 + RESERVED +CVE-2022-34476 + RESERVED +CVE-2022-34475 + RESERVED +CVE-2022-34474 + RESERVED +CVE-2022-34473 + RESERVED +CVE-2022-34472 + RESERVED +CVE-2022-34471 + RESERVED +CVE-2022-34470 + RESERVED +CVE-2022-34469 + RESERVED +CVE-2022-34468 + RESERVED +CVE-2022-34467 + RESERVED +CVE-2022-34466 + RESERVED +CVE-2022-34465 + RESERVED +CVE-2022-34464 + RESERVED +CVE-2022-2198 + RESERVED +CVE-2022-2197 + RESERVED +CVE-2022-2196 + RESERVED +CVE-2022-2195 + RESERVED +CVE-2022-2194 + RESERVED +CVE-2019-25071 + RESERVED CVE-2022-34463 RESERVED CVE-2022-34462 @@ -246,18 +302,18 @@ CVE-2022-2187 RESERVED CVE-2022-2186 RESERVED -CVE-2017-20097 - RESERVED -CVE-2017-20096 - RESERVED -CVE-2017-20095 - RESERVED -CVE-2017-20094 - RESERVED -CVE-2017-20093 - RESERVED -CVE-2017-20092 - RESERVED +CVE-2017-20097 (A vulnerability was found in WP-Filebase Download Manager Plugin 3.4.4 ...) + TODO: check +CVE-2017-20096 (A vulnerability classified as problematic has been found in WP-SpamFre ...) + TODO: check +CVE-2017-20095 (A vulnerability classified as critical was found in Simple Ads Manager ...) + TODO: check +CVE-2017-20094 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2017-20093 (A vulnerability, which was classified as problematic, was found in Dow ...) + TODO: check +CVE-2017-20092 (A vulnerability classified as problematic was found in Google Analytic ...) + TODO: check CVE-2022-34343 RESERVED CVE-2022-34342 @@ -1299,8 +1355,8 @@ CVE-2022-33955 RESERVED CVE-2022-33954 RESERVED -CVE-2022-33953 - RESERVED +CVE-2022-33953 (IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user wi ...) + TODO: check CVE-2022-33952 RESERVED CVE-2022-33951 @@ -1371,12 +1427,12 @@ CVE-2022-2123 RESERVED CVE-2022-2122 RESERVED -CVE-2022-2121 - RESERVED -CVE-2022-2120 - RESERVED -CVE-2022-2119 - RESERVED +CVE-2022-2121 (OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer derefer ...) + TODO: check +CVE-2022-2120 (OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) i ...) + TODO: check +CVE-2022-2119 (OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SC ...) + TODO: check CVE-2022-2118 RESERVED CVE-2014-125025 (A vulnerability classified as problematic has been found in FFmpeg 2.0 ...) @@ -1523,8 +1579,8 @@ CVE-2022-33912 (A permission issue affects users that deployed the shipped versi NOT-FOR-US: Check MK as packaged by upstream CVE-2022-33911 RESERVED -CVE-2022-33910 - RESERVED +CVE-2022-33910 (An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers ...) + TODO: check CVE-2022-33909 RESERVED CVE-2022-33908 @@ -1599,14 +1655,14 @@ CVE-2022-2107 RESERVED CVE-2022-2106 RESERVED -CVE-2022-2105 - RESERVED -CVE-2022-2104 - RESERVED -CVE-2022-2103 - RESERVED -CVE-2022-2102 - RESERVED +CVE-2022-2105 (Client-side JavaScript controls may be bypassed to change user credent ...) + TODO: check +CVE-2022-2104 (The www-data (Apache web server) account is configured to run sudo wit ...) + TODO: check +CVE-2022-2103 (An attacker with weak credentials could access the TCP port via an ope ...) + TODO: check +CVE-2022-2102 (Controls limiting uploads to certain file extensions may be bypassed. ...) + TODO: check CVE-2022-2101 RESERVED CVE-2022-33880 @@ -3454,8 +3510,8 @@ CVE-2022-32992 (Online Tours And Travels Management System v1.0 was discovered t NOT-FOR-US: Online Tours And Travels Management System CVE-2022-32991 (Web Based Quiz System v1.0 was discovered to contain a SQL injection v ...) NOT-FOR-US: Web Based Quiz System -CVE-2022-32990 - RESERVED +CVE-2022-32990 (An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allow ...) + TODO: check CVE-2022-32989 RESERVED CVE-2022-32988 @@ -4600,8 +4656,8 @@ CVE-2022-2015 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/d NOT-FOR-US: jgraph/drawio CVE-2022-2014 (Code Injection in GitHub repository jgraph/drawio prior to 19.0.2. ...) NOT-FOR-US: jgraph/drawio -CVE-2022-32530 - RESERVED +CVE-2022-32530 (A CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists th ...) + TODO: check CVE-2022-32529 RESERVED CVE-2022-32528 @@ -5489,8 +5545,8 @@ CVE-2022-32211 RESERVED CVE-2022-32210 RESERVED -CVE-2022-32209 - RESERVED +CVE-2022-32209 (# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possi ...) + TODO: check CVE-2022-32208 RESERVED CVE-2022-32207 @@ -5558,8 +5614,8 @@ CVE-2022-1967 RESERVED CVE-2022-1966 REJECTED -CVE-2022-1965 - RESERVED +CVE-2022-1965 (Multiple products of CODESYS implement a improper error handling. A lo ...) + TODO: check CVE-2022-1964 RESERVED CVE-2022-32202 (In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::Fe ...) @@ -5696,22 +5752,22 @@ CVE-2022-32145 (A vulnerability has been identified in Teamcenter Active Workspa NOT-FOR-US: Siemens CVE-2022-32144 RESERVED -CVE-2022-32143 - RESERVED -CVE-2022-32142 - RESERVED -CVE-2022-32141 - RESERVED -CVE-2022-32140 - RESERVED -CVE-2022-32139 - RESERVED -CVE-2022-32138 - RESERVED -CVE-2022-32137 - RESERVED -CVE-2022-32136 - RESERVED +CVE-2022-32143 (In multiple CODESYS products, file download and upload function allows ...) + TODO: check +CVE-2022-32142 (Multiple CODESYS Products are prone to a out-of bounds read or write a ...) + TODO: check +CVE-2022-32141 (Multiple CODESYS Products are prone to a buffer over read. A low privi ...) + TODO: check +CVE-2022-32140 (Multiple CODESYS products are affected to a buffer overflow.A low priv ...) + TODO: check +CVE-2022-32139 (In multiple CODESYS products, a low privileged remote attacker may cra ...) + TODO: check +CVE-2022-32138 (In multiple CODESYS products, a remote attacker may craft a request wh ...) + TODO: check +CVE-2022-32137 (In multiple CODESYS products, a low privileged remote attacker may cra ...) + TODO: check +CVE-2022-32136 (In multiple CODESYS products, a low privileged remote attacker may cra ...) + TODO: check CVE-2022-30997 RESERVED CVE-2022-29519 @@ -6417,16 +6473,16 @@ CVE-2022-31808 RESERVED CVE-2022-31807 RESERVED -CVE-2022-31806 - RESERVED -CVE-2022-31805 - RESERVED -CVE-2022-31804 - RESERVED -CVE-2022-31803 - RESERVED -CVE-2022-31802 - RESERVED +CVE-2022-31806 (In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2. ...) + TODO: check +CVE-2022-31805 (In the CODESYS Development System multiple components in multiple vers ...) + TODO: check +CVE-2022-31804 (The CODESYS Gateway Server V2 does not verifiy that the size of a requ ...) + TODO: check +CVE-2022-31803 (In CODESYS Gateway Server V2 an insufficient check for the activity of ...) + TODO: check +CVE-2022-31802 (In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a pa ...) + TODO: check CVE-2022-31801 (An unauthenticated, remote attacker could upload malicious logic to th ...) NOT-FOR-US: ProConOS/ProConOS eCLR SDK and MULTIPROG Engineering tool CVE-2022-31800 (An unauthenticated, remote attacker could upload malicious logic to de ...) @@ -6596,8 +6652,8 @@ CVE-2022-31769 (IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 could NOT-FOR-US: IBM CVE-2022-31768 (IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. ...) NOT-FOR-US: IBM -CVE-2022-31767 - RESERVED +CVE-2022-31767 (IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker t ...) + TODO: check CVE-2022-31766 RESERVED CVE-2022-31765 @@ -8010,7 +8066,8 @@ CVE-2022-31291 (An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allow NOTE: https://github.com/COVESA/dlt-daemon/commit/6a3bd901d825c7206797e36ea98e10a218f5aad2 CVE-2022-31290 RESERVED -CVE-2022-31289 (** DISPUTED ** https://ossindex.sonatype.org/ Sonatype Nexus Repositor ...) +CVE-2022-31289 + REJECTED NOT-FOR-US: Sonatype Nexus Repository Manager OSS CVE-2022-31288 RESERVED @@ -8992,24 +9049,24 @@ CVE-2022-1749 (The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site NOT-FOR-US: WordPress plugin CVE-2022-1748 RESERVED -CVE-2022-1747 - RESERVED -CVE-2022-1746 - RESERVED -CVE-2022-1745 - RESERVED -CVE-2022-1744 - RESERVED -CVE-2022-1743 - RESERVED -CVE-2022-1742 - RESERVED -CVE-2022-1741 - RESERVED -CVE-2022-1740 - RESERVED -CVE-2022-1739 - RESERVED +CVE-2022-1747 (The authentication mechanism used by voters to activate a voting sessi ...) + TODO: check +CVE-2022-1746 (The authentication mechanism used by poll workers to administer voting ...) + TODO: check +CVE-2022-1745 (The authentication mechanism used by technicians on the tested version ...) + TODO: check +CVE-2022-1744 (Applications on the tested version of Dominion Voting Systems ImageCas ...) + TODO: check +CVE-2022-1743 (The tested version of Dominion Voting System ImageCast X can be manipu ...) + TODO: check +CVE-2022-1742 (The tested version of Dominion Voting Systems ImageCast X allows for r ...) + TODO: check +CVE-2022-1741 (The tested version of Dominion Voting Systems ImageCast X has a Termin ...) + TODO: check +CVE-2022-1740 (The tested version of Dominion Voting Systems ImageCast X’s on-s ...) + TODO: check +CVE-2022-1739 (The tested version of Dominion Voting Systems ImageCast X does not val ...) + TODO: check CVE-2022-1738 RESERVED CVE-2022-1737 @@ -10184,12 +10241,12 @@ CVE-2022-1670 (When generating a user invitation code in Octopus Server, the val NOT-FOR-US: Octopus Server CVE-2022-1669 (A buffer overflow vulnerability has been detected in the firewall func ...) NOT-FOR-US: Circutor -CVE-2022-1668 - RESERVED -CVE-2022-1667 - RESERVED -CVE-2022-1666 - RESERVED +CVE-2022-1668 (Weak default root user credentials allow remote attackers to easily ob ...) + TODO: check +CVE-2022-1667 (Client-side JavaScript controls may be bypassed by directly running a ...) + TODO: check +CVE-2022-1666 (The default password for the web application’s root user (the ve ...) + TODO: check CVE-2022-1665 (A set of pre-production kernel packages of Red Hat Enterprise Linux fo ...) NOT-FOR-US: pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture CVE-2022-1664 (Dpkg::Source::Archive in dpkg, the Debian package management system, b ...) @@ -11444,14 +11501,14 @@ CVE-2022-30122 [Denial of Service Vulnerability in Rack Multipart Parsing] NOTE: https://github.com/advisories/GHSA-hxqx-xwvh-44m2 CVE-2022-30121 RESERVED -CVE-2022-30120 - RESERVED -CVE-2022-30119 - RESERVED -CVE-2022-30118 - RESERVED -CVE-2022-30117 - RESERVED +CVE-2022-30120 (XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. Whe ...) + TODO: check +CVE-2022-30119 (XSS in /dashboard/reports/logs/view - old browsers only. When using In ...) + TODO: check +CVE-2022-30118 (Title for CVE: XSS in /dashboard/system/express/entities/forms/save_co ...) + TODO: check +CVE-2022-30117 (Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow t ...) + TODO: check CVE-2022-30116 RESERVED CVE-2022-30115 (Using its HSTS support, curl can be instructed to use HTTPS directly i ...) @@ -11653,8 +11710,8 @@ CVE-2022-30030 RESERVED CVE-2022-30029 RESERVED -CVE-2022-30028 - RESERVED +CVE-2022-30028 (Dradis Professional Edition before 4.3.0 allows attackers to change an ...) + TODO: check CVE-2022-30027 RESERVED CVE-2022-30026 @@ -11882,7 +11939,7 @@ CVE-2022-29932 (The HTTP Server in PRIMEUR SPAZIO 2.5.1.954 (File Transfer) allo NOT-FOR-US: PRIMEUR CVE-2022-29931 RESERVED -CVE-2022-29930 (SHA1 implementation in JetBrains Ktor Native before 2.0.1 was returnin ...) +CVE-2022-29930 (SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the s ...) NOT-FOR-US: JetBrains Ktor CVE-2022-29929 (In JetBrains TeamCity before 2022.04 potential XSS via Referrer header ...) NOT-FOR-US: JetBrains TeamCity @@ -12110,25 +12167,25 @@ CVE-2022-26051 RESERVED CVE-2022-1525 RESERVED -CVE-2022-1524 - RESERVED +CVE-2022-1524 (LRM version 2.4 and lower does not implement TLS encryption. A malicio ...) + TODO: check CVE-2022-1523 RESERVED CVE-2022-1522 RESERVED -CVE-2022-1521 - RESERVED +CVE-2022-1521 (LRM does not implement authentication or authorization by default. A m ...) + TODO: check CVE-2022-1520 RESERVED {DSA-5141-1 DLA-3020-1} - thunderbird 1:91.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-1520 -CVE-2022-1519 - RESERVED -CVE-2022-1518 - RESERVED -CVE-2022-1517 - RESERVED +CVE-2022-1519 (LRM does not restrict the types of files that can be uploaded to the a ...) + TODO: check +CVE-2022-1518 (LRM contains a directory traversal vulnerability that can allow a mali ...) + TODO: check +CVE-2022-1517 (LRM utilizes elevated privileges. An unauthenticated malicious actor c ...) + TODO: check CVE-2022-1516 (A NULL pointer dereference flaw was found in the Linux kernel’s ...) {DSA-5127-1} - linux 5.17.3-1 (unimportant) @@ -13091,8 +13148,8 @@ CVE-2022-29582 (In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after [stretch] - linux <not-affected> (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2022/04/22/4 NOTE: https://git.kernel.org/linus/e677edbcabee849bfdd43f1602bccbecf736a646 -CVE-2022-29578 - RESERVED +CVE-2022-29578 (Meridian Cooperative Utility Software versions 22.02 and 22.03 allows ...) + TODO: check CVE-2022-29577 (OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE ...) - libowasp-antisamy-java <not-affected> (Incomplete fix for CVE-2022-28367 not applied) NOTE: https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0 (v1.6.7) @@ -13771,8 +13828,8 @@ CVE-2022-29332 (D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. A NOT-FOR-US: D-LINK CVE-2022-29331 RESERVED -CVE-2022-29330 - RESERVED +CVE-2022-29330 (Missing access control in the backup system of Telesoft VitalPBX befor ...) + TODO: check CVE-2022-29329 (D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a heap ...) NOT-FOR-US: D-Link CVE-2022-29328 (D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a stack ...) @@ -14443,10 +14500,10 @@ CVE-2022-29099 RESERVED CVE-2022-29098 (Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak ...) NOT-FOR-US: Dell -CVE-2022-29097 - RESERVED -CVE-2022-29096 - RESERVED +CVE-2022-29097 (Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in De ...) + TODO: check +CVE-2022-29096 (Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross- ...) + TODO: check CVE-2022-29095 (Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Del ...) NOT-FOR-US: Dell SupportAssist CVE-2022-29094 (Dell SupportAssist Client Consumer versions (3.10.4 and versions prior ...) @@ -15816,10 +15873,10 @@ CVE-2022-28622 RESERVED CVE-2022-28621 RESERVED -CVE-2022-28620 - RESERVED -CVE-2022-28619 - RESERVED +CVE-2022-28620 (A remote authentication bypass vulnerability was discovered in HPE Cra ...) + TODO: check +CVE-2022-28619 (A potential security vulnerability has been identified in the installe ...) + TODO: check CVE-2022-28618 (A command injection security vulnerability has been identified in HPE ...) NOT-FOR-US: HPE CVE-2022-28617 (A remote bypass security restrictions vulnerability was discovered in ...) @@ -19823,8 +19880,8 @@ CVE-2022-27239 (In cifs-utils through 6.14, a stack-based buffer overflow when p NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1197216 NOTE: https://github.com/piastry/cifs-utils/pull/7 NOTE: https://git.samba.org/cifs-utils.git/?p=cifs-utils.git;a=commit;h=007c07fd91b6d42f8bd45187cf78ebb06801139d (cifs-utils-6.15) -CVE-2022-27238 - RESERVED +CVE-2022-27238 (BigBlueButton version 2.4.7 (or earlier) is vulnerable to stored Cross ...) + TODO: check CVE-2022-27237 (There is a cross-site scripting (XSS) vulnerability in an NI Web Serve ...) NOT-FOR-US: NI CVE-2022-27236 @@ -32852,8 +32909,8 @@ CVE-2022-23172 RESERVED CVE-2022-23171 (AtlasVPN - Privilege Escalation Lack of proper security controls on na ...) NOT-FOR-US: AtlasVPN -CVE-2022-23170 - RESERVED +CVE-2022-23170 (SysAid - Okta SSO integration - was found vulnerable to XML External E ...) + TODO: check CVE-2022-23169 (attacker needs to craft a SQL payload. the vulnerable parameter is "ag ...) NOT-FOR-US: Amodat CVE-2022-23168 (The attacker could get access to the database. The SQL injection is in ...) @@ -35363,8 +35420,8 @@ CVE-2022-22504 RESERVED CVE-2022-22503 RESERVED -CVE-2022-22502 - RESERVED +CVE-2022-22502 (IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cros ...) + TODO: check CVE-2022-22501 RESERVED CVE-2022-22500 @@ -35587,10 +35644,10 @@ CVE-2022-22392 (IBM Planning Analytics Local 2.0 could allow an attacker to uplo NOT-FOR-US: IBM CVE-2022-22391 (IBM Aspera High-Speed Transfer 4.3.1 and earlier could allow an authen ...) NOT-FOR-US: IBM -CVE-2022-22390 - RESERVED -CVE-2022-22389 - RESERVED +CVE-2022-22390 (IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 ma ...) + TODO: check +CVE-2022-22389 (IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is ...) + TODO: check CVE-2022-22388 RESERVED CVE-2022-22387 @@ -40547,8 +40604,8 @@ CVE-2022-21831 (A code injection vulnerability exists in the Active Storage > NOTE: https://github.com/rails/rails/commit/94e2f00d2abedbea1ef62fc775d031ffda00662c (v5.2.6.3) CVE-2022-21830 (A blind self XSS vulnerability exists in RocketChat LiveChat <v1.9 ...) NOT-FOR-US: Rocket.Chat.Livechat -CVE-2022-21829 - RESERVED +CVE-2022-21829 (Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can down ...) + TODO: check CVE-2022-21828 (A user with high privilege access to the Incapptic Connect web console ...) NOT-FOR-US: Ivanti CVE-2022-21827 (An improper privilege vulnerability has been discovered in Citrix Gate ...) @@ -47115,10 +47172,10 @@ CVE-2022-20831 RESERVED CVE-2022-20830 RESERVED -CVE-2022-20829 - RESERVED -CVE-2022-20828 - RESERVED +CVE-2022-20829 (A vulnerability in the packaging of Cisco Adaptive Security Device Man ...) + TODO: check +CVE-2022-20828 (A vulnerability in the CLI parser of Cisco FirePOWER Software for Adap ...) + TODO: check CVE-2022-20827 RESERVED CVE-2022-20826 @@ -51839,8 +51896,8 @@ CVE-2021-42058 RESERVED CVE-2021-42057 (Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. The ev ...) NOT-FOR-US: Obsidian Dataview -CVE-2021-42056 - RESERVED +CVE-2021-42056 (Thales Safenet Authentication Client (SAC) for Linux and Windows throu ...) + TODO: check CVE-2021-42055 (ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203 has Insec ...) NOT-FOR-US: ASUSTek ZenBook Pro Due 15 UX582 laptop firmware CVE-2021-42054 (ACCEL-PPP 1.12.0 has an out-of-bounds read in triton_context_schedule ...) @@ -52931,18 +52988,18 @@ CVE-2021-41641 (Deno <=1.14.0 file sandbox does not handle symbolic links cor NOT-FOR-US: Deno CVE-2021-41640 RESERVED -CVE-2021-41639 - RESERVED -CVE-2021-41638 - RESERVED -CVE-2021-41637 - RESERVED -CVE-2021-41636 - RESERVED -CVE-2021-41635 - RESERVED -CVE-2021-41634 - RESERVED +CVE-2021-41639 (MELAG FTP Server 2.2.0.4 stores unencrpyted passwords of FTP users in ...) + TODO: check +CVE-2021-41638 (The authentication checks of the MELAG FTP Server in version 2.2.0.4 a ...) + TODO: check +CVE-2021-41637 (Weak access control permissions in MELAG FTP Server 2.2.0.4 allow the ...) + TODO: check +CVE-2021-41636 (MELAG FTP Server 2.2.0.4 allows an attacker to use the CWD command to ...) + TODO: check +CVE-2021-41635 (When installed as Windows service MELAG FTP Server 2.2.0.4 is run as S ...) + TODO: check +CVE-2021-41634 (A user enumeration vulnerability in MELAG FTP Server 2.2.0.4 allows an ...) + TODO: check CVE-2021-41633 RESERVED CVE-2021-41632 @@ -54786,10 +54843,10 @@ CVE-2021-40895 RESERVED CVE-2021-40894 RESERVED -CVE-2021-40893 - RESERVED -CVE-2021-40892 - RESERVED +CVE-2021-40893 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...) + TODO: check +CVE-2021-40892 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...) + TODO: check CVE-2021-40891 RESERVED CVE-2021-40890 @@ -58460,10 +58517,10 @@ CVE-2021-39411 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHP NOT-FOR-US: PHPGurukul Hospital Management System CVE-2021-39410 RESERVED -CVE-2021-39409 - RESERVED -CVE-2021-39408 - RESERVED +CVE-2021-39409 (A vulnerability exists in Online Student Rate System v1.0 that allows ...) + TODO: check +CVE-2021-39408 (Cross Site Scripting (XSS) vulnerability exists in Online Student Rate ...) + TODO: check CVE-2021-39407 RESERVED CVE-2021-39406 @@ -59484,8 +59541,8 @@ CVE-2021-39049 (IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable NOT-FOR-US: IBM CVE-2021-39048 (IBM Spectrum Protect Client 7.1 and 8.1 is vulnerable to a stack based ...) NOT-FOR-US: IBM -CVE-2021-39047 - RESERVED +CVE-2021-39047 (IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, an ...) + TODO: check CVE-2021-39046 (IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Bu ...) NOT-FOR-US: IBM CVE-2021-39045 @@ -59688,8 +59745,8 @@ CVE-2021-38947 (IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker NOT-FOR-US: IBM CVE-2021-38946 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross ...) NOT-FOR-US: IBM -CVE-2021-38945 - RESERVED +CVE-2021-38945 (IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote a ...) + TODO: check CVE-2021-38944 (IBM DataPower Gateway 10.0.2.0 through 1.0.3.0, 10.0.1.0 through 10.0. ...) NOT-FOR-US: IBM CVE-2021-38943 @@ -59820,8 +59877,8 @@ CVE-2021-38881 RESERVED CVE-2021-38880 RESERVED -CVE-2021-38879 - RESERVED +CVE-2021-38879 (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow ...) + TODO: check CVE-2021-38878 (IBM QRadar 7.3, 7.4, and 7.5 could allow a malicious actor to imperson ...) NOT-FOR-US: IBM CVE-2021-38877 (IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross ...) @@ -59836,8 +59893,8 @@ CVE-2021-38873 (IBM Planning Analytics 2.0 is potentially vulnerable to CSV Inje NOT-FOR-US: IBM CVE-2021-38872 (IBM DataPower Gateway 10.0.2.0, 10.0.3.0, 10.0.1.0 through 10.0.1.4, a ...) NOT-FOR-US: IBM -CVE-2021-38871 - RESERVED +CVE-2021-38871 (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerab ...) + TODO: check CVE-2021-38870 (IBM Aspera Cloud is vulnerable to stored cross-site scripting. This vu ...) NOT-FOR-US: IBM CVE-2021-38869 (IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatic ...) @@ -70411,7 +70468,7 @@ CVE-2021-34606 (A vulnerability exists in XINJE XD/E Series PLC Program Tool in CVE-2021-34605 (A zip slip vulnerability in XINJE XD/E Series PLC Program Tool up to v ...) NOT-FOR-US: XINJE PLC Program Tool CVE-2021-34604 - RESERVED + REJECTED CVE-2021-34603 RESERVED CVE-2021-34602 (In Bender/ebee Charge Controllers in multiple versions are prone to Co ...) @@ -80474,8 +80531,8 @@ CVE-2021-30653 (This issue was addressed with improved checks. This issue is fix NOT-FOR-US: Apple CVE-2021-30652 (A race condition was addressed with additional validation. This issue ...) NOT-FOR-US: Apple -CVE-2021-30651 - RESERVED +CVE-2021-30651 (A malicious authenticated SMG administrator user can obtain passwords ...) + TODO: check CVE-2021-30650 (A reflected cross-site scripting (XSS) vulnerability in the Symantec L ...) NOT-FOR-US: Symantec CVE-2021-30649 @@ -82938,8 +82995,8 @@ CVE-2021-29867 (IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authentica NOT-FOR-US: IBM CVE-2021-29866 RESERVED -CVE-2021-29865 - RESERVED +CVE-2021-29865 (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow ...) + TODO: check CVE-2021-29864 RESERVED CVE-2021-29863 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forge ...) @@ -83132,8 +83189,8 @@ CVE-2021-29770 (IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, NOT-FOR-US: IBM CVE-2021-29769 (IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4. ...) NOT-FOR-US: IBM -CVE-2021-29768 - RESERVED +CVE-2021-29768 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low leve ...) + TODO: check CVE-2021-29767 (IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 could allow ...) NOT-FOR-US: IBM CVE-2021-29766 (IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4. ...) @@ -107212,8 +107269,8 @@ CVE-2021-20553 RESERVED CVE-2021-20552 (IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote ...) NOT-FOR-US: IBM -CVE-2021-20551 - RESERVED +CVE-2021-20551 (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web ...) + TODO: check CVE-2021-20550 (IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. Th ...) NOT-FOR-US: IBM CVE-2021-20549 (IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. Th ...) @@ -107226,10 +107283,10 @@ CVE-2021-20546 (IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 is vulnerab NOT-FOR-US: IBM CVE-2021-20545 RESERVED -CVE-2021-20544 - RESERVED -CVE-2021-20543 - RESERVED +CVE-2021-20544 (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerab ...) + TODO: check +CVE-2021-20543 (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerab ...) + TODO: check CVE-2021-20542 RESERVED CVE-2021-20541 (IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, ...) @@ -107472,8 +107529,8 @@ CVE-2021-20423 (IBM Cloud Pak for Applications 4.3 could allow an authenticated NOT-FOR-US: IBM CVE-2021-20422 (IBM Cloud Pak for Applications 4.3 could disclose sensitive informatio ...) NOT-FOR-US: IBM -CVE-2021-20421 - RESERVED +CVE-2021-20421 (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerab ...) + TODO: check CVE-2021-20420 (IBM Security Guardium 11.2 could disclose sensitive information due to ...) NOT-FOR-US: IBM CVE-2021-20419 (IBM Security Guardium 11.2 uses weaker than expected cryptographic alg ...) @@ -107604,8 +107661,8 @@ CVE-2021-20357 (IBM Jazz Foundation products is vulnerable to cross-site scripti NOT-FOR-US: IBM CVE-2021-20356 RESERVED -CVE-2021-20355 - RESERVED +CVE-2021-20355 (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow ...) + TODO: check CVE-2021-20354 (IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remot ...) NOT-FOR-US: IBM CVE-2021-20353 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) @@ -135486,8 +135543,8 @@ CVE-2020-21048 (An issue in the dither.c component of libsixel prior to v1.8.4 a NOTE: https://github.com/saitoha/libsixel/commit/26ac06f3623279348f0dce2d191a9b6ca0c80226 (v1.8.4) CVE-2020-21047 RESERVED -CVE-2020-21046 - RESERVED +CVE-2020-21046 (A local privilege escalation vulnerability was identified within the " ...) + TODO: check CVE-2020-21045 RESERVED CVE-2020-21044 @@ -447941,8 +447998,7 @@ CVE-2013-1917 (Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, doe {DSA-2662-1} - xen 4.1.4-3 NOTE: http://lists.xen.org/archives/html/xen-announce/2013-04/msg00005.html -CVE-2013-1916 - RESERVED +CVE-2013-1916 (In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is ...) NOT-FOR-US: WordPress plugin CVE-2013-1915 (ModSecurity before 2.7.3 allows remote attackers to read arbitrary fil ...) {DSA-2659-1} @@ -448022,8 +448078,8 @@ CVE-2013-1892 (MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly val [wheezy] - mongodb 1:2.0.6-1.1 [squeeze] - mongodb <no-dsa> (Minor isue, Spidermonkey in Lenny is EOLed) NOTE: https://www.openwall.com/lists/oss-security/2013/03/25/7 -CVE-2013-1891 - RESERVED +CVE-2013-1891 (In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filem ...) + TODO: check CVE-2013-1890 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server ...) - owncloud <not-affected> (only affecting 5.0 branch) CVE-2013-1889 (mod_ruid2 before 0.9.8 improperly handles file descriptors which allow ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12729387497e0a9eb353f6b65eec2f718d4b047d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12729387497e0a9eb353f6b65eec2f718d4b047d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits