[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Dec 20 08:10:22 GMT 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6a4b37e7 by security tracker role at 2021-12-20T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,479 @@
+CVE-2022-22053
+	RESERVED
+CVE-2022-22052
+	RESERVED
+CVE-2022-22051
+	RESERVED
+CVE-2022-22050
+	RESERVED
+CVE-2022-22049
+	RESERVED
+CVE-2022-22048
+	RESERVED
+CVE-2022-22047
+	RESERVED
+CVE-2022-22046
+	RESERVED
+CVE-2022-22045
+	RESERVED
+CVE-2022-22044
+	RESERVED
+CVE-2022-22043
+	RESERVED
+CVE-2022-22042
+	RESERVED
+CVE-2022-22041
+	RESERVED
+CVE-2022-22040
+	RESERVED
+CVE-2022-22039
+	RESERVED
+CVE-2022-22038
+	RESERVED
+CVE-2022-22037
+	RESERVED
+CVE-2022-22036
+	RESERVED
+CVE-2022-22035
+	RESERVED
+CVE-2022-22034
+	RESERVED
+CVE-2022-22033
+	RESERVED
+CVE-2022-22032
+	RESERVED
+CVE-2022-22031
+	RESERVED
+CVE-2022-22030
+	RESERVED
+CVE-2022-22029
+	RESERVED
+CVE-2022-22028
+	RESERVED
+CVE-2022-22027
+	RESERVED
+CVE-2022-22026
+	RESERVED
+CVE-2022-22025
+	RESERVED
+CVE-2022-22024
+	RESERVED
+CVE-2022-22023
+	RESERVED
+CVE-2022-22022
+	RESERVED
+CVE-2022-22021
+	RESERVED
+CVE-2022-22020
+	RESERVED
+CVE-2022-22019
+	RESERVED
+CVE-2022-22018
+	RESERVED
+CVE-2022-22017
+	RESERVED
+CVE-2022-22016
+	RESERVED
+CVE-2022-22015
+	RESERVED
+CVE-2022-22014
+	RESERVED
+CVE-2022-22013
+	RESERVED
+CVE-2022-22012
+	RESERVED
+CVE-2022-22011
+	RESERVED
+CVE-2022-22010
+	RESERVED
+CVE-2022-22009
+	RESERVED
+CVE-2022-22008
+	RESERVED
+CVE-2022-22007
+	RESERVED
+CVE-2022-22006
+	RESERVED
+CVE-2022-22005
+	RESERVED
+CVE-2022-22004
+	RESERVED
+CVE-2022-22003
+	RESERVED
+CVE-2022-22002
+	RESERVED
+CVE-2022-22001
+	RESERVED
+CVE-2022-22000
+	RESERVED
+CVE-2022-21999
+	RESERVED
+CVE-2022-21998
+	RESERVED
+CVE-2022-21997
+	RESERVED
+CVE-2022-21996
+	RESERVED
+CVE-2022-21995
+	RESERVED
+CVE-2022-21994
+	RESERVED
+CVE-2022-21993
+	RESERVED
+CVE-2022-21992
+	RESERVED
+CVE-2022-21991
+	RESERVED
+CVE-2022-21990
+	RESERVED
+CVE-2022-21989
+	RESERVED
+CVE-2022-21988
+	RESERVED
+CVE-2022-21987
+	RESERVED
+CVE-2022-21986
+	RESERVED
+CVE-2022-21985
+	RESERVED
+CVE-2022-21984
+	RESERVED
+CVE-2022-21983
+	RESERVED
+CVE-2022-21982
+	RESERVED
+CVE-2022-21981
+	RESERVED
+CVE-2022-21980
+	RESERVED
+CVE-2022-21979
+	RESERVED
+CVE-2022-21978
+	RESERVED
+CVE-2022-21977
+	RESERVED
+CVE-2022-21976
+	RESERVED
+CVE-2022-21975
+	RESERVED
+CVE-2022-21974
+	RESERVED
+CVE-2022-21973
+	RESERVED
+CVE-2022-21972
+	RESERVED
+CVE-2022-21971
+	RESERVED
+CVE-2022-21970
+	RESERVED
+CVE-2022-21969
+	RESERVED
+CVE-2022-21968
+	RESERVED
+CVE-2022-21967
+	RESERVED
+CVE-2022-21966
+	RESERVED
+CVE-2022-21965
+	RESERVED
+CVE-2022-21964
+	RESERVED
+CVE-2022-21963
+	RESERVED
+CVE-2022-21962
+	RESERVED
+CVE-2022-21961
+	RESERVED
+CVE-2022-21960
+	RESERVED
+CVE-2022-21959
+	RESERVED
+CVE-2022-21958
+	RESERVED
+CVE-2022-21957
+	RESERVED
+CVE-2022-21956
+	RESERVED
+CVE-2022-21955
+	RESERVED
+CVE-2022-21954
+	RESERVED
+CVE-2021-45233
+	RESERVED
+CVE-2021-45232
+	RESERVED
+CVE-2021-45231
+	RESERVED
+CVE-2021-45230
+	RESERVED
+CVE-2021-45229
+	RESERVED
+CVE-2021-45228
+	RESERVED
+CVE-2021-45227
+	RESERVED
+CVE-2021-45226
+	RESERVED
+CVE-2021-45225
+	RESERVED
+CVE-2021-45224
+	RESERVED
+CVE-2021-45223
+	RESERVED
+CVE-2021-45222
+	RESERVED
+CVE-2021-45221
+	RESERVED
+CVE-2021-45220
+	RESERVED
+CVE-2021-45219
+	RESERVED
+CVE-2021-45218
+	RESERVED
+CVE-2021-45217
+	RESERVED
+CVE-2021-45216
+	RESERVED
+CVE-2021-45215
+	RESERVED
+CVE-2021-45214
+	RESERVED
+CVE-2021-45213
+	RESERVED
+CVE-2021-45212
+	RESERVED
+CVE-2021-45211
+	RESERVED
+CVE-2021-45210
+	RESERVED
+CVE-2021-45209
+	RESERVED
+CVE-2021-45208
+	RESERVED
+CVE-2021-45207
+	RESERVED
+CVE-2021-45206
+	RESERVED
+CVE-2021-45205
+	RESERVED
+CVE-2021-45204
+	RESERVED
+CVE-2021-45203
+	RESERVED
+CVE-2021-45202
+	RESERVED
+CVE-2021-45201
+	RESERVED
+CVE-2021-45200
+	RESERVED
+CVE-2021-45199
+	RESERVED
+CVE-2021-45198
+	RESERVED
+CVE-2021-45197
+	RESERVED
+CVE-2021-45196
+	RESERVED
+CVE-2021-45195
+	RESERVED
+CVE-2021-45194
+	RESERVED
+CVE-2021-45193
+	RESERVED
+CVE-2021-45192
+	RESERVED
+CVE-2021-45191
+	RESERVED
+CVE-2021-45190
+	RESERVED
+CVE-2021-45189
+	RESERVED
+CVE-2021-45188
+	RESERVED
+CVE-2021-45187
+	RESERVED
+CVE-2021-45186
+	RESERVED
+CVE-2021-45185
+	RESERVED
+CVE-2021-45184
+	RESERVED
+CVE-2021-45183
+	RESERVED
+CVE-2021-45182
+	RESERVED
+CVE-2021-45181
+	RESERVED
+CVE-2021-45180
+	RESERVED
+CVE-2021-45179
+	RESERVED
+CVE-2021-45178
+	RESERVED
+CVE-2021-45177
+	RESERVED
+CVE-2021-45176
+	RESERVED
+CVE-2021-45175
+	RESERVED
+CVE-2021-45174
+	RESERVED
+CVE-2021-45173
+	RESERVED
+CVE-2021-45172
+	RESERVED
+CVE-2021-45171
+	RESERVED
+CVE-2021-45170
+	RESERVED
+CVE-2021-45169
+	RESERVED
+CVE-2021-45168
+	RESERVED
+CVE-2021-45167
+	RESERVED
+CVE-2021-45166
+	RESERVED
+CVE-2021-45165
+	RESERVED
+CVE-2021-45164
+	RESERVED
+CVE-2021-45163
+	RESERVED
+CVE-2021-45162
+	RESERVED
+CVE-2021-45161
+	RESERVED
+CVE-2021-45160
+	RESERVED
+CVE-2021-45159
+	RESERVED
+CVE-2021-45158
+	RESERVED
+CVE-2021-45157
+	RESERVED
+CVE-2021-45156
+	RESERVED
+CVE-2021-45155
+	RESERVED
+CVE-2021-45154
+	RESERVED
+CVE-2021-45153
+	RESERVED
+CVE-2021-45152
+	RESERVED
+CVE-2021-45151
+	RESERVED
+CVE-2021-45150
+	RESERVED
+CVE-2021-45149
+	RESERVED
+CVE-2021-45148
+	RESERVED
+CVE-2021-45147
+	RESERVED
+CVE-2021-45146
+	RESERVED
+CVE-2021-45145
+	RESERVED
+CVE-2021-45144
+	RESERVED
+CVE-2021-45143
+	RESERVED
+CVE-2021-45142
+	RESERVED
+CVE-2021-45141
+	RESERVED
+CVE-2021-45140
+	RESERVED
+CVE-2021-45139
+	RESERVED
+CVE-2021-45138
+	RESERVED
+CVE-2021-45137
+	RESERVED
+CVE-2021-45136
+	RESERVED
+CVE-2021-45135
+	RESERVED
+CVE-2021-45134
+	RESERVED
+CVE-2021-45133
+	RESERVED
+CVE-2021-45132
+	RESERVED
+CVE-2021-45131
+	RESERVED
+CVE-2021-45130
+	RESERVED
+CVE-2021-45129
+	RESERVED
+CVE-2021-45128
+	RESERVED
+CVE-2021-45127
+	RESERVED
+CVE-2021-45126
+	RESERVED
+CVE-2021-45125
+	RESERVED
+CVE-2021-45124
+	RESERVED
+CVE-2021-45123
+	RESERVED
+CVE-2021-45122
+	RESERVED
+CVE-2021-45121
+	RESERVED
+CVE-2021-45120
+	RESERVED
+CVE-2021-45119
+	RESERVED
+CVE-2021-45118
+	RESERVED
+CVE-2021-45117
+	RESERVED
+CVE-2021-45116
+	RESERVED
+CVE-2021-45115
+	RESERVED
+CVE-2021-45106
+	RESERVED
+CVE-2021-44463
+	RESERVED
+CVE-2021-44462
+	RESERVED
+CVE-2021-4137
+	RESERVED
+CVE-2021-4136 (vim is vulnerable to Heap-based Buffer Overflow ...)
+	TODO: check
+CVE-2021-4135
+	RESERVED
+CVE-2021-4134
+	RESERVED
+CVE-2021-4133
+	RESERVED
+CVE-2021-4132 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
+	TODO: check
+CVE-2021-4131 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+	TODO: check
+CVE-2021-4130 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+	TODO: check
+CVE-2021-4129
+	RESERVED
+CVE-2021-4128
+	RESERVED
+CVE-2021-4127
+	RESERVED
+CVE-2021-4126
+	RESERVED
+CVE-2021-26264
+	RESERVED
+CVE-2021-23173
+	RESERVED
+CVE-2021-23157
+	RESERVED
+CVE-2021-23138
+	RESERVED
 CVE-2021-XXXX [several SQL injection, remote code execution, XSS issues]
 	- spip 3.2.12-1
 	NOTE: https://blog.spip.net/SPIP-4-0-1_SPIP-3-1-12.html
@@ -26,8 +502,7 @@ CVE-2022-21945
 	RESERVED
 CVE-2022-21944
 	RESERVED
-CVE-2021-45105 [Certain strings can cause infinite recursion]
-	RESERVED
+CVE-2021-45105 (Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) di ...)
 	{DSA-5024-1}
 	- apache-log4j2 2.17.0-1 (bug #1001891)
 	NOTE: https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45105
@@ -135,8 +610,7 @@ CVE-2021-45078 (stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37
 CVE-2021-4125
 	RESERVED
 	NOT-FOR-US: OpenShift metering hive containers
-CVE-2021-42550 [JNDI vunerability]
-	RESERVED
+CVE-2021-42550 (In logback version 1.2.7 and prior versions, an attacker with the requ ...)
 	- logback 1:1.2.8-1
 	[bullseye] - logback <no-dsa> (Minor issue)
 	[buster] - logback <no-dsa> (Minor issue)
@@ -465,10 +939,10 @@ CVE-2022-21833
 	RESERVED
 CVE-2021-45043 (HD-Network Real-time Monitoring System 2.0 allows ../ directory traver ...)
 	NOT-FOR-US: HD-Network Real-time Monitoring System
-CVE-2021-45042
-	RESERVED
-CVE-2021-45041
-	RESERVED
+CVE-2021-45042 (In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8 ...)
+	TODO: check
+CVE-2021-45041 (SuiteCRM before 7.12.2 and 8.x before 8.0.1 allows authenticated SQL i ...)
+	TODO: check
 CVE-2021-4110 (mruby is vulnerable to NULL Pointer Dereference ...)
 	- mruby <unfixed> (bug #1001768)
 	[stretch] - mruby <postponed> (revisit when/if fix is complete)
@@ -484,8 +958,7 @@ CVE-2021-45040
 	RESERVED
 CVE-2021-45039
 	RESERVED
-CVE-2021-45038 [Unauthorized users can access private wiki contents using rollback action]
-	RESERVED
+CVE-2021-45038 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
 	{DSA-5021-1}
 	- mediawiki 1:1.35.5-1
 	[buster] - mediawiki <not-affected> (Vulnerable code not present)
@@ -857,8 +1330,7 @@ CVE-2021-44858 [Unauthorized users can view contents of private wikis using vari
 	[buster] - mediawiki 1:1.31.16-1+deb10u2
 	NOTE: https://phabricator.wikimedia.org/T297322
 	NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
-CVE-2021-44857 [Unauthorized users can use action=mcrundo to replace the content of arbitrary pages]
-	RESERVED
+CVE-2021-44857 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
 	{DSA-5021-1}
 	- mediawiki 1:1.35.5-1
 	[buster] - mediawiki <not-affected> (Vulnerable code not present)
@@ -2411,12 +2883,12 @@ CVE-2021-44319
 	RESERVED
 CVE-2021-44318
 	RESERVED
-CVE-2021-44317
-	RESERVED
+CVE-2021-44317 (In Bus Pass Management System v1.0, parameters 'pagedes' and `About Us ...)
+	TODO: check
 CVE-2021-44316
 	RESERVED
-CVE-2021-44315
-	RESERVED
+CVE-2021-44315 (In Bus Pass Management System v1.0, Directory Listing/Browsing is enab ...)
+	TODO: check
 CVE-2021-44314
 	RESERVED
 CVE-2021-44313
@@ -2908,41 +3380,37 @@ CVE-2021-44166
 	RESERVED
 CVE-2021-44165 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...)
 	NOT-FOR-US: Siemens
-CVE-2021-44164
-	RESERVED
-CVE-2021-44163
-	RESERVED
-CVE-2021-44162
-	RESERVED
+CVE-2021-44164 (Chain Sea ai chatbot system’s file upload function has insuffici ...)
+	TODO: check
+CVE-2021-44163 (Chain Sea ai chatbot backend has improper filtering of special charact ...)
+	TODO: check
+CVE-2021-44162 (Chain Sea ai chatbot system’s specific file download function ha ...)
+	TODO: check
 CVE-2021-44161
 	RESERVED
 CVE-2021-44160
 	RESERVED
-CVE-2021-44159
-	RESERVED
+CVE-2021-44159 (4MOSAn GCB Doctor’s file upload function has improper user privi ...)
+	TODO: check
 CVE-2021-44158
 	RESERVED
-CVE-2021-4011 [SProcXFixesCreatePointerBarrier out-of-bounds access]
-	RESERVED
+CVE-2021-4011 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...)
 	- xorg-server 2:1.20.13-3
 	- xwayland 2:21.1.4-1
 	NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html
 	NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/e56f61c79fc3cee26d83cda0f84ae56d5979f768
-CVE-2021-4010 [SProcScreenSaverSuspend out-of-bounds access]
-	RESERVED
+CVE-2021-4010 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...)
 	- xorg-server 2:1.20.13-3
 	[stretch] - xorg-server <not-affected> (Vulnerable code introduced later)
 	- xwayland 2:21.1.4-1
 	NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html
 	NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/6c4c53010772e3cb4cb8acd54950c8eec9c00d21
-CVE-2021-4009 [SProcXFixesCreatePointerBarrier out-of-bounds access]
-	RESERVED
+CVE-2021-4009 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...)
 	- xorg-server 2:1.20.13-3
 	- xwayland 2:21.1.4-1
 	NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html
 	NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/b5196750099ae6ae582e1f46bd0a6dad29550e02
-CVE-2021-4008 [SProcRenderCompositeGlyphs out-of-bounds access]
-	RESERVED
+CVE-2021-4008 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...)
 	- xorg-server 2:1.20.13-3
 	- xwayland 2:21.1.4-1
 	NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html
@@ -2985,8 +3453,7 @@ CVE-2021-44147 (An XML External Entity issue in Claris FileMaker Pro and Server
 	NOT-FOR-US: Claris
 CVE-2021-44146
 	RESERVED
-CVE-2021-44145
-	RESERVED
+CVE-2021-44145 (In the TransformXML processor of Apache NiFi before 1.15.1 an authenti ...)
 	NOT-FOR-US: Apache NiFi
 CVE-2021-44144 (Croatia Control Asterix 2.8.1 has a heap-based buffer over-read, with  ...)
 	NOT-FOR-US: Croatia Control Asterix
@@ -3273,8 +3740,8 @@ CVE-2021-44037 (Team Password Manager (aka TeamPasswordManager) before 10.135.23
 	NOT-FOR-US: Team Password Manager (aka TeamPasswordManager)
 CVE-2021-44036 (Team Password Manager (aka TeamPasswordManager) before 10.135.236 has  ...)
 	NOT-FOR-US: Team Password Manager (aka TeamPasswordManager)
-CVE-2021-44035
-	RESERVED
+CVE-2021-44035 (Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads ...)
+	TODO: check
 CVE-2021-3982 [Distributions using CAP_SYS_NICE in gnome-shell may be exposed to privilege escalation]
 	RESERVED
 	- gnome-shell <not-affected> (Debian packaging does not set cap_sys_nice+ep on gnome-shell binary)
@@ -3935,14 +4402,14 @@ CVE-2021-43842
 	RESERVED
 CVE-2021-43841
 	RESERVED
-CVE-2021-43840
-	RESERVED
+CVE-2021-43840 (message_bus is a messaging bus for Ruby processes and web clients. In  ...)
+	TODO: check
 CVE-2021-43839
 	RESERVED
-CVE-2021-43838
-	RESERVED
-CVE-2021-43837
-	RESERVED
+CVE-2021-43838 (jsx-slack is a library for building JSON objects for Slack Block Kit s ...)
+	TODO: check
+CVE-2021-43837 (vault-cli is a configurable command-line interface tool (and python li ...)
+	TODO: check
 CVE-2021-43836 (Sulu is an open-source PHP content management system based on the Symf ...)
 	NOT-FOR-US: Sulu
 CVE-2021-43835 (Sulu is an open-source PHP content management system based on the Symf ...)
@@ -3996,8 +4463,8 @@ CVE-2021-43814 (Rizin is a UNIX-like reverse engineering framework and command-l
 	TODO: check
 CVE-2021-43813 (Grafana is an open-source platform for monitoring and observability. G ...)
 	- grafana <removed>
-CVE-2021-43812
-	RESERVED
+CVE-2021-43812 (The Auth0 Next.js SDK is a library for implementing user authenticatio ...)
+	TODO: check
 CVE-2021-43811 (Sockeye is an open-source sequence-to-sequence framework for Neural Ma ...)
 	NOT-FOR-US: Sockeye
 CVE-2021-43810 (Admidio is a free open source user management system for websites of o ...)
@@ -5119,8 +5586,8 @@ CVE-2021-43680
 	RESERVED
 CVE-2021-43679 (ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\e ...)
 	NOT-FOR-US: ecshop
-CVE-2021-43678
-	RESERVED
+CVE-2021-43678 (Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting (XSS) vul ...)
+	TODO: check
 CVE-2021-43677
 	RESERVED
 CVE-2021-43676 (matyhtf framework v3.0.5 is affected by a path manipulation vulnerabil ...)
@@ -5940,7 +6407,7 @@ CVE-2021-43400 (An issue was discovered in gatt-database.c in BlueZ 5.61. A use-
 	NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=838c0dc7641e1c991c0f3027bf94bee4606012f8 (5.62)
 CVE-2021-43399 (The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-s ...)
 	TODO: check
-CVE-2021-43398 (Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing leakage in ...)
+CVE-2021-43398 (** DISPUTED ** Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a ti ...)
 	- libcrypto++ <unfixed> (unimportant; bug #1000227)
 	NOTE: https://github.com/weidai11/cryptopp/issues/1080
 	NOTE: As per upstream believed to be the expected behaviour:
@@ -7652,8 +8119,8 @@ CVE-2021-3916 (bookstack is vulnerable to Improper Limitation of a Pathname to a
 	NOT-FOR-US: bookstack
 CVE-2015-10001 (The WP-Stats WordPress plugin before 2.52 does not have CSRF check whe ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-43083
-	RESERVED
+CVE-2021-43083 (Apache PLC4X - PLC4C (Only the C language implementation was effected) ...)
+	TODO: check
 CVE-2021-43082 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...)
 	- trafficserver 9.1.1+ds-1
 	[bullseye] - trafficserver <not-affected> (Vulnerable code not present, introduced in 9.x)
@@ -8098,8 +8565,8 @@ CVE-2021-42914
 	RESERVED
 CVE-2021-42913
 	RESERVED
-CVE-2021-42912
-	RESERVED
+CVE-2021-42912 (FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command inj ...)
+	TODO: check
 CVE-2021-42911
 	RESERVED
 CVE-2021-42910
@@ -8841,8 +9308,8 @@ CVE-2021-42586
 	RESERVED
 CVE-2021-42585
 	RESERVED
-CVE-2021-42584
-	RESERVED
+CVE-2021-42584 (A Stored Cross Site Scripting (XSS) issue exists in Convos-Chat before ...)
+	TODO: check
 CVE-2021-42583
 	RESERVED
 CVE-2021-42582
@@ -11591,8 +12058,8 @@ CVE-2021-41964
 	RESERVED
 CVE-2021-41963
 	RESERVED
-CVE-2021-41962
-	RESERVED
+CVE-2021-41962 (Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehi ...)
+	TODO: check
 CVE-2021-41961
 	RESERVED
 CVE-2021-41960
@@ -11847,8 +12314,8 @@ CVE-2021-41845 (A SQL injection issue was discovered in ThycoticCentrify Secret
 	NOT-FOR-US: ThycoticCentrify Secret Server
 CVE-2021-41844 (Crocoblock JetEngine before 2.9.1 does not properly validate and sanit ...)
 	NOT-FOR-US: Crocoblock JetEngine
-CVE-2021-41843
-	RESERVED
+CVE-2021-41843 (An authenticated SQL injection issue in the calendar search function o ...)
+	TODO: check
 CVE-2021-41842
 	RESERVED
 CVE-2021-41841
@@ -12698,18 +13165,18 @@ CVE-2021-41502
 	RESERVED
 CVE-2021-41501
 	RESERVED
-CVE-2021-41500
-	RESERVED
-CVE-2021-41499
-	RESERVED
-CVE-2021-41498
-	RESERVED
-CVE-2021-41497
-	RESERVED
-CVE-2021-41496
-	RESERVED
-CVE-2021-41495
-	RESERVED
+CVE-2021-41500 (Incomplete string comparison vulnerability exits in cvxopt.org cvxop & ...)
+	TODO: check
+CVE-2021-41499 (Buffer Overflow Vulnerability exists in ajaxsoundstudio.com n Pyo < ...)
+	TODO: check
+CVE-2021-41498 (Buffer overflow in ajaxsoundstudio.com Pyo &lt and 1.03 in the Ser ...)
+	TODO: check
+CVE-2021-41497 (Null pointer reference in CMS_Conservative_increment_obj in RaRe-Techn ...)
+	TODO: check
+CVE-2021-41496 (Buffer overflow in the array_from_pyobj function of fortranobject.c in ...)
+	TODO: check
+CVE-2021-41495 (Null Pointer Dereference vulnerability exists in numpy.sort in NumPy & ...)
+	TODO: check
 CVE-2021-41494
 	RESERVED
 CVE-2021-41493
@@ -12808,8 +13275,8 @@ CVE-2021-41453
 	RESERVED
 CVE-2021-41452
 	RESERVED
-CVE-2021-41451
-	RESERVED
+CVE-2021-41451 (An HTTP/1.1 misconfiguration in web interface of TP-Link AX10v1 before ...)
+	TODO: check
 CVE-2021-41450 (An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 al ...)
 	NOT-FOR-US: TP-Link
 CVE-2021-41449 (A path traversal attack in web interfaces of Netgear RAX35, RAX38, and ...)
@@ -13243,12 +13710,12 @@ CVE-2021-41264 (OpenZeppelin Contracts is a library for smart contract developme
 	NOT-FOR-US: OpenZeppelin Contracts
 CVE-2021-41263 (rails_multisite provides multi-db support for Rails applications. In a ...)
 	NOT-FOR-US: rails_multisite
-CVE-2021-41262
-	RESERVED
-CVE-2021-41261
-	RESERVED
-CVE-2021-41260
-	RESERVED
+CVE-2021-41262 (Galette is a membership management web application built for non profi ...)
+	TODO: check
+CVE-2021-41261 (Galette is a membership management web application built for non profi ...)
+	TODO: check
+CVE-2021-41260 (Galette is a membership management web application built for non profi ...)
+	TODO: check
 CVE-2021-41259 (Nim is a systems programming language with a focus on efficiency, expr ...)
 	- nim <unfixed>
 	[bullseye] - nim <no-dsa> (Minor issue)
@@ -13839,8 +14306,8 @@ CVE-2021-41030 (An authentication bypass by capture-replay vulnerability [CWE-29
 	NOT-FOR-US: FortiGuard
 CVE-2021-41029 (A improper neutralization of input during web page generation ('cross- ...)
 	NOT-FOR-US: FortiGuard
-CVE-2021-41028
-	RESERVED
+CVE-2021-41028 (A combination of a use of hard-coded cryptographic key vulnerability [ ...)
+	TODO: check
 CVE-2021-41027 (A stack-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6 ...)
 	NOT-FOR-US: FortiGuard
 CVE-2021-41026
@@ -14239,14 +14706,14 @@ CVE-2021-40855
 	RESERVED
 CVE-2021-40854 (AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obt ...)
 	NOT-FOR-US: AnyDesk
-CVE-2021-40853
-	RESERVED
-CVE-2021-40852
-	RESERVED
-CVE-2021-40851
-	RESERVED
-CVE-2021-40850
-	RESERVED
+CVE-2021-40853 (TCMAN GIM does not perform an authorization check when trying to acces ...)
+	TODO: check
+CVE-2021-40852 (TCMAN GIM is affected by an open redirect vulnerability. This vulnerab ...)
+	TODO: check
+CVE-2021-40851 (TCMAN GIM is vulnerable to a lack of authorization in all available we ...)
+	TODO: check
+CVE-2021-40850 (TCMAN GIM is vulnerable to a SQL injection vulnerability inside severa ...)
+	TODO: check
 CVE-2021-40849 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account a ...)
 	- mahara <removed>
 CVE-2021-40848 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV  ...)
@@ -19010,8 +19477,8 @@ CVE-2021-38885
 	RESERVED
 CVE-2021-38884
 	RESERVED
-CVE-2021-38883
-	RESERVED
+CVE-2021-38883 (IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Bus ...)
+	TODO: check
 CVE-2021-38882 (IBM Spectrum Scale 5.1.0 through 5.1.1.1 could allow a privileged admi ...)
 	NOT-FOR-US: IBM
 CVE-2021-38881
@@ -20568,8 +21035,8 @@ CVE-2021-38246
 	RESERVED
 CVE-2021-38245
 	RESERVED
-CVE-2021-38244
-	RESERVED
+CVE-2021-38244 (A regular expression denial of service (ReDoS) vulnerability exits in  ...)
+	TODO: check
 CVE-2021-38243
 	RESERVED
 CVE-2021-38242
@@ -21604,10 +22071,10 @@ CVE-2021-37865
 	RESERVED
 CVE-2021-37864
 	RESERVED
-CVE-2021-37863
-	RESERVED
-CVE-2021-37862
-	RESERVED
+CVE-2021-37863 (Mattermost 6.0 and earlier fails to sufficiently validate parameters d ...)
+	TODO: check
+CVE-2021-37862 (Mattermost 6.0 and earlier fails to sufficiently validate the email ad ...)
+	TODO: check
 CVE-2021-37861 (Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's pas ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2021-37860 (Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard c ...)
@@ -22991,8 +23458,8 @@ CVE-2021-37264
 	RESERVED
 CVE-2021-37263
 	RESERVED
-CVE-2021-37262
-	RESERVED
+CVE-2021-37262 (JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Den ...)
+	TODO: check
 CVE-2021-37261
 	RESERVED
 CVE-2021-37260
@@ -24124,10 +24591,10 @@ CVE-2021-36782
 	RESERVED
 CVE-2021-36781
 	RESERVED
-CVE-2021-36780
-	RESERVED
-CVE-2021-36779
-	RESERVED
+CVE-2021-36780 (A Improper Access Control vulnerability in longhorn of SUSE Longhorn a ...)
+	TODO: check
+CVE-2021-36779 (A Improper Access Control vulnerability inf SUSE Longhorn allows any w ...)
+	TODO: check
 CVE-2021-36778
 	RESERVED
 CVE-2021-36777
@@ -30333,8 +30800,8 @@ CVE-2021-34143 (The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C
 	NOT-FOR-US: Zhuhai Jieli
 CVE-2021-34142
 	RESERVED
-CVE-2021-34141
-	RESERVED
+CVE-2021-34141 (Incomplete string comparison in the numpy.core component in NumPy1.9.x ...)
+	TODO: check
 CVE-2021-34140
 	RESERVED
 CVE-2021-34139
@@ -32067,8 +32534,8 @@ CVE-2021-33432
 	RESERVED
 CVE-2021-33431
 	RESERVED
-CVE-2021-33430
-	RESERVED
+CVE-2021-33430 (A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_N ...)
+	TODO: check
 CVE-2021-33429
 	RESERVED
 CVE-2021-33428
@@ -34443,12 +34910,12 @@ CVE-2021-32501
 	RESERVED
 CVE-2021-32500
 	RESERVED
-CVE-2021-32499
-	RESERVED
-CVE-2021-32498
-	RESERVED
-CVE-2021-32497
-	RESERVED
+CVE-2021-32499 (SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the  ...)
+	TODO: check
+CVE-2021-32498 (SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the  ...)
+	TODO: check
+CVE-2021-32497 (SICK SOPAS ET before version 4.8.0 allows attackers to wrap any execut ...)
+	TODO: check
 CVE-2021-32496 (SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inad ...)
 	NOT-FOR-US: SICK Visionary-S CX
 CVE-2021-32495
@@ -49002,8 +49469,8 @@ CVE-2021-26802
 	RESERVED
 CVE-2021-26801
 	RESERVED
-CVE-2021-26800
-	RESERVED
+CVE-2021-26800 (Cross Site Request Forgery (CSRF) vulnerability in Change-password.php ...)
+	TODO: check
 CVE-2021-26799 (Cross Site Scripting (XSS) vulnerability in admin/files/edit in Omeka  ...)
 	NOT-FOR-US: Omeka
 CVE-2021-26798
@@ -52852,8 +53319,8 @@ CVE-2021-25314 (A Creation of Temporary File With Insecure Permissions vulnerabi
 	NOT-FOR-US: hawk2 as packaged by SuSE
 CVE-2021-25313 (A Improper Neutralization of Input During Web Page Generation ('Cross- ...)
 	NOT-FOR-US: Rancher
-CVE-2021-3179
-	RESERVED
+CVE-2021-3179 (GGLocker iOS application, contains an insecure data storage of the pas ...)
+	TODO: check
 CVE-2021-3178 (** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, w ...)
 	{DLA-2586-1}
 	- linux 5.10.12-1 (unimportant)
@@ -56362,8 +56829,8 @@ CVE-2021-23816
 	RESERVED
 CVE-2021-23815
 	RESERVED
-CVE-2021-23814
-	RESERVED
+CVE-2021-23814 (This affects the package unisharp/laravel-filemanager from 0.0.0. The  ...)
+	TODO: check
 CVE-2021-23813
 	RESERVED
 CVE-2021-23812
@@ -56384,8 +56851,8 @@ CVE-2021-23805
 	RESERVED
 CVE-2021-23804
 	RESERVED
-CVE-2021-23803
-	RESERVED
+CVE-2021-23803 (This affects the package latte/latte before 2.10.6. There is a way to  ...)
+	TODO: check
 CVE-2021-23802
 	RESERVED
 CVE-2021-23801
@@ -56396,8 +56863,8 @@ CVE-2021-23799
 	RESERVED
 CVE-2021-23798
 	RESERVED
-CVE-2021-23797
-	RESERVED
+CVE-2021-23797 (All versions of package http-server-node are vulnerable to Directory T ...)
+	TODO: check
 CVE-2021-23796
 	RESERVED
 CVE-2021-23795
@@ -57091,8 +57558,8 @@ CVE-2021-23452 (This affects all versions of package x-assign. The global proto
 	NOT-FOR-US: x-assign JS
 CVE-2021-23451
 	RESERVED
-CVE-2021-23450
-	RESERVED
+CVE-2021-23450 (All versions of package dojo are vulnerable to Prototype Pollution via ...)
+	TODO: check
 CVE-2021-23449 (This affects the package vm2 before 3.9.4 via a Prototype Pollution at ...)
 	NOT-FOR-US: vm2 JS
 	NOTE: https://github.com/patriksimek/vm2
@@ -60336,8 +60803,8 @@ CVE-2021-22056
 	RESERVED
 CVE-2021-22055
 	RESERVED
-CVE-2021-22054
-	RESERVED
+CVE-2021-22054 (VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 pr ...)
+	TODO: check
 CVE-2021-22053 (Applications using both `spring-cloud-netflix-hystrix-dashboard` and ` ...)
 	NOT-FOR-US: spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf
 CVE-2021-22052
@@ -65266,13 +65733,13 @@ CVE-2021-20705 (Improper input validation vulnerability in the WebManager CLUSTE
 	NOT-FOR-US: Nec
 CVE-2021-20704 (Buffer overflow vulnerability in the compatible API with previous vers ...)
 	NOT-FOR-US: Nec
-CVE-2021-20703 (Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 1 ...)
+CVE-2021-20703 (Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4 ...)
 	NOT-FOR-US: Nec
-CVE-2021-20702 (Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 1 ...)
+CVE-2021-20702 (Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4 ...)
 	NOT-FOR-US: Nec
-CVE-2021-20701 (Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 1.0 for W ...)
+CVE-2021-20701 (Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for W ...)
 	NOT-FOR-US: Nec
-CVE-2021-20700 (Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 1.0 for W ...)
+CVE-2021-20700 (Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for W ...)
 	NOT-FOR-US: Nec
 CVE-2021-20699 (Sharp NEC Displays ((UN462A R1.300 and prior to it, UN462VA R1.300 and ...)
 	NOT-FOR-US: SHARP
@@ -65456,12 +65923,12 @@ CVE-2021-20610 (Improper Handling of Length Parameter Inconsistency vulnerabilit
 	NOT-FOR-US: Mitsubishi
 CVE-2021-20609 (Uncontrolled Resource Consumption vulnerability in MELSEC iQ-R Series  ...)
 	NOT-FOR-US: Mitsubishi
-CVE-2021-20608
-	RESERVED
-CVE-2021-20607
-	RESERVED
-CVE-2021-20606
-	RESERVED
+CVE-2021-20608 (Improper Handling of Length Parameter Inconsistency vulnerability in M ...)
+	TODO: check
+CVE-2021-20607 (Integer Underflow vulnerability in Mitsubishi Electric GX Works2 versi ...)
+	TODO: check
+CVE-2021-20606 (Out-of-bounds Read vulnerability in Mitsubishi Electric GX Works2 vers ...)
+	TODO: check
 CVE-2021-20605 (Improper Input Validation vulnerability in GOT2000 series GT21 model G ...)
 	NOT-FOR-US: Mitsubishi
 CVE-2021-20604 (Improper Input Validation vulnerability in GOT2000 series GT21 model G ...)
@@ -67987,22 +68454,22 @@ CVE-2020-35218
 	RESERVED
 CVE-2020-35217 (Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSR ...)
 	NOT-FOR-US: Vert.x-Web framework
-CVE-2020-35216
-	RESERVED
-CVE-2020-35215
-	RESERVED
-CVE-2020-35214
-	RESERVED
-CVE-2020-35213
-	RESERVED
+CVE-2020-35216 (An issue in Atomix v3.1.5 allows attackers to cause a denial of servic ...)
+	TODO: check
+CVE-2020-35215 (An issue in Atomix v3.1.5 allows attackers to access sensitive informa ...)
+	TODO: check
+CVE-2020-35214 (An issue in Atomix v3.1.5 allows a malicious Atomix node to remove sta ...)
+	TODO: check
+CVE-2020-35213 (An issue in Atomix v3.1.5 allows attackers to cause a denial of servic ...)
+	TODO: check
 CVE-2020-35212
 	RESERVED
-CVE-2020-35211
-	RESERVED
-CVE-2020-35210
-	RESERVED
-CVE-2020-35209
-	RESERVED
+CVE-2020-35211 (An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to become t ...)
+	TODO: check
+CVE-2020-35210 (A vulnerability in Atomix v3.1.5 allows attackers to cause a denial of ...)
+	TODO: check
+CVE-2020-35209 (An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to join a t ...)
+	TODO: check
 CVE-2020-35208 (** DISPUTED ** An issue was discovered in the LogMein LastPass Passwor ...)
 	NOT-FOR-US: LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app for iOS
 CVE-2020-35207 (** DISPUTED ** An issue was discovered in the LogMein LastPass Passwor ...)
@@ -74828,28 +75295,28 @@ CVE-2021-0905
 	RESERVED
 CVE-2021-0904 (In SRAMROM, there is a possible permission bypass due to an insecure p ...)
 	NOT-FOR-US: MediaTek components for Android
-CVE-2021-0903
-	RESERVED
-CVE-2021-0902
-	RESERVED
-CVE-2021-0901
-	RESERVED
-CVE-2021-0900
-	RESERVED
-CVE-2021-0899
-	RESERVED
-CVE-2021-0898
-	RESERVED
-CVE-2021-0897
-	RESERVED
-CVE-2021-0896
-	RESERVED
-CVE-2021-0895
-	RESERVED
-CVE-2021-0894
-	RESERVED
-CVE-2021-0893
-	RESERVED
+CVE-2021-0903 (In apusys, there is a possible out of bounds write due to a missing bo ...)
+	TODO: check
+CVE-2021-0902 (In apusys, there is a possible out of bounds read due to an incorrect  ...)
+	TODO: check
+CVE-2021-0901 (In apusys, there is a possible memory corruption due to a missing boun ...)
+	TODO: check
+CVE-2021-0900 (In apusys, there is a possible out of bounds read due to an incorrect  ...)
+	TODO: check
+CVE-2021-0899 (In apusys, there is a possible memory corruption due to a use after fr ...)
+	TODO: check
+CVE-2021-0898 (In apusys, there is a possible memory corruption due to a use after fr ...)
+	TODO: check
+CVE-2021-0897 (In apusys, there is a possible out of bounds write due to a missing bo ...)
+	TODO: check
+CVE-2021-0896 (In apusys, there is a possible out of bounds write due to a missing bo ...)
+	TODO: check
+CVE-2021-0895 (In apusys, there is a possible out of bounds write due to a missing bo ...)
+	TODO: check
+CVE-2021-0894 (In apusys, there is a possible out of bounds write due to a missing bo ...)
+	TODO: check
+CVE-2021-0893 (In apusys, there is a possible memory corruption due to a use after fr ...)
+	TODO: check
 CVE-2021-0892
 	RESERVED
 CVE-2021-0891
@@ -75277,20 +75744,20 @@ CVE-2021-0681 (In system properties, there is a possible information disclosure
 	NOT-FOR-US: MediaTek components for Android
 CVE-2021-0680 (In system properties, there is a possible information disclosure due t ...)
 	NOT-FOR-US: MediaTek components for Android
-CVE-2021-0679
-	RESERVED
-CVE-2021-0678
-	RESERVED
-CVE-2021-0677
-	RESERVED
-CVE-2021-0676
-	RESERVED
+CVE-2021-0679 (In apusys, there is a possible memory corruption due to a missing boun ...)
+	TODO: check
+CVE-2021-0678 (In apusys, there is a possible out of bounds write due to a missing bo ...)
+	TODO: check
+CVE-2021-0677 (In ccu driver, there is a possible out of bounds read due to an intege ...)
+	TODO: check
+CVE-2021-0676 (In geniezone driver, there is a possible out of bounds read due to an  ...)
+	TODO: check
 CVE-2021-0675 (In alac decoder, there is a possible out of bounds write due to an inc ...)
 	NOT-FOR-US: MediaTek components for Android
-CVE-2021-0674
-	RESERVED
-CVE-2021-0673
-	RESERVED
+CVE-2021-0674 (In alac decoder, there is a possible out of bounds read due to an inco ...)
+	TODO: check
+CVE-2021-0673 (In Audio Aurisys HAL, there is a possible permission bypass due to a m ...)
+	TODO: check
 CVE-2021-0672 (In Browser app, there is a possible information disclosure due to a mi ...)
 	NOT-FOR-US: MediaTek components for Android
 CVE-2021-0671 (In apusys, there is a possible memory corruption due to a missing boun ...)
@@ -99803,16 +100270,16 @@ CVE-2020-18083
 	RESERVED
 CVE-2020-18082
 	RESERVED
-CVE-2020-18081
-	RESERVED
+CVE-2020-18081 (The checkuser function of SEMCMS 3.8 was discovered to contain a vulne ...)
+	TODO: check
 CVE-2020-18080
 	RESERVED
 CVE-2020-18079
 	RESERVED
-CVE-2020-18078
-	RESERVED
-CVE-2020-18077
-	RESERVED
+CVE-2020-18078 (A vulnerability in /include/web_check.php of SEMCMS v3.8 allows attack ...)
+	TODO: check
+CVE-2020-18077 (A buffer overflow vulnerability in the Virtual Path Mapping component  ...)
+	TODO: check
 CVE-2020-18076
 	RESERVED
 CVE-2020-18075
@@ -124595,8 +125062,8 @@ CVE-2020-8970
 	RESERVED
 CVE-2020-8969
 	RESERVED
-CVE-2020-8968
-	RESERVED
+CVE-2020-8968 (Parallels Remote Application Server (RAS) allows a local attacker to r ...)
+	TODO: check
 CVE-2020-8967 (There is an improper Neutralization of Special Elements used in an SQL ...)
 	NOT-FOR-US: GESIO
 CVE-2020-8966 (There is an Improper Neutralization of Script-Related HTML Tags in a W ...)
@@ -206861,7 +207328,7 @@ CVE-2018-19131 (Squid before 4.4 has XSS via a crafted X.509 certificate during
 	NOTE: Squid in Debian builds without TLS support
 CVE-2018-18806 (School Equipment Monitoring System 1.0 allows SQL injection via the lo ...)
 	NOT-FOR-US: School Equipment Monitoring System
-CVE-2018-18805 (PointOfSales 1.0 allows SQL injection via the login screen, related to ...)
+CVE-2018-18805 (Point Of Sales 1.0 allows SQL injection via the login screen, related  ...)
 	NOT-FOR-US: PointOfSales
 CVE-2018-18804 (Bakeshop Inventory System 1.0 has SQL injection via the login screen,  ...)
 	NOT-FOR-US: Bakeshop Inventory System
@@ -211553,7 +212020,7 @@ CVE-2018-17038
 	RESERVED
 CVE-2018-17037 (user/editpost.php in UCMS 1.4.6 mishandles levels, which allows escala ...)
 	NOT-FOR-US: UCMS
-CVE-2018-17036 (An issue was discovered in UCMS 1.4.6. It allows PHP code injection du ...)
+CVE-2018-17036 (An issue was discovered in UCMS 1.4.6 and 1.6. It allows PHP code inje ...)
 	NOT-FOR-US: UCMS
 CVE-2018-17035 (UCMS 1.4.6 has SQL injection during installation via the install/index ...)
 	NOT-FOR-US: UCMS



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a4b37e7f3a2e4476da2d4b6650bc779daf5b59f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a4b37e7f3a2e4476da2d4b6650bc779daf5b59f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211220/e5af2812/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list