[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Apr 12 21:10:28 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6e449059 by security tracker role at 2022-04-12T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2022-1328
+ RESERVED
+CVE-2022-1327
+ RESERVED
+CVE-2022-1326
+ RESERVED
+CVE-2022-1325
+ RESERVED
+CVE-2022-1324
+ RESERVED
+CVE-2022-1323
+ RESERVED
+CVE-2022-1322
+ RESERVED
+CVE-2022-1321
+ RESERVED
+CVE-2022-1320
+ RESERVED
CVE-2022-29081
RESERVED
CVE-2022-29080 (The npm-dependency-versions package through 0.3.0 for Node.js allows c ...)
@@ -174,8 +192,8 @@ CVE-2022-1304 [e2fsprogs: out-of-bounds read/write via crafted filesystem]
TODO: check when fixed
CVE-2022-1303
RESERVED
-CVE-2022-1302
- RESERVED
+CVE-2022-1302 (In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthe ...)
+ TODO: check
CVE-2022-1301
RESERVED
CVE-2022-1300
@@ -687,8 +705,8 @@ CVE-2022-28798
RESERVED
CVE-2022-28797
RESERVED
-CVE-2022-28795
- RESERVED
+CVE-2022-28795 (A vulnerability within the Avira Password Manager Browser Extensions p ...)
+ TODO: check
CVE-2022-28794
RESERVED
CVE-2022-28793
@@ -731,14 +749,14 @@ CVE-2022-28775 (Improper access control vulnerability in Samsung Flow prior to v
TODO: check
CVE-2022-28774
RESERVED
-CVE-2022-28773
- RESERVED
-CVE-2022-28772
- RESERVED
+CVE-2022-28773 (Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Interne ...)
+ TODO: check
+CVE-2022-28772 (By overlong input values an attacker may force overwrite of the intern ...)
+ TODO: check
CVE-2022-28771
RESERVED
-CVE-2022-28770
- RESERVED
+CVE-2022-28770 (Due to insufficient input validation, SAPUI5 library(vbm) - versions 7 ...)
+ TODO: check
CVE-2022-28769
RESERVED
CVE-2022-28768
@@ -1049,12 +1067,12 @@ CVE-2022-1241
CVE-2022-28796 (jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https:/git.kernel.org/linus/cc16eecae687912238ee6efbff71ad31e2bc414e (5.18-rc1)
-CVE-2022-28663
- RESERVED
-CVE-2022-28662
- RESERVED
-CVE-2022-28661
- RESERVED
+CVE-2022-28663 (A vulnerability has been identified in Simcenter Femap (All versions & ...)
+ TODO: check
+CVE-2022-28662 (A vulnerability has been identified in Simcenter Femap (All versions & ...)
+ TODO: check
+CVE-2022-28661 (A vulnerability has been identified in Simcenter Femap (All versions & ...)
+ TODO: check
CVE-2022-1271
RESERVED
{DLA-2977-1 DLA-2976-1}
@@ -1676,10 +1694,10 @@ CVE-2022-28399
RESERVED
CVE-2022-28398
RESERVED
-CVE-2022-28397
- RESERVED
-CVE-2022-28396
- RESERVED
+CVE-2022-28397 (An arbitrary file upload vulnerability in the file upload module of Gh ...)
+ TODO: check
+CVE-2022-28396 (Apostrophe v3.16.1 was discovered to contain a remote code execution ( ...)
+ TODO: check
CVE-2022-28395
RESERVED
CVE-2022-28394
@@ -1861,10 +1879,10 @@ CVE-2022-28331
RESERVED
CVE-2022-28330
RESERVED
-CVE-2022-28329
- RESERVED
-CVE-2022-28328
- RESERVED
+CVE-2022-28329 (A vulnerability has been identified in SCALANCE W1788-1 M12 (All versi ...)
+ TODO: check
+CVE-2022-28328 (A vulnerability has been identified in SCALANCE W1788-1 M12 (All versi ...)
+ TODO: check
CVE-2022-1206
RESERVED
CVE-2022-1205
@@ -2326,14 +2344,14 @@ CVE-2022-28218
RESERVED
CVE-2022-28217
RESERVED
-CVE-2022-28216
- RESERVED
-CVE-2022-28215
- RESERVED
+CVE-2022-28216 (SAP BusinessObjects Business Intelligence Platform (BI Workspace) - ve ...)
+ TODO: check
+CVE-2022-28215 (SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, ...)
+ TODO: check
CVE-2022-28214
RESERVED
-CVE-2022-28213
- RESERVED
+CVE-2022-28213 (When a user access SOAP Web services in SAP BusinessObjects Business I ...)
+ TODO: check
CVE-2022-28212
RESERVED
CVE-2022-28211
@@ -2928,16 +2946,16 @@ CVE-2022-28038
RESERVED
CVE-2022-28037
RESERVED
-CVE-2022-28036
- RESERVED
-CVE-2022-28035
- RESERVED
-CVE-2022-28034
- RESERVED
-CVE-2022-28033
- RESERVED
-CVE-2022-28032
- RESERVED
+CVE-2022-28036 (AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_nav ...)
+ TODO: check
+CVE-2022-28035 (Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_bl ...)
+ TODO: check
+CVE-2022-28034 (AtomCMS 2.0 is vulnerabie to SQL Injection via Atom.CMS_admin_ajax_lis ...)
+ TODO: check
+CVE-2022-28033 (Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_uploads ...)
+ TODO: check
+CVE-2022-28032 (AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_pag ...)
+ TODO: check
CVE-2022-28031
RESERVED
CVE-2022-28030
@@ -3096,8 +3114,8 @@ CVE-2022-27954
RESERVED
CVE-2022-27953
RESERVED
-CVE-2022-27952
- RESERVED
+CVE-2022-27952 (An arbitrary file upload vulnerability in the file upload module of Pa ...)
+ TODO: check
CVE-2022-27951
RESERVED
CVE-2022-27950 (In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory ...)
@@ -3236,7 +3254,7 @@ CVE-2022-27904
CVE-2022-27903
RESERVED
CVE-2022-27902
- RESERVED
+ REJECTED
CVE-2022-27901
RESERVED
CVE-2022-27900
@@ -3819,16 +3837,16 @@ CVE-2022-27673
RESERVED
CVE-2022-27672
RESERVED
-CVE-2022-27671
- RESERVED
-CVE-2022-27670
- RESERVED
-CVE-2022-27669
- RESERVED
+CVE-2022-27671 (A CSRF token visible in the URL may possibly lead to information discl ...)
+ TODO: check
+CVE-2022-27670 (SAP SQL Anywhere - version 17.0, allows an authenticated attacker to p ...)
+ TODO: check
+CVE-2022-27669 (An unauthenticated user can use functions of XML Data Archiving Servic ...)
+ TODO: check
CVE-2022-27668
RESERVED
-CVE-2022-27667
- RESERVED
+CVE-2022-27667 (Under certain conditions, SAP BusinessObjects Business Intelligence pl ...)
+ TODO: check
CVE-2022-1059
RESERVED
CVE-2022-1058 (Open Redirect on login in GitHub repository go-gitea/gitea prior to 1. ...)
@@ -3849,14 +3867,14 @@ CVE-2022-27663
RESERVED
CVE-2022-27658 (Under certain conditions, SAP Innovation management - version 2.0, all ...)
NOT-FOR-US: SAP
-CVE-2022-27657
- RESERVED
+CVE-2022-27657 (A highly privileged remote attacker, can gain unauthorized access to d ...)
+ TODO: check
CVE-2022-27656
RESERVED
-CVE-2022-27655
- RESERVED
-CVE-2022-27654
- RESERVED
+CVE-2022-27655 (When a user opens a manipulated Universal 3D (.u3d, 3difr.x3d) receive ...)
+ TODO: check
+CVE-2022-27654 (When a user opens a manipulated Photoshop Document (.psd, 2d.x3d) rece ...)
+ TODO: check
CVE-2022-26518
RESERVED
CVE-2022-26422
@@ -4275,10 +4293,10 @@ CVE-2022-27483
RESERVED
CVE-2022-27482
RESERVED
-CVE-2022-27481
- RESERVED
-CVE-2022-27480
- RESERVED
+CVE-2022-27481 (A vulnerability has been identified in SCALANCE W1788-1 M12 (All versi ...)
+ TODO: check
+CVE-2022-27480 (A vulnerability has been identified in SICAM A8000 CP-8031 (All versio ...)
+ TODO: check
CVE-2022-27479
RESERVED
CVE-2022-27478
@@ -4291,10 +4309,10 @@ CVE-2022-27475
RESERVED
CVE-2022-27474
RESERVED
-CVE-2022-27473
- RESERVED
-CVE-2022-27472
- RESERVED
+CVE-2022-27473 (SQL injection vulnerability in Topics Searching feature of Roothub 2.6 ...)
+ TODO: check
+CVE-2022-27472 (SQL injection vulnerability in Topics Counting feature of Roothub 2.6. ...)
+ TODO: check
CVE-2022-27471
RESERVED
CVE-2022-27470
@@ -4711,14 +4729,14 @@ CVE-2022-27265
RESERVED
CVE-2022-27264
RESERVED
-CVE-2022-27263
- RESERVED
-CVE-2022-27262
- RESERVED
-CVE-2022-27261
- RESERVED
-CVE-2022-27260
- RESERVED
+CVE-2022-27263 (An arbitrary file upload vulnerability in the file upload module of St ...)
+ TODO: check
+CVE-2022-27262 (An arbitrary file upload vulnerability in the file upload module of Sk ...)
+ TODO: check
+CVE-2022-27261 (An arbitrary file write vulnerability in Express-FileUpload v1.3.1 all ...)
+ TODO: check
+CVE-2022-27260 (An arbitrary file upload vulnerability in the file upload component of ...)
+ TODO: check
CVE-2022-27259
RESERVED
CVE-2022-27232
@@ -4795,8 +4813,8 @@ CVE-2022-27243 (An issue was discovered in MISP before 2.4.156. app/View/Users/t
NOT-FOR-US: MISP
CVE-2022-27242
RESERVED
-CVE-2022-27241
- RESERVED
+CVE-2022-27241 (A vulnerability has been identified in Mendix Applications using Mendi ...)
+ TODO: check
CVE-2022-1027
RESERVED
CVE-2022-1026 (Kyocera multifunction printers running vulnerable versions of Net View ...)
@@ -4959,8 +4977,8 @@ CVE-2022-27220
RESERVED
CVE-2022-27219
RESERVED
-CVE-2022-27194
- RESERVED
+CVE-2022-27194 (A vulnerability has been identified in SIMATIC PCS neo (Administration ...)
+ TODO: check
CVE-2022-0989 (An unprivileged user could use the functionality of the NS WooCommerce ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0988 (Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable t ...)
@@ -5258,16 +5276,16 @@ CVE-2022-XXXX [wordpress 5.9.2]
- wordpress 5.9.2+dfsg1-1 (bug #1007145)
[stretch] - wordpress 4.7.23+dfsg-0+deb9u1
NOTE: https://wordpress.org/news/2022/03/wordpress-5-9-2-security-maintenance-release/
-CVE-2022-27165
- RESERVED
-CVE-2022-27164
- RESERVED
-CVE-2022-27163
- RESERVED
-CVE-2022-27162
- RESERVED
-CVE-2022-27161
- RESERVED
+CVE-2022-27165 (CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Plugin_m ...)
+ TODO: check
+CVE-2022-27164 (CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_vi ...)
+ TODO: check
+CVE-2022-27163 (CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_ed ...)
+ TODO: check
+CVE-2022-27162 (CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_ ...)
+ TODO: check
+CVE-2022-27161 (Csz Cms 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_ ...)
+ TODO: check
CVE-2022-27160
RESERVED
CVE-2022-27159
@@ -5308,10 +5326,10 @@ CVE-2022-27142
RESERVED
CVE-2022-27141
RESERVED
-CVE-2022-27140
- RESERVED
-CVE-2022-27139
- RESERVED
+CVE-2022-27140 (An arbitrary file upload vulnerability in the file upload module of Ex ...)
+ TODO: check
+CVE-2022-27139 (An arbitrary file upload vulnerability in the file upload module of Gh ...)
+ TODO: check
CVE-2022-27138
RESERVED
CVE-2022-27137
@@ -6750,8 +6768,8 @@ CVE-2022-25960
RESERVED
CVE-2022-0879
RESERVED
-CVE-2022-0878
- RESERVED
+CVE-2022-0878 (Electric Vehicle (EV) commonly utilises the Combined Charging System ( ...)
+ TODO: check
CVE-2022-0877 (Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/ ...)
NOT-FOR-US: bookstack
CVE-2022-0876
@@ -7211,8 +7229,8 @@ CVE-2022-26381
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26381
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26381
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26381
-CVE-2022-26380
- RESERVED
+CVE-2022-26380 (A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCA ...)
+ TODO: check
CVE-2022-26379
RESERVED
CVE-2022-26378
@@ -7346,10 +7364,10 @@ CVE-2022-26337 (Trend Micro Password Manager (Consumer) installer version 5.0.0.
NOT-FOR-US: Trend Micro
CVE-2022-26336 (A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allow ...)
NOT-FOR-US: poi-scratchpad
-CVE-2022-26335
- RESERVED
-CVE-2022-26334
- RESERVED
+CVE-2022-26335 (A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCA ...)
+ TODO: check
+CVE-2022-26334 (A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCA ...)
+ TODO: check
CVE-2022-26304
RESERVED
CVE-2022-26131 (Power Line Communications PLC4TRUCKS J2497 trailer receivers are susce ...)
@@ -8091,16 +8109,16 @@ CVE-2022-26110 (An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x b
NOTE: https://htcondor.org/security/vulnerabilities/HTCONDOR-2022-0003
NOTE: https://github.com/htcondor/htcondor/commit/1cae7601d796725e7f5dd73fedf37f6fbbe379ca (V8_8_16)
NOTE: https://github.com/htcondor/htcondor/commit/8568e8ba65c9490f30a1089b6d4f8910e4bfbd6b (V8_8_16)
-CVE-2022-26109
- RESERVED
-CVE-2022-26108
- RESERVED
-CVE-2022-26107
- RESERVED
-CVE-2022-26106
- RESERVED
-CVE-2022-26105
- RESERVED
+CVE-2022-26109 (When a user opens a manipulated Portable Document Format (.pdf, PDFVie ...)
+ TODO: check
+CVE-2022-26108 (When a user opens a manipulated Picture Exchange (.pcx, 2d.x3d) receiv ...)
+ TODO: check
+CVE-2022-26107 (When a user opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d ...)
+ TODO: check
+CVE-2022-26106 (When a user opens a manipulated Computer Graphics Metafile (.cgm, CgmC ...)
+ TODO: check
+CVE-2022-26105 (SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.3 ...)
+ TODO: check
CVE-2022-26104 (SAP Financial Consolidation - version 10.1, does not perform necessary ...)
NOT-FOR-US: SAP
CVE-2022-26103 (Under certain conditions, SAP NetWeaver (Real Time Messaging Framework ...)
@@ -8588,8 +8606,8 @@ CVE-2022-21811
RESERVED
CVE-2022-21810
RESERVED
-CVE-2022-21803
- RESERVED
+CVE-2022-21803 (This affects the package nconf before 0.11.4. When using the memory en ...)
+ TODO: check
CVE-2022-21802
RESERVED
CVE-2022-21797
@@ -8880,18 +8898,18 @@ CVE-2022-25762
RESERVED
CVE-2022-25757 (In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys ...)
NOT-FOR-US: Apache APISIX
-CVE-2022-25756
- RESERVED
-CVE-2022-25755
- RESERVED
-CVE-2022-25754
- RESERVED
-CVE-2022-25753
- RESERVED
-CVE-2022-25752
- RESERVED
-CVE-2022-25751
- RESERVED
+CVE-2022-25756 (A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCA ...)
+ TODO: check
+CVE-2022-25755 (A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCA ...)
+ TODO: check
+CVE-2022-25754 (A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCA ...)
+ TODO: check
+CVE-2022-25753 (A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCA ...)
+ TODO: check
+CVE-2022-25752 (A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCA ...)
+ TODO: check
+CVE-2022-25751 (A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCA ...)
+ TODO: check
CVE-2022-25750
RESERVED
CVE-2022-25749
@@ -9092,8 +9110,8 @@ CVE-2022-25652
RESERVED
CVE-2022-25651
RESERVED
-CVE-2022-25650
- RESERVED
+CVE-2022-25650 (A vulnerability has been identified in Mendix Applications using Mendi ...)
+ TODO: check
CVE-2022-25172
RESERVED
CVE-2022-25170 (The affected product is vulnerable to a stack-based buffer overflow wh ...)
@@ -9241,8 +9259,8 @@ CVE-2022-25636 (net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/02/21/2
NOTE: https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/
-CVE-2022-25622
- RESERVED
+CVE-2022-25622 (A vulnerability has been identified in SIMATIC CFU DIQ (All versions), ...)
+ TODO: check
CVE-2022-25621 (UUNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and ...)
NOT-FOR-US: UUNIVERGE
CVE-2022-25620 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
@@ -11301,6 +11319,7 @@ CVE-2022-24921 (regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 all
CVE-2022-24920
RESERVED
CVE-2022-24919 (An authenticated user can create a link with reflected Javascript code ...)
+ {DLA-2980-1}
- zabbix <unfixed>
NOTE: https://support.zabbix.com/browse/ZBX-20680
NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/ff70e709719e4e9f25f5d187637fd53fd61c8bbe (5.0.21rc1)
@@ -11310,6 +11329,7 @@ CVE-2022-24918 (An authenticated user can create a link with reflected Javascrip
NOTE: https://support.zabbix.com/browse/ZBX-20680
NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/ff70e709719e4e9f25f5d187637fd53fd61c8bbe (5.0.21rc1)
CVE-2022-24917 (An authenticated user can create a link with reflected Javascript code ...)
+ {DLA-2980-1}
- zabbix <unfixed>
NOTE: https://support.zabbix.com/browse/ZBX-20680
NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/ff70e709719e4e9f25f5d187637fd53fd61c8bbe (5.0.21rc1)
@@ -11451,8 +11471,8 @@ CVE-2022-24844
RESERVED
CVE-2022-24843
RESERVED
-CVE-2022-24842
- RESERVED
+CVE-2022-24842 (MinIO is a High Performance Object Storage released under GNU Affero G ...)
+ TODO: check
CVE-2022-24841
RESERVED
CVE-2022-24840
@@ -11511,8 +11531,8 @@ CVE-2022-24814 (Directus is a real-time API and App dashboard for managing SQL d
NOT-FOR-US: Directus
CVE-2022-24813 (CreateWiki is Miraheze's MediaWiki extension for requesting & crea ...)
NOT-FOR-US: Miraheze CreateWiki
-CVE-2022-24812
- RESERVED
+CVE-2022-24812 (Grafana is an open-source platform for monitoring and observability. W ...)
+ TODO: check
CVE-2022-24811 (Combodi iTop is a web based IT Service Management tool. Prior to versi ...)
NOT-FOR-US: Combodi
CVE-2022-24810
@@ -11635,16 +11655,16 @@ CVE-2022-24769 (Moby is an open-source project created by Docker to enable and a
NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-c9cp-9c75-9v8c
CVE-2022-24768 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
NOT-FOR-US: Argo CD
-CVE-2022-24767
- RESERVED
+CVE-2022-24767 (Git for Windows is a fork of Git containing Windows-specific patches. ...)
+ TODO: check
CVE-2022-24766 (mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mi ...)
- mitmproxy <unfixed> (bug #1008948)
[bullseye] - mitmproxy <no-dsa> (Minor issue)
[buster] - mitmproxy <no-dsa> (Minor issue)
NOTE: https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-gcx2-gvj7-pxv3
NOTE: https://github.com/mitmproxy/mitmproxy/commit/b06fb6d157087d526bd02e7aadbe37c56865c71b (v8.0.0)
-CVE-2022-24765
- RESERVED
+CVE-2022-24765 (Git for Windows is a fork of Git containing Windows-specific patches. ...)
+ TODO: check
CVE-2022-24764 (PJSIP is a free and open source multimedia communication library writt ...)
{DLA-2962-1}
- pjproject <unfixed>
@@ -11965,16 +11985,16 @@ CVE-2022-24673
RESERVED
CVE-2022-24672
RESERVED
-CVE-2022-24383
- RESERVED
-CVE-2022-21228
- RESERVED
-CVE-2022-21214
- RESERVED
-CVE-2022-21202
- RESERVED
-CVE-2022-21168
- RESERVED
+CVE-2022-24383 (The affected product is vulnerable to an out-of-bounds read, which may ...)
+ TODO: check
+CVE-2022-21228 (The affected product is vulnerable to a stack-based buffer overflow, w ...)
+ TODO: check
+CVE-2022-21214 (The affected product is vulnerable to a heap-based buffer overflow, wh ...)
+ TODO: check
+CVE-2022-21202 (The affected product is vulnerable to an out-of-bounds read, which may ...)
+ TODO: check
+CVE-2022-21168 (The affected product is vulnerable due to an invalid pointer initializ ...)
+ TODO: check
CVE-2022-24671 (A link following privilege escalation vulnerability in Trend Micro Ant ...)
NOT-FOR-US: Trend Micro
CVE-2022-24670
@@ -12621,12 +12641,12 @@ CVE-2022-24415 (Dell BIOS contains an improper input validation vulnerability. A
NOT-FOR-US: Dell
CVE-2022-24414
RESERVED
-CVE-2022-24413
- RESERVED
-CVE-2022-24412
- RESERVED
-CVE-2022-24411
- RESERVED
+CVE-2022-24413 (Dell PowerScale OneFS, versions 8.2.2-9.3.x, contain a time-of-check-t ...)
+ TODO: check
+CVE-2022-24412 (Dell EMC PowerScale OneFS 8.2.x - 9.3.0.x contain an improper handling ...)
+ TODO: check
+CVE-2022-24411 (Dell PowerScale OneFS 8.2.2 and above contain an elevation of privileg ...)
+ TODO: check
CVE-2022-24410
RESERVED
CVE-2022-24409 (Only customers with active BSAFE maintenance contracts can receive det ...)
@@ -12880,6 +12900,7 @@ CVE-2022-24351
CVE-2022-24350
RESERVED
CVE-2022-24349 (An authenticated user can create a link with reflected XSS payload for ...)
+ {DLA-2980-1}
- zabbix <unfixed>
NOTE: https://support.zabbix.com/browse/ZBX-20680
NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/ff70e709719e4e9f25f5d187637fd53fd61c8bbe (5.0.21rc1)
@@ -13403,10 +13424,10 @@ CVE-2022-24249 (A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 vi
[buster] - gpac <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/2081
NOTE: https://github.com/gpac/gpac/commit/71f9871fc210e60df041b58c84572782b4849de9 (v2.0.0)
-CVE-2022-24248
- RESERVED
-CVE-2022-24247
- RESERVED
+CVE-2022-24248 (RiteCMS version 3.1.0 and below suffers from an arbitrary file deletio ...)
+ TODO: check
+CVE-2022-24247 (RiteCMS version 3.1.0 and below suffers from an arbitrary file overwri ...)
+ TODO: check
CVE-2022-24246
RESERVED
CVE-2022-24245
@@ -13902,8 +13923,7 @@ CVE-2022-24072 (The devtools API in Whale browser before 3.12.129.18 allowed ext
NOT-FOR-US: Whale browser
CVE-2022-24071 (A Built-in extension in Whale browser before 3.12.129.46 allows attack ...)
NOT-FOR-US: Whale browser
-CVE-2022-24070
- RESERVED
+CVE-2022-24070 (Subversion's mod_dav_svn is vulnerable to memory corruption. While loo ...)
- subversion 1.14.2-1
NOTE: https://subversion.apache.org/security/CVE-2022-24070-advisory.txt
CVE-2022-0396 (BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S ...)
@@ -15604,10 +15624,10 @@ CVE-2022-23705
RESERVED
CVE-2022-23704
RESERVED
-CVE-2022-23703
- RESERVED
-CVE-2022-23702
- RESERVED
+CVE-2022-23703 (A security vulnerability has been identified in HPE Nimble Storage Hyb ...)
+ TODO: check
+CVE-2022-23702 (A potential security vulnerability has been identified in HPE Superdom ...)
+ TODO: check
CVE-2022-23701 (A potential remote host header injection security vulnerability has be ...)
NOT-FOR-US: HPE
CVE-2022-23700 (A local unauthorized read access to files vulnerability was discovered ...)
@@ -16182,12 +16202,12 @@ CVE-2022-23451
[stretch] - barbican <no-dsa> (Minor issue)
NOTE: https://storyboard.openstack.org/#!/story/2009253
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2025089
-CVE-2022-23450
- RESERVED
-CVE-2022-23449
- RESERVED
-CVE-2022-23448
- RESERVED
+CVE-2022-23450 (A vulnerability has been identified in SIMATIC Energy Manager Basic (A ...)
+ TODO: check
+CVE-2022-23449 (A vulnerability has been identified in SIMATIC Energy Manager Basic (A ...)
+ TODO: check
+CVE-2022-23448 (A vulnerability has been identified in SIMATIC Energy Manager Basic (A ...)
+ TODO: check
CVE-2022-23447
RESERVED
CVE-2022-23446 (A improper control of a resource through its lifetime in Fortinet Fort ...)
@@ -17493,16 +17513,16 @@ CVE-2022-23165
RESERVED
CVE-2022-23164
RESERVED
-CVE-2022-23163
- RESERVED
+CVE-2022-23163 (Dell PowerScale OneFS, 8.2,x, 9.1.0.x, 9.2.1.x, and 9.3.0.x contain a ...)
+ TODO: check
CVE-2022-23162
RESERVED
-CVE-2022-23161
- RESERVED
-CVE-2022-23160
- RESERVED
-CVE-2022-23159
- RESERVED
+CVE-2022-23161 (Dell PowerScale OneFS versions 8.2.x - 9.3.0.x contains a denial-of-se ...)
+ TODO: check
+CVE-2022-23160 (Dell PowerScale OneFS, versions 8.2.0-9.3.0, contains an Improper Hand ...)
+ TODO: check
+CVE-2022-23159 (Dell PowerScale OneFS, 8.2.2 - 9.3.0.x, contain a missing release of m ...)
+ TODO: check
CVE-2022-23158 (Wyse Device Agent version 14.6.1.4 and below contain a sensitive data ...)
NOT-FOR-US: Dell
CVE-2022-23157 (Wyse Device Agent version 14.6.1.4 and below contain a sensitive data ...)
@@ -19155,12 +19175,12 @@ CVE-2022-0144 (shelljs is vulnerable to Improper Privilege Management ...)
NOTE: https://github.com/shelljs/shelljs/commit/d919d22dd6de385edaa9d90313075a77f74b338c (v0.8.5)
CVE-2022-0143
RESERVED
-CVE-2022-0142
- RESERVED
-CVE-2022-0141
- RESERVED
-CVE-2022-0140
- RESERVED
+CVE-2022-0142 (The Visual Form Builder WordPress plugin before 3.0.6 is vulnerable to ...)
+ TODO: check
+CVE-2022-0141 (The Visual Form Builder WordPress plugin before 3.0.8 does not enforce ...)
+ TODO: check
+CVE-2022-0140 (The Visual Form Builder WordPress plugin before 3.0.6 does not perform ...)
+ TODO: check
CVE-2021-46150 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
NOT-FOR-US: MediaWiki extension CheckUser
CVE-2021-46149 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
@@ -19623,20 +19643,20 @@ CVE-2022-22567 (Select Dell Client Commercial and Consumer platforms are vulnera
NOT-FOR-US: Dell
CVE-2022-22566 (Select Dell Client Commercial and Consumer platforms contain a pre-boo ...)
NOT-FOR-US: Dell
-CVE-2022-22565
- RESERVED
+CVE-2022-22565 (Dell PowerScale OneFS, versions 9.0.0-9.3.0, contain an improper autho ...)
+ TODO: check
CVE-2022-22564
RESERVED
CVE-2022-22563 (Dell EMC Powerscale OneFS 8.2.x - 9.2.x omit security-relevant informa ...)
NOT-FOR-US: EMC
-CVE-2022-22562
- RESERVED
-CVE-2022-22561
- RESERVED
-CVE-2022-22560
- RESERVED
-CVE-2022-22559
- RESERVED
+CVE-2022-22562 (Dell PowerScale OneFS, versions 8.2.0-9.3.0, contain a improper handli ...)
+ TODO: check
+CVE-2022-22561 (Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contain an improper res ...)
+ TODO: check
+CVE-2022-22560 (Dell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded credentials ...)
+ TODO: check
+CVE-2022-22559 (Dell PowerScale OneFS, version 9.3.0, contains a use of a broken or ri ...)
+ TODO: check
CVE-2022-22558
RESERVED
CVE-2022-22557
@@ -19653,10 +19673,10 @@ CVE-2022-22552 (Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vuln
NOT-FOR-US: EMC
CVE-2022-22551 (DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensi ...)
NOT-FOR-US: EMC
-CVE-2022-22550
- RESERVED
-CVE-2022-22549
- RESERVED
+CVE-2022-22550 (Dell PowerScale OneFS, versions 8.2.2 and above, contain a password di ...)
+ TODO: check
+CVE-2022-22549 (Dell PowerScale OneFS, 8.2.x-9.3.x, contains a Improper Certificate Va ...)
+ TODO: check
CVE-2022-22548
RESERVED
CVE-2022-22547 (Simple Diagnostics Agent - versions 1.0 (up to version 1.57.), allows ...)
@@ -19671,8 +19691,8 @@ CVE-2022-22543 (SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Plat
NOT-FOR-US: SAP
CVE-2022-22542 (S/4HANA Supplier Factsheet exposes the private address and bank detail ...)
NOT-FOR-US: SAP
-CVE-2022-22541
- RESERVED
+CVE-2022-22541 (SAP BusinessObjects Business Intelligence Platform - versions 420, 430 ...)
+ TODO: check
CVE-2022-22540 (SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731 ...)
NOT-FOR-US: SAP
CVE-2022-22539 (When a user opens a manipulated JPEG file format (.jpg, 2d.x3d) receiv ...)
@@ -22645,8 +22665,8 @@ CVE-2022-21215 (This vulnerability could allow an attacker to force the server t
NOT-FOR-US: Airspan Networks
CVE-2022-21196 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)
NOT-FOR-US: Airspan Networks
-CVE-2022-21155
- RESERVED
+CVE-2022-21155 (A specially crafted packet sent to the Fernhill SCADA Server Version 3 ...)
+ TODO: check
CVE-2022-21137 (Omron CX-One Versions 4.60 and prior are vulnerable to a stack-based b ...)
NOT-FOR-US: Omron CX-One
CVE-2021-45459 (lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js ...)
@@ -26269,7 +26289,7 @@ CVE-2021-44480 (Wokka Lokka Q50 devices through 2021-11-30 allow remote attacker
NOT-FOR-US: Wokka Lokka Q50 devices
CVE-2021-44479 (NXP Kinetis K82 devices have a buffer over-read via a crafted wlength ...)
NOT-FOR-US: NXP Kinetis K82 devices
-CVE-2021-44478 (A vulnerability has been identified in Polarion Subversion Webclient ( ...)
+CVE-2021-44478 (A vulnerability has been identified in Polarion ALM (All versions < ...)
NOT-FOR-US: Siemens
CVE-2021-4038 (Cross Site Scripting (XSS) vulnerability in McAfee Network Security Ma ...)
NOT-FOR-US: McAfee
@@ -27650,11 +27670,11 @@ CVE-2021-3978
RESERVED
CVE-2021-3977 (invoiceninja is vulnerable to Improper Neutralization of Input During ...)
NOT-FOR-US: invoiceninja
-CVE-2021-44018 (A vulnerability has been identified in JT2Go (All versions), Solid Edg ...)
+CVE-2021-44018 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
NOT-FOR-US: JT2Go / Siemens
CVE-2021-44017 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
NOT-FOR-US: Siemens
-CVE-2021-44016 (A vulnerability has been identified in JT2Go (All versions), Solid Edg ...)
+CVE-2021-44016 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
NOT-FOR-US: JT2Go / Siemens
CVE-2021-44015 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
NOT-FOR-US: Siemens
@@ -27686,7 +27706,7 @@ CVE-2021-44002 (A vulnerability has been identified in JT2Go (All versions <
NOT-FOR-US: Siemens
CVE-2021-44001 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
NOT-FOR-US: Siemens
-CVE-2021-44000 (A vulnerability has been identified in JT2Go (All versions), Solid Edg ...)
+CVE-2021-44000 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
NOT-FOR-US: JT2Go / Siemens
CVE-2021-43999 (Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses re ...)
- guacamole-client <unfixed>
@@ -35537,8 +35557,8 @@ CVE-2021-42256
RESERVED
CVE-2021-3878 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...)
NOT-FOR-US: CoreNLP
-CVE-2021-42255
- RESERVED
+CVE-2021-42255 (BeyondTrust AppGuard Enterprise through 6.6.20.2 creates a Temporary F ...)
+ TODO: check
CVE-2021-42254 (BeyondTrust Privilege Management prior to version 21.6 creates a Tempo ...)
NOT-FOR-US: BeyondTrust Privilege Management
CVE-2021-42253
@@ -36085,8 +36105,8 @@ CVE-2021-42031
RESERVED
CVE-2021-42030
RESERVED
-CVE-2021-42029
- RESERVED
+CVE-2021-42029 (A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 ...)
+ TODO: check
CVE-2021-42028
RESERVED
CVE-2021-42027 (A vulnerability has been identified in SINUMERIK Edge (All versions &l ...)
@@ -38656,10 +38676,10 @@ CVE-2021-41007
RESERVED
CVE-2021-41006
RESERVED
-CVE-2021-41005
- RESERVED
-CVE-2021-41004
- RESERVED
+CVE-2021-41005 (A remote vulnerability was discovered in Aruba Instant On 1930 Switch ...)
+ TODO: check
+CVE-2021-41004 (A remote vulnerability was discovered in Aruba Instant On 1930 Switch ...)
+ TODO: check
CVE-2021-41003 (Multiple unauthenticated command injection vulnerabilities were discov ...)
NOT-FOR-US: Aruba
CVE-2021-41002 (Multiple authenticated remote path traversal vulnerabilities were disc ...)
@@ -40246,27 +40266,27 @@ CVE-2021-40370
RESERVED
CVE-2021-40369 (A carefully crafted plugin link invocation could trigger an XSS vulner ...)
- jspwiki <removed>
-CVE-2021-40368
- RESERVED
+CVE-2021-40368 (A vulnerability has been identified in SIMATIC S7-400 H V6 CPU family ...)
+ TODO: check
CVE-2021-40367
RESERVED
CVE-2021-40366 (A vulnerability has been identified in Climatix POL909 (AWB module) (A ...)
NOT-FOR-US: Siemens
CVE-2021-40365
RESERVED
-CVE-2021-40364 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...)
+CVE-2021-40364 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All version ...)
NOT-FOR-US: Siemens
-CVE-2021-40363 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...)
+CVE-2021-40363 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All version ...)
NOT-FOR-US: Siemens
CVE-2021-40362
RESERVED
CVE-2021-40361
RESERVED
-CVE-2021-40360 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...)
+CVE-2021-40360 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All version ...)
NOT-FOR-US: Siemens
-CVE-2021-40359 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...)
+CVE-2021-40359 (A vulnerability has been identified in OpenPCS 7 V8.2 (All versions), ...)
NOT-FOR-US: Siemens
-CVE-2021-40358 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...)
+CVE-2021-40358 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All version ...)
NOT-FOR-US: Siemens
CVE-2021-40357 (A vulnerability has been identified in Teamcenter Active Workspace V4. ...)
NOT-FOR-US: Siemens
@@ -41578,54 +41598,51 @@ CVE-2021-39816 (Adobe Bridge version 11.1 (and earlier) is affected by a memory
NOT-FOR-US: Adobe
CVE-2021-39815
RESERVED
-CVE-2021-39814
- RESERVED
+CVE-2021-39814 (In ppmp_validate_wsm of drm_fw.c, there is a possible out of bounds wr ...)
+ TODO: check
CVE-2021-39813
RESERVED
-CVE-2021-39812
- RESERVED
+CVE-2021-39812 (In TBD of TBD, there is a possible out of bounds read due to a use aft ...)
+ TODO: check
CVE-2021-39811
RESERVED
CVE-2021-39810
RESERVED
-CVE-2021-39809
- RESERVED
-CVE-2021-39808
- RESERVED
-CVE-2021-39807
- RESERVED
+CVE-2021-39809 (In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible o ...)
+ TODO: check
+CVE-2021-39808 (In createNotificationChannelGroup of PreferencesHelper.java, there is ...)
+ TODO: check
+CVE-2021-39807 (In handleNfcStateChanged of SecureNfcEnabler.java, there is a possible ...)
+ TODO: check
CVE-2021-39806
RESERVED
-CVE-2021-39805
- RESERVED
-CVE-2021-39804
- RESERVED
-CVE-2021-39803
- RESERVED
-CVE-2021-39802
- RESERVED
+CVE-2021-39805 (In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bo ...)
+ TODO: check
+CVE-2021-39804 (In reinit of HeifDecoderImpl.cpp, there is a possible crash due to a m ...)
+ TODO: check
+CVE-2021-39803 (In ~Impl of C2AllocatorIon.cpp, there is a possible out of bounds read ...)
+ TODO: check
+CVE-2021-39802 (In change_pte_range of mprotect.c , there is a possible way to make a ...)
- linux <undetermined>
NOTE: https://source.android.com/security/bulletin/2022-04-01
-CVE-2021-39801
- RESERVED
+CVE-2021-39801 (In ion_ioctl of ion-ioctl.c, there is a possible use after free due to ...)
- linux <not-affected> (Android-specific driver)
NOTE: https://source.android.com/security/bulletin/2022-04-01
-CVE-2021-39800
- RESERVED
+CVE-2021-39800 (In ion_ioctl of ion-ioctl.c, there is a possible way to leak kernel he ...)
- linux <not-affected> (Android-specific driver)
NOTE: https://source.android.com/security/bulletin/2022-04-01
-CVE-2021-39799
- RESERVED
-CVE-2021-39798
- RESERVED
-CVE-2021-39797
- RESERVED
-CVE-2021-39796
- RESERVED
-CVE-2021-39795
- RESERVED
-CVE-2021-39794
- RESERVED
+CVE-2021-39799 (In AttributionSource of AttributionSource.java, there is a possible pe ...)
+ TODO: check
+CVE-2021-39798 (In Bitmap_createFromParcel of Bitmap.cpp, there is a possible arbitrar ...)
+ TODO: check
+CVE-2021-39797 (In several functions of of LauncherApps.java, there is a possible esca ...)
+ TODO: check
+CVE-2021-39796 (In HarmfulAppWarningActivity of HarmfulAppWarningActivity.java, there ...)
+ TODO: check
+CVE-2021-39795 (In multiple locations of MediaProvider.java , there is a possible way ...)
+ TODO: check
+CVE-2021-39794 (In broadcastPortInfo of AdbService.java, there is a possible way for a ...)
+ TODO: check
CVE-2021-39793 (In kbase_jd_user_buf_pin_pages of mali_kbase_mem.c, there is a possibl ...)
NOT-FOR-US: Pixel
CVE-2021-39792 (In usb_gadget_giveback_request of core.c, there is a possible use afte ...)
@@ -48882,8 +48899,8 @@ CVE-2021-36916 (The SQL injection vulnerability in the Hide My WP WordPress plug
NOT-FOR-US: WordPress plugin
CVE-2021-36915
RESERVED
-CVE-2021-36914
- RESERVED
+CVE-2021-36914 (Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected C ...)
+ TODO: check
CVE-2021-36913
RESERVED
CVE-2021-36912
@@ -60745,8 +60762,8 @@ CVE-2021-32042
RESERVED
CVE-2021-32041
RESERVED
-CVE-2021-32040
- RESERVED
+CVE-2021-32040 (It may be possible to have an extremely long aggregation pipeline in c ...)
+ TODO: check
CVE-2021-32039 (Users with appropriate file access may be able to access unencrypted u ...)
NOT-FOR-US: MongoDB VSCode Extension
CVE-2021-32038
@@ -61606,8 +61623,8 @@ CVE-2021-31806 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1185916
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf
NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch
-CVE-2021-31805
- RESERVED
+CVE-2021-31805 (The fix issued for CVE-2020-17530 was incomplete. So from Apache Strut ...)
+ TODO: check
CVE-2020-36325 (** DISPUTED ** An issue was discovered in Jansson through 2.13.1. Due ...)
- jansson <unfixed> (unimportant)
NOTE: https://github.com/akheron/jansson/issues/548
@@ -70159,8 +70176,7 @@ CVE-2021-28546 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier)
NOT-FOR-US: Adobe
CVE-2021-28545 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
NOT-FOR-US: Adobe
-CVE-2021-28544
- RESERVED
+CVE-2021-28544 (Apache Subversion SVN authz protected copyfrom paths regression Subver ...)
- subversion 1.14.2-1
NOTE: https://subversion.apache.org/security/CVE-2021-28544-advisory.txt
CVE-2021-28543 (Varnish varnish-modules before 0.17.1 allows remote attackers to cause ...)
@@ -99821,7 +99837,7 @@ CVE-2020-28402 (An improper authorization vulnerability exists in Star Practice
NOT-FOR-US: Star Practice Management Web
CVE-2020-28401 (An improper authorization vulnerability exists in Star Practice Manage ...)
NOT-FOR-US: Star Practice Management Web
-CVE-2020-28400 (A vulnerability has been identified in Development/Evaluation Kits for ...)
+CVE-2020-28400 (Affected devices contain a vulnerability that allows an unauthenticate ...)
NOT-FOR-US: Siemens
CVE-2020-28399
RESERVED
@@ -100705,8 +100721,7 @@ CVE-2021-0709
RESERVED
CVE-2021-0708 (In runDumpHeap of ActivityManagerShellCommand.java, there is a possibl ...)
NOT-FOR-US: Android
-CVE-2021-0707
- RESERVED
+CVE-2021-0707 (In dma_buf_release of dma-buf.c, there is a possible memory corruption ...)
- linux 5.10.9-1
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -100736,8 +100751,8 @@ CVE-2021-0696
CVE-2021-0695 (In get_sock_stat of xt_qtaguid.c, there is a possible out of bounds re ...)
- linux <not-affected> (Android-specific xt_qtaguid code)
NOTE: https://source.android.com/security/bulletin/2021-09-01
-CVE-2021-0694
- RESERVED
+CVE-2021-0694 (In setServiceForegroundInnerLocked of ActiveServices.java, there is a ...)
+ TODO: check
CVE-2021-0693 (In openFile of HeapDumpProvider.java, there is a possible way to retri ...)
NOT-FOR-US: Android
CVE-2021-0692 (In sendBroadcastToInstaller of FirstScreenBroadcast.java, there is a p ...)
@@ -170538,7 +170553,7 @@ CVE-2019-19303
RESERVED
CVE-2019-19302
RESERVED
-CVE-2019-19301 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
+CVE-2019-19301 (A vulnerability has been identified in SCALANCE X200-4P IRT, SCALANCE ...)
NOT-FOR-US: Siemens
CVE-2019-19300 (A vulnerability has been identified in Development/Evaluation Kits for ...)
NOT-FOR-US: Siemens
@@ -189933,7 +189948,7 @@ CVE-2019-13948 (SyGuestBook A5 Version 1.2 allows stored XSS because the isValid
NOT-FOR-US: SyGuestBook A5
CVE-2019-13947 (A vulnerability has been identified in Control Center Server (CCS) (Al ...)
NOT-FOR-US: Siemens
-CVE-2019-13946 (A vulnerability has been identified in Development/Evaluation Kits for ...)
+CVE-2019-13946 (Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit i ...)
NOT-FOR-US: Siemens
CVE-2019-13945 (A vulnerability has been identified in SIMATIC S7-1200 CPU family (inc ...)
NOT-FOR-US: Siemens
@@ -339121,9 +339136,9 @@ CVE-2016-8564 (SQL injection vulnerability in Siemens Automation License Manager
NOT-FOR-US: Siemens Automation License Manager
CVE-2016-8563 (Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allow ...)
NOT-FOR-US: Siemens Automation License Manager
-CVE-2016-8562 (Siemens SIMATIC CP 1543-1 before 2.0.28, when SNMPv3 write access or S ...)
+CVE-2016-8562 (A vulnerability has been identified in SIMATIC CP 1543-1 (All versions ...)
NOT-FOR-US: Siemens SIMATIC CP
-CVE-2016-8561 (Siemens SIMATIC CP 1543-1 before 2.0.28 allows remote authenticated us ...)
+CVE-2016-8561 (A vulnerability has been identified in SIMATIC CP 1543-1 (All versions ...)
NOT-FOR-US: Siemens SIMATIC CP
CVE-2016-8560
REJECTED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e4490598e073aa39d6ab94e1f77de396e5112f9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e4490598e073aa39d6ab94e1f77de396e5112f9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220412/b9d7df16/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list