[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Apr 2 09:10:23 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e52030bb by security tracker role at 2022-04-02T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2022-28351
+ RESERVED
+CVE-2022-28350
+ RESERVED
+CVE-2022-28349
+ RESERVED
+CVE-2022-28348
+ RESERVED
+CVE-2022-28347
+ RESERVED
+CVE-2022-28346
+ RESERVED
+CVE-2022-28345
+ RESERVED
+CVE-2022-28344
+ RESERVED
+CVE-2022-28343
+ RESERVED
+CVE-2022-28342
+ RESERVED
+CVE-2022-1209
+ RESERVED
+CVE-2022-1208
+ RESERVED
+CVE-2022-1207 (Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6 ...)
+ TODO: check
CVE-2022-28341
RESERVED
CVE-2022-28340
@@ -558,8 +584,8 @@ CVE-2022-28162
RESERVED
CVE-2022-28161
RESERVED
-CVE-2022-1159
- RESERVED
+CVE-2022-1159 (Rockwell Automation Studio 5000 Logix Designer (all versions) are vuln ...)
+ TODO: check
CVE-2022-1158
RESERVED
CVE-2022-1157
@@ -1322,8 +1348,8 @@ CVE-2022-1100
RESERVED
CVE-2022-1099
RESERVED
-CVE-2022-1098
- RESERVED
+CVE-2022-1098 (Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vu ...)
+ TODO: check
CVE-2021-46742
RESERVED
CVE-2021-46741
@@ -1366,8 +1392,8 @@ CVE-2022-27864
RESERVED
CVE-2022-27186
RESERVED
-CVE-2022-27177
- RESERVED
+CVE-2022-27177 (A Python format string issue leading to information disclosure and pot ...)
+ TODO: check
CVE-2022-27171
RESERVED
CVE-2022-26371
@@ -1443,8 +1469,8 @@ CVE-2022-1070
RESERVED
CVE-2022-1069
RESERVED
-CVE-2022-1068
- RESERVED
+CVE-2022-1068 (Modbus Tools Modbus Slave (versions 7.4.2 and prior) is vulnerable to ...)
+ TODO: check
CVE-2022-1067
RESERVED
CVE-2022-27863
@@ -2197,8 +2223,8 @@ CVE-2022-27536
RESERVED
CVE-2022-27535
RESERVED
-CVE-2022-27534
- RESERVED
+CVE-2022-27534 (Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security ...)
+ TODO: check
CVE-2022-27533
RESERVED
CVE-2022-27532
@@ -2667,8 +2693,8 @@ CVE-2022-27308
RESERVED
CVE-2022-27307
RESERVED
-CVE-2022-27306
- RESERVED
+CVE-2022-27306 (The function url.parse() in Node.js v17.7.0 allows attackers to spoof ...)
+ TODO: check
CVE-2022-27305
RESERVED
CVE-2022-27304
@@ -2771,14 +2797,14 @@ CVE-2022-26519
RESERVED
CVE-2022-26516
RESERVED
-CVE-2022-26419
- RESERVED
-CVE-2022-26417
- RESERVED
-CVE-2022-26022
- RESERVED
-CVE-2022-25959
- RESERVED
+CVE-2022-26419 (Omron CX-Position (versions 2.5.3 and prior) is vulnerable to multiple ...)
+ TODO: check
+CVE-2022-26417 (Omron CX-Position (versions 2.5.3 and prior) is vulnerable to a use af ...)
+ TODO: check
+CVE-2022-26022 (Omron CX-Position (versions 2.5.3 and prior) is vulnerable to an out-o ...)
+ TODO: check
+CVE-2022-25959 (Omron CX-Position (versions 2.5.3 and prior) is vulnerable to memory c ...)
+ TODO: check
CVE-2022-1037
RESERVED
CVE-2022-1036 (Able to create an account with long password leads to memory corruptio ...)
@@ -2883,8 +2909,8 @@ CVE-2022-25880 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004)
NOT-FOR-US: Delta Electronics
CVE-2022-1019
RESERVED
-CVE-2022-1018
- RESERVED
+CVE-2022-1018 (When opening a malicious solution file provided by an attacker, the ap ...)
+ TODO: check
CVE-2022-27172
RESERVED
CVE-2022-1017
@@ -4008,8 +4034,8 @@ CVE-2022-26850
RESERVED
CVE-2022-0923 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...)
NOT-FOR-US: Delta Electronics
-CVE-2022-0922
- RESERVED
+CVE-2022-0922 (The software does not perform any authentication for critical system f ...)
+ TODO: check
CVE-2022-0921 (Abusing Backup/Restore feature to achieve Remote Code Execution in Git ...)
NOT-FOR-US: microweber
CVE-2022-0920
@@ -4713,8 +4739,8 @@ CVE-2022-26567
RESERVED
CVE-2022-26566
RESERVED
-CVE-2022-26565
- RESERVED
+CVE-2022-26565 (A cross-site scripting (XSS) vulnerability in Totaljs commit 95f54a5 a ...)
+ TODO: check
CVE-2022-26564
RESERVED
CVE-2022-26563
@@ -6588,8 +6614,8 @@ CVE-2022-24278
RESERVED
CVE-2022-24068
RESERVED
-CVE-2022-24066
- RESERVED
+CVE-2022-24066 (The package simple-git before 3.5.0 are vulnerable to Command Injectio ...)
+ TODO: check
CVE-2022-24065
RESERVED
CVE-2022-23923
@@ -6777,8 +6803,7 @@ CVE-2022-0742 (Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2d3916f3189172d5c69d33065c3c21119fe539fc (5.17-rc7)
NOTE: https://www.openwall.com/lists/oss-security/2022/03/15/3
-CVE-2022-0741
- RESERVED
+CVE-2022-0741 (Improper input validation in all versions of GitLab CE/EE using sendma ...)
[experimental] - gitlab 14.6.5+ds1-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/
@@ -8589,18 +8614,18 @@ CVE-2022-25162
RESERVED
CVE-2022-25161
RESERVED
-CVE-2022-25160
- RESERVED
-CVE-2022-25159
- RESERVED
-CVE-2022-25158
- RESERVED
-CVE-2022-25157
- RESERVED
-CVE-2022-25156
- RESERVED
-CVE-2022-25155
- RESERVED
+CVE-2022-25160 (Cleartext Storage of Sensitive Information vulnerability in Mitsubishi ...)
+ TODO: check
+CVE-2022-25159 (Authentication Bypass by Capture-replay vulnerability in Mitsubishi El ...)
+ TODO: check
+CVE-2022-25158 (Cleartext Storage of Sensitive Information vulnerability in Mitsubishi ...)
+ TODO: check
+CVE-2022-25157 (Use of Password Hash Instead of Password for Authentication vulnerabil ...)
+ TODO: check
+CVE-2022-25156 (Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F seri ...)
+ TODO: check
+CVE-2022-25155 (Use of Password Hash Instead of Password for Authentication vulnerabil ...)
+ TODO: check
CVE-2022-25154
RESERVED
CVE-2022-25153
@@ -10588,8 +10613,8 @@ CVE-2022-24428
RESERVED
CVE-2022-24427
RESERVED
-CVE-2022-24426
- RESERVED
+CVE-2022-24426 (Dell Command | Update, Dell Update, and Alienware Update versions prio ...)
+ TODO: check
CVE-2022-24425
RESERVED
CVE-2022-24424
@@ -10761,8 +10786,7 @@ CVE-2022-0491
RESERVED
CVE-2022-0490
RESERVED
-CVE-2022-0489
- RESERVED
+CVE-2022-0489 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
[experimental] - gitlab 14.6.5+ds1-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/
@@ -11354,8 +11378,8 @@ CVE-2022-0427 (Missing sanitization of HTML attributes in Jupyter notebooks in a
TODO: check
CVE-2022-0426 (The Product Feed PRO for WooCommerce WordPress plugin before 11.2.3 do ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0425
- RESERVED
+CVE-2022-0425 (A DNS rebinding vulnerability in the Irker IRC Gateway integration in ...)
+ TODO: check
CVE-2022-0424
RESERVED
CVE-2022-0423 (The 3D FlipBook WordPress plugin before 1.12.1 does not have authorisa ...)
@@ -12047,8 +12071,8 @@ CVE-2022-0391 (A flaw was found in Python, specifically within the urllib.parse
NOTE: Fixed by: https://github.com/python/cpython/commit/515a7bc4e13645d0945b46a8e1d9102b918cd407 (v3.8.11)
NOTE: Fixed by: https://github.com/python/cpython/commit/f4dac7ec55477a6c5d965e594e74bd6bda786903 (v3.7.11)
NOTE: Fixed by: https://github.com/python/cpython/commit/6c472d3a1d334d4eeb4a25eba7bf3b01611bf667 (v3.6.14)
-CVE-2022-0390
- RESERVED
+CVE-2022-0390 (Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 ...)
+ TODO: check
CVE-2022-0389 (The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0388 (The Interactive Medical Drawing of Human Body WordPress plugin through ...)
@@ -12409,8 +12433,8 @@ CVE-2022-0375 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelpe
NOT-FOR-US: livehelperchat
CVE-2022-0374 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
NOT-FOR-US: livehelperchat
-CVE-2022-0373
- RESERVED
+CVE-2022-0373 (Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 ...)
+ TODO: check
CVE-2022-0372 (Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior ...)
NOT-FOR-US: Crater
CVE-2021-46561 (controller/org.controller/org.controller.js in the CVE Services API 1. ...)
@@ -15495,14 +15519,14 @@ CVE-2022-23160
RESERVED
CVE-2022-23159
RESERVED
-CVE-2022-23158
- RESERVED
-CVE-2022-23157
- RESERVED
-CVE-2022-23156
- RESERVED
-CVE-2022-23155
- RESERVED
+CVE-2022-23158 (Wyse Device Agent version 14.6.1.4 and below contain a sensitive data ...)
+ TODO: check
+CVE-2022-23157 (Wyse Device Agent version 14.6.1.4 and below contain a sensitive data ...)
+ TODO: check
+CVE-2022-23156 (Wyse Device Agent version 14.6.1.4 and below contain an Improper Authe ...)
+ TODO: check
+CVE-2022-23155 (Dell Wyse Management Suite versions 2.0 through 3.5.2 contain an unres ...)
+ TODO: check
CVE-2022-23154
RESERVED
CVE-2022-23153
@@ -16028,16 +16052,15 @@ CVE-2022-22967
RESERVED
CVE-2022-22966
RESERVED
-CVE-2022-22965
- RESERVED
+CVE-2022-22965 (A Spring MVC or Spring WebFlux application running on JDK 9+ may be vu ...)
- libspring-java <unfixed>
[stretch] - libspring-java <end-of-life>
NOTE: https://bugalert.org/content/notices/2022-03-30-spring.html
NOTE: https://tanzu.vmware.com/security/cve-2022-22965
CVE-2022-22964
RESERVED
-CVE-2022-22963
- RESERVED
+CVE-2022-22963 (In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported v ...)
+ TODO: check
CVE-2022-22962
RESERVED
CVE-2022-22961
@@ -16062,8 +16085,8 @@ CVE-2022-22952 (VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x pr
NOT-FOR-US: VMware
CVE-2022-22951 (VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to ...)
NOT-FOR-US: VMware
-CVE-2022-22950
- RESERVED
+CVE-2022-22950 (n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versi ...)
+ TODO: check
CVE-2022-22949
RESERVED
CVE-2022-22948 (The vCenter Server contains an information disclosure vulnerability du ...)
@@ -17581,8 +17604,8 @@ CVE-2022-22572
RESERVED
CVE-2022-22571
RESERVED
-CVE-2022-22570
- RESERVED
+CVE-2022-22570 (A buffer overflow vulnerability found in the UniFi Door Access Reader ...)
+ TODO: check
CVE-2022-22569
RESERVED
CVE-2022-22568
@@ -23005,8 +23028,8 @@ CVE-2022-21832
RESERVED
CVE-2022-21831
RESERVED
-CVE-2022-21830
- RESERVED
+CVE-2022-21830 (A blind self XSS vulnerability exists in RocketChat LiveChat <v1.9 ...)
+ TODO: check
CVE-2022-21829
RESERVED
CVE-2022-21828 (A user with high privilege access to the Incapptic Connect web console ...)
@@ -31097,7 +31120,7 @@ CVE-2021-42741
CVE-2021-42740 (The shell-quote package before 1.7.3 for Node.js allows command inject ...)
- node-shell-quote 1.7.3+~1.7.1-1 (bug #998418)
NOTE: https://github.com/substack/node-shell-quote/commit/5799416ed454aa4ec9afafc895b4e31760ea1abe (1.7.3)
-CVE-2021-42739 (The firewire subsystem in the Linux kernel through 5.14.13 has a buffe ...)
+CVE-2021-42739 (A heap-based buffer overflow flaw was found in the Linux kernel FireDT ...)
{DSA-5096-1 DLA-2941-1 DLA-2843-1}
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
@@ -34499,8 +34522,7 @@ CVE-2021-41833 (Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable
NOT-FOR-US: Zoho ManageEngine
CVE-2021-3848 (An arbitrary file creation by privilege escalation vulnerability in Tr ...)
NOT-FOR-US: Trend Micro
-CVE-2021-3847 [low-privileged user privileges escalation]
- RESERVED
+CVE-2021-3847 (An unauthorized access to the execution of the setuid file with capabi ...)
- linux <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2009704
NOTE: https://www.openwall.com/lists/oss-security/2021/10/14/3
@@ -39337,8 +39359,8 @@ CVE-2021-39910 (An issue has been discovered in GitLab CE/EE affecting all versi
- gitlab <unfixed>
CVE-2021-39909 (Lack of email address ownership verification in the CODEOWNERS feature ...)
- gitlab <not-affected> (Specific to EE)
-CVE-2021-39908
- RESERVED
+CVE-2021-39908 (In all versions of GitLab CE/EE, certain Unicode characters can be abu ...)
+ TODO: check
CVE-2021-39907 (A potential DOS vulnerability was discovered in GitLab CE/EE starting ...)
- gitlab <unfixed>
CVE-2021-39906 (Improper validation of ipynb files in GitLab CE/EE version 13.5 and ab ...)
@@ -54548,8 +54570,8 @@ CVE-2021-33659 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to o
NOT-FOR-US: SAP
CVE-2021-33658 (atune before 0.3-0.8 log in as a local user and run the curl command t ...)
NOT-FOR-US: A-Tune OS tuning engine
-CVE-2021-33657
- RESERVED
+CVE-2021-33657 (There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple ...)
+ TODO: check
CVE-2021-33656
RESERVED
CVE-2021-33655
@@ -56149,20 +56171,20 @@ CVE-2021-33026 (The Flask-Caching extension through 1.10.1 for Flask relies on P
NOTE: Negligible security impact
CVE-2021-33025
RESERVED
-CVE-2021-33024
- RESERVED
+CVE-2021-33024 (Philips Vue PACS versions 12.2.x.x and prior transmits or stores authe ...)
+ TODO: check
CVE-2021-33023 (Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-b ...)
NOT-FOR-US: Advantech WebAccess
-CVE-2021-33022
- RESERVED
+CVE-2021-33022 (Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or se ...)
+ TODO: check
CVE-2021-33021
RESERVED
-CVE-2021-33020
- RESERVED
+CVE-2021-33020 (Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key ...)
+ TODO: check
CVE-2021-33019 (A stack-based buffer overflow vulnerability in Delta Electronics DOPSo ...)
NOT-FOR-US: Delta Electronics
-CVE-2021-33018
- RESERVED
+CVE-2021-33018 (The use of a broken or risky cryptographic algorithm in Philips Vue PA ...)
+ TODO: check
CVE-2021-33017 (The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.0 ...)
NOT-FOR-US: Philips
CVE-2021-33016
@@ -56245,24 +56267,24 @@ CVE-2021-32978
RESERVED
CVE-2021-32977
RESERVED
-CVE-2021-32976
- RESERVED
+CVE-2021-32976 (Five buffer overflows in the built-in web server in Moxa NPort IAW5000 ...)
+ TODO: check
CVE-2021-32975 (Cscape (All Versions prior to 9.90 SP5) lacks proper validation of use ...)
NOT-FOR-US: Cscape
-CVE-2021-32974
- RESERVED
+CVE-2021-32974 (Improper input validation in the built-in web server in Moxa NPort IAW ...)
+ TODO: check
CVE-2021-32973
RESERVED
CVE-2021-32972 (Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacke ...)
NOT-FOR-US: Panasonic
CVE-2021-32971 (Null pointer dereference in SuiteLink server while processing command ...)
NOT-FOR-US: Suitelink
-CVE-2021-32970
- RESERVED
+CVE-2021-32970 (Data can be copied without validation in the built-in web server in Mo ...)
+ TODO: check
CVE-2021-32969
RESERVED
-CVE-2021-32968
- RESERVED
+CVE-2021-32968 (Two buffer overflows in the built-in web server in Moxa NPort IAW5000A ...)
+ TODO: check
CVE-2021-32967 (Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an atta ...)
NOT-FOR-US: Delta Electronics
CVE-2021-32966
@@ -56275,40 +56297,40 @@ CVE-2021-32963 (Null pointer dereference in SuiteLink server while processing co
NOT-FOR-US: Suitelink
CVE-2021-32962
RESERVED
-CVE-2021-32961
- RESERVED
-CVE-2021-32960
- RESERVED
+CVE-2021-32961 (A getfile function in MDT AutoSave versions prior to v6.02.06 enables ...)
+ TODO: check
+CVE-2021-32960 (Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, i ...)
+ TODO: check
CVE-2021-32959 (Heap-based buffer overflow in SuiteLink server while processing comman ...)
NOT-FOR-US: Suitelink
CVE-2021-32958
RESERVED
-CVE-2021-32957
- RESERVED
+CVE-2021-32957 (A function in MDT AutoSave versions prior to v6.02.06 is used to retri ...)
+ TODO: check
CVE-2021-32956 (Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to re ...)
NOT-FOR-US: Advantech WebAccess/SCADA
CVE-2021-32955 (Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestrict ...)
NOT-FOR-US: Delta Electronics
CVE-2021-32954 (Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a ...)
NOT-FOR-US: Advantech WebAccess/SCADA
-CVE-2021-32953
- RESERVED
+CVE-2021-32953 (An attacker could utilize SQL commands to create a new user MDT AutoSa ...)
+ TODO: check
CVE-2021-32952 (An out-of-bounds write issue exists in the DGN file-reading procedure ...)
NOT-FOR-US: Open Design Alliance
CVE-2021-32951 (WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper aut ...)
NOT-FOR-US: WebAccess/NMS
CVE-2021-32950 (An out-of-bounds read issue exists within the parsing of DXF files in ...)
NOT-FOR-US: Open Design Alliance
-CVE-2021-32949
- RESERVED
+CVE-2021-32949 (An attacker could utilize a function in MDT AutoSave versions prior to ...)
+ TODO: check
CVE-2021-32948 (An out-of-bounds write issue exists in the DWG file-reading procedure ...)
NOT-FOR-US: Open Design Alliance
CVE-2021-32947 (FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable t ...)
NOT-FOR-US: FATEK Automation FvDesigner
CVE-2021-32946 (An improper check for unusual or exceptional conditions issue exists w ...)
NOT-FOR-US: Open Design Alliance
-CVE-2021-32945
- RESERVED
+CVE-2021-32945 (An attacker could decipher the encryption and gain access to MDT AutoS ...)
+ TODO: check
CVE-2021-32944 (A use-after-free issue exists in the DGN file-reading procedure in the ...)
NOT-FOR-US: Open Design Alliance
CVE-2021-32943 (The affected product is vulnerable to a stack-based buffer overflow, w ...)
@@ -56323,16 +56345,16 @@ CVE-2021-32939 (FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulner
NOT-FOR-US: FATEK Automation FvDesigner
CVE-2021-32938 (Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-o ...)
NOT-FOR-US: Open Design Alliance
-CVE-2021-32937
- RESERVED
+CVE-2021-32937 (An attacker can gain knowledge of a session temporary working folder w ...)
+ TODO: check
CVE-2021-32936 (An out-of-bounds write issue exists in the DXF file-recovering procedu ...)
NOT-FOR-US: Open Design Alliance
CVE-2021-32935
RESERVED
CVE-2021-32934
RESERVED
-CVE-2021-32933
- RESERVED
+CVE-2021-32933 (An attacker could leverage an API to pass along a malicious file that ...)
+ TODO: check
CVE-2021-32932 (The affected product is vulnerable to a SQL injection, which may allow ...)
NOT-FOR-US: Advantech
CVE-2021-32931 (An uninitialized pointer in FATEK Automation FvDesigner, Versions 1.5. ...)
@@ -57522,8 +57544,8 @@ CVE-2021-32505
REJECTED
CVE-2021-32504
RESERVED
-CVE-2021-32503
- RESERVED
+CVE-2021-32503 (Unauthenticated users can access sensitive web URLs through GET reques ...)
+ TODO: check
CVE-2021-32502
REJECTED
CVE-2021-32501
@@ -66663,8 +66685,7 @@ CVE-2021-29094 (Multiple buffer overflow vulnerabilities when parsing a speciall
NOT-FOR-US: Esri (various ArcGIS products)
CVE-2021-29093 (A use-after-free vulnerability when parsing a specially crafted file i ...)
NOT-FOR-US: Esri (various ArcGIS products)
-CVE-2021-3461
- RESERVED
+CVE-2021-3461 (A flaw was found in keycloak where keycloak may fail to logout user se ...)
NOT-FOR-US: Keycloak
CVE-2021-29092 (Unrestricted upload of file with dangerous type vulnerability in file ...)
NOT-FOR-US: Synology
@@ -68163,8 +68184,8 @@ CVE-2021-28506 (An issue has recently been discovered in Arista EOS where certai
NOT-FOR-US: Arista
CVE-2021-28505
RESERVED
-CVE-2021-28504
- RESERVED
+CVE-2021-28504 (On Arista Strata family products which have “TCAM profile” ...)
+ TODO: check
CVE-2021-28503 (The impact of this vulnerability is that Arista's EOS eAPI may skip re ...)
NOT-FOR-US: Arista
CVE-2021-28502
@@ -70596,24 +70617,24 @@ CVE-2021-27503 (Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife
NOT-FOR-US: Ypsomed
CVE-2021-27502
RESERVED
-CVE-2021-27501
- RESERVED
+CVE-2021-27501 (Philips Vue PACS versions 12.2.x.x and prior does not follow certain c ...)
+ TODO: check
CVE-2021-27500
RESERVED
CVE-2021-27499 (Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: ...)
NOT-FOR-US: Ypsomed
CVE-2021-27498
RESERVED
-CVE-2021-27497
- RESERVED
+CVE-2021-27497 (Philips Vue PACS versions 12.2.x.x and prior does not use or incorrect ...)
+ TODO: check
CVE-2021-27496 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...)
NOT-FOR-US: Datakit
CVE-2021-27495 (Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,A ...)
NOT-FOR-US: Ypsomed
CVE-2021-27494 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...)
NOT-FOR-US: Datakit
-CVE-2021-27493
- RESERVED
+CVE-2021-27493 (Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorr ...)
+ TODO: check
CVE-2021-27492 (When opening a specially crafted 3DXML file, the application containin ...)
NOT-FOR-US: Datakit
CVE-2021-27491 (Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,A ...)
@@ -71222,8 +71243,8 @@ CVE-2021-27225 (In Dataiku DSS before 8.0.6, insufficient access control in the
NOT-FOR-US: Dataiku DSS
CVE-2021-27224 (The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a user-mode write ...)
NOT-FOR-US: WPG plugin for IrfanView
-CVE-2021-27223
- RESERVED
+CVE-2021-27223 (A denial-of-service issue existed in one of modules that was incorpora ...)
+ TODO: check
CVE-2021-27222 (In the "Time in Status" app before 4.13.0 for Jira, remote authenticat ...)
NOT-FOR-US: "Time in Status" app
CVE-2021-27221 (** DISPUTED ** MikroTik RouterOS 6.47.9 allows remote authenticated ft ...)
@@ -72681,10 +72702,10 @@ CVE-2021-26626
RESERVED
CVE-2021-26625
RESERVED
-CVE-2021-26624
- RESERVED
-CVE-2021-26623
- RESERVED
+CVE-2021-26624 (An local privilege escalation vulnerability due to a "runasroot" comma ...)
+ TODO: check
+CVE-2021-26623 (A remote code execution vulnerability due to incomplete check for 'xhe ...)
+ TODO: check
CVE-2021-26622 (An remote code execution vulnerability due to SSTI vulnerability and i ...)
NOT-FOR-US: Genian NAC
CVE-2021-26621 (An Buffer Overflow vulnerability leading to remote code execution was ...)
@@ -80858,10 +80879,10 @@ CVE-2021-23290
RESERVED
CVE-2021-23289
RESERVED
-CVE-2021-23288
- RESERVED
-CVE-2021-23287
- RESERVED
+CVE-2021-23288 (The vulnerability exists due to insufficient validation of input from ...)
+ TODO: check
+CVE-2021-23287 (The vulnerability exists due to insufficient validation of input of ce ...)
+ TODO: check
CVE-2021-23286
RESERVED
CVE-2021-23285
@@ -80942,8 +80963,8 @@ CVE-2021-23249
RESERVED
CVE-2021-23248
RESERVED
-CVE-2021-23247
- RESERVED
+CVE-2021-23247 (A command injection vulerability found in quick game engine allows arb ...)
+ TODO: check
CVE-2021-23246 (In ACE2 ColorOS11, the attacker can obtain the foreground package name ...)
NOT-FOR-US: ACE2 ColorOS11
CVE-2021-23245
@@ -83187,8 +83208,8 @@ CVE-2021-22279 (A Missing Authentication vulnerability in RobotWare for the Omni
NOT-FOR-US: ABB / OmniCore robot controller
CVE-2021-22278 (A certificate validation vulnerability in PCM600 Update Manager allows ...)
NOT-FOR-US: PCM600 Update Manager
-CVE-2021-22277
- RESERVED
+CVE-2021-22277 (Improper Input Validation vulnerability in ABB 800xA, Control Software ...)
+ TODO: check
CVE-2021-22276 (The vulnerability allows a successful attacker to bypass the integrity ...)
NOT-FOR-US: ABB
CVE-2021-22275
@@ -89590,8 +89611,7 @@ CVE-2021-20296 (A flaw was found in OpenEXR in versions before 3.0.0-beta. A cra
[buster] - openexr <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24854
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/b0c63c0b96eb9b0d3998f603e12f9f414fb0d44a
-CVE-2021-20295 [Regression of CVE-2020-10756 fix in virt:rhel/qemu-kvm in Red Hat Enterprise Linux 8.3]
- RESERVED
+CVE-2021-20295 (It was discovered that the update for the virt:rhel module in the RHSA ...)
- qemu <not-affected> (RHEL 8.3 specific security regression)
CVE-2021-20294 (A flaw was found in binutils readelf 2.35 program. An attacker who is ...)
- binutils 2.35.2-1 (unimportant)
@@ -89858,8 +89878,7 @@ CVE-2021-20239 (A flaw was found in the Linux kernel in versions before 5.4.92 i
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-21-100/
NOTE: https://gist.github.com/Ga-ryo/2ec958e78f55c5d18558960f3fe1c6ec
-CVE-2021-20238
- RESERVED
+CVE-2021-20238 (It was found in OpenShift Container Platform 4 that ignition config, s ...)
NOT-FOR-US: OpenShift
CVE-2021-20237 (An uncontrolled resource consumption (memory leak) flaw was found in Z ...)
- zeromq3 4.3.3-1
@@ -106702,8 +106721,7 @@ CVE-2020-25693 (A flaw was found in CImg in versions prior to 2.9.3. Integer ove
NOTE: https://github.com/dtschump/CImg/pull/295
NOTE: https://bugs.launchpad.net/ubuntu/+source/cimg/+bug/1900983
NOTE: Fixed by: https://github.com/dtschump/CImg/commit/4f184f89f9ab6785a6c90fd238dbaa6d901d3505
-CVE-2020-25691
- RESERVED
+CVE-2020-25691 (A flaw was found in darkhttpd. Invalid error handling allows remote at ...)
- darkhttpd <itp> (bug #775096)
CVE-2020-25690 (An out-of-bounds write flaw was found in FontForge in versions before ...)
- fontforge <not-affected> (Insufficient patch for CVE-2020-5395 not applied)
@@ -131859,8 +131877,8 @@ CVE-2020-14481 (The DeskLock tool provided with FactoryTalk View SE uses a weak
NOT-FOR-US: FactoryTalk View SE
CVE-2020-14480 (Due to usernames/passwords being stored in plaintext in Random Access ...)
NOT-FOR-US: Rockwell Automation
-CVE-2020-14479
- RESERVED
+CVE-2020-14479 (Sensitive information can be obtained through the handling of serializ ...)
+ TODO: check
CVE-2020-14478 (A local, authenticated attacker could use an XML External Entity (XXE) ...)
NOT-FOR-US: Rockwell Automation
CVE-2020-14477 (In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX V ...)
@@ -184726,8 +184744,7 @@ CVE-2019-14841
NOT-FOR-US: Red Hat Decision Manager
CVE-2019-14840
RESERVED
-CVE-2019-14839
- RESERVED
+CVE-2019-14839 (It was observed that while login into Business-central console, HTTP r ...)
NOT-FOR-US: Red Hat / JBoss BPMS Business-central console
CVE-2019-14838 (A flaw was found in wildfly-core before 7.2.5.GA. The Management users ...)
- wildfly <itp> (bug #752018)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e52030bb297ed07b5d8a97451b60aa0a091afe12
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e52030bb297ed07b5d8a97451b60aa0a091afe12
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220402/65d5ab91/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list