[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Apr 15 09:10:22 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7f7bb226 by security tracker role at 2022-04-15T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2022-29266
+ RESERVED
+CVE-2022-1378
+ RESERVED
+CVE-2022-1377
+ RESERVED
+CVE-2022-1376
+ RESERVED
+CVE-2022-1375
+ RESERVED
+CVE-2022-1374
+ RESERVED
+CVE-2022-1373
+ RESERVED
+CVE-2022-1372
+ RESERVED
+CVE-2022-1371
+ RESERVED
+CVE-2022-1370
+ RESERVED
+CVE-2022-1369
+ RESERVED
+CVE-2022-1368
+ RESERVED
+CVE-2022-1367
+ RESERVED
+CVE-2022-1366
+ RESERVED
+CVE-2022-1365
+ RESERVED
CVE-2022-29265
RESERVED
CVE-2022-1364
@@ -453,8 +483,8 @@ CVE-2022-1330 (stored xss due to unsantized anchor url in GitHub repository alva
TODO: check
CVE-2022-1329
RESERVED
-CVE-2022-1328
- RESERVED
+CVE-2022-1328 (Buffer Overflow in uudecoder in Mutt affecting all versions starting f ...)
+ TODO: check
CVE-2022-1327
RESERVED
CVE-2022-1326
@@ -649,8 +679,7 @@ CVE-2022-1305
- chromium 100.0.4896.88-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1304 [e2fsprogs: out-of-bounds read/write via crafted filesystem]
- RESERVED
+CVE-2022-1304 (An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46. ...)
- e2fsprogs <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2069726
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2068113
@@ -1322,8 +1351,8 @@ CVE-2022-28721
RESERVED
CVE-2022-28720
RESERVED
-CVE-2022-28711
- RESERVED
+CVE-2022-28711 (A memory corruption vulnerability exists in the cgi.c unescape functio ...)
+ TODO: check
CVE-2022-28709
RESERVED
CVE-2022-28698
@@ -2308,8 +2337,8 @@ CVE-2022-28346 (An issue was discovered in Django 2.2 before 2.2.28, 3.2 before
NOTE: https://github.com/django/django/commit/800828887a0509ad1162d6d407e94d8de7eafc60 (4.0.4)
NOTE: https://github.com/django/django/commit/2044dac5c6968441be6f534c4139bcf48c5c7e48 (3.2.13)
NOTE: https://github.com/django/django/commit/2c09e68ec911919360d5f8502cefc312f9e03c5d (2.2.28)
-CVE-2022-28345
- RESERVED
+CVE-2022-28345 (The Signal app before 5.34 for iOS allows URI spoofing via RTLO inject ...)
+ TODO: check
CVE-2022-28344
RESERVED
CVE-2022-28343
@@ -2432,10 +2461,10 @@ CVE-2022-28301
RESERVED
CVE-2022-28300
RESERVED
-CVE-2022-27188
- RESERVED
-CVE-2022-26034
- RESERVED
+CVE-2022-27188 (OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4. ...)
+ TODO: check
+CVE-2022-26034 (Improper authentication vulnerability in the communication protocol pr ...)
+ TODO: check
CVE-2022-1200
RESERVED
CVE-2021-4225
@@ -3926,8 +3955,8 @@ CVE-2022-27850
RESERVED
CVE-2022-27849
RESERVED
-CVE-2022-27848
- RESERVED
+CVE-2022-27848 (Authenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Moder ...)
+ TODO: check
CVE-2022-27847 (Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slide ...)
TODO: check
CVE-2022-27846 (Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slide ...)
@@ -7005,8 +7034,8 @@ CVE-2022-26653
RESERVED
CVE-2022-26652 (NATS nats-server before 2.7.4 allows Directory Traversal (with write a ...)
NOT-FOR-US: nats-server
-CVE-2022-26651
- RESERVED
+CVE-2022-26651 (An issue was discovered in Asterisk through 19.x and Certified Asteris ...)
+ TODO: check
CVE-2022-25943 (The installer of WPS Office for Windows versions prior to v11.2.0.1025 ...)
NOT-FOR-US: WPS Office for Windows
CVE-2022-0880 (Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showd ...)
@@ -7325,10 +7354,10 @@ CVE-2022-26501 (Improper authentication in Veeam Backup & Replication 9.5U3,
NOT-FOR-US: Veeam
CVE-2022-26500 (Improper limitation of path names in Veeam Backup & Replication 9. ...)
NOT-FOR-US: Veeam
-CVE-2022-26499
- RESERVED
-CVE-2022-26498
- RESERVED
+CVE-2022-26499 (An SSRF issue was discovered in Asterisk through 19.x. When using STIR ...)
+ TODO: check
+CVE-2022-26498 (An issue was discovered in Asterisk through 19.x. When using STIR/SHAK ...)
+ TODO: check
CVE-2022-26497
RESERVED
CVE-2022-26496 (In nbd-server in nbd before 3.24, there is a stack-based buffer overfl ...)
@@ -11930,26 +11959,26 @@ CVE-2022-24857
RESERVED
CVE-2022-24856
RESERVED
-CVE-2022-24855
- RESERVED
-CVE-2022-24854
- RESERVED
-CVE-2022-24853
- RESERVED
+CVE-2022-24855 (Metabase is an open source business intelligence and analytics applica ...)
+ TODO: check
+CVE-2022-24854 (Metabase is an open source business intelligence and analytics applica ...)
+ TODO: check
+CVE-2022-24853 (Metabase is an open source business intelligence and analytics applica ...)
+ TODO: check
CVE-2022-24852
RESERVED
CVE-2022-24851
RESERVED
-CVE-2022-24850
- RESERVED
-CVE-2022-24849
- RESERVED
+CVE-2022-24850 (Discourse is an open source platform for community discussion. A categ ...)
+ TODO: check
+CVE-2022-24849 (DisCatSharp is a Discord API wrapper for .NET. Users of versions 9.8.5 ...)
+ TODO: check
CVE-2022-24848
RESERVED
CVE-2022-24847 (GeoServer is an open source software server written in Java that allow ...)
TODO: check
-CVE-2022-24846
- RESERVED
+CVE-2022-24846 (GeoWebCache is a tile caching server implemented in Java. The GeoWebCa ...)
+ TODO: check
CVE-2022-24845 (Vyper is a pythonic Smart Contract Language for the ethereum virtual m ...)
TODO: check
CVE-2022-24844 (Gin-vue-admin is a backstage management system based on vue and gin, w ...)
@@ -11994,8 +12023,8 @@ CVE-2022-24826
RESERVED
CVE-2022-24825
RESERVED
-CVE-2022-24824
- RESERVED
+CVE-2022-24824 (Discourse is an open source platform for community discussion. In affe ...)
+ TODO: check
CVE-2022-24823
RESERVED
CVE-2022-24822 (Podium is a library for building micro frontends. @podium/layout is a ...)
@@ -14539,8 +14568,8 @@ CVE-2022-22987 (The affected product has a hardcoded private key available insid
NOT-FOR-US: Advantech
CVE-2022-21798 (The affected product is vulnerable due to cleartext transmission of cr ...)
NOT-FOR-US: GE
-CVE-2022-21154
- RESERVED
+CVE-2022-21154 (An integer overflow vulnerability exists in the fltSaveCMP functionali ...)
+ TODO: check
CVE-2022-0392 (Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. ...)
- vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
@@ -18502,12 +18531,12 @@ CVE-2022-22989 (My Cloud OS 5 was vulnerable to a pre-authenticated stack overfl
NOT-FOR-US: Western Digital / My Cloud OS 5 Firmware
CVE-2022-22988 (File and directory permissions have been corrected to prevent unintend ...)
NOT-FOR-US: Western Digital
-CVE-2022-21234
- RESERVED
-CVE-2022-21210
- RESERVED
-CVE-2022-21145
- RESERVED
+CVE-2022-21234 (An SQL injection vulnerability exists in the EchoAssets.aspx functiona ...)
+ TODO: check
+CVE-2022-21210 (An SQL injection vulnerability exists in the AssetActions.aspx functio ...)
+ TODO: check
+CVE-2022-21145 (A stored cross-site scripting vulnerability exists in the WebUserActio ...)
+ TODO: check
CVE-2022-0182 (Stored cross-site scripting vulnerability in Quiz And Survey Master ve ...)
NOT-FOR-US: Quiz And Survey Master
CVE-2022-0181 (Reflected cross-site scripting vulnerability in Quiz And Survey Master ...)
@@ -18556,12 +18585,12 @@ CVE-2022-22970
RESERVED
CVE-2022-22969
RESERVED
-CVE-2022-22968
- RESERVED
+CVE-2022-22968 (In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older ...)
+ TODO: check
CVE-2022-22967
RESERVED
-CVE-2022-22966
- RESERVED
+CVE-2022-22966 (An authenticated, high privileged malicious actor with network access ...)
+ TODO: check
CVE-2022-22965 (A Spring MVC or Spring WebFlux application running on JDK 9+ may be vu ...)
- libspring-java <unfixed>
[stretch] - libspring-java <end-of-life>
@@ -18845,8 +18874,8 @@ CVE-2022-22850 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sour
NOT-FOR-US: Sourcecodtester
CVE-2022-22849
RESERVED
-CVE-2022-22149
- RESERVED
+CVE-2022-22149 (A SQL injection vulnerability exists in the HelpdeskEmailActions.aspx ...)
+ TODO: check
CVE-2022-0176 (The PowerPack Lite for Beaver Builder WordPress plugin before 1.2.9.3 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0175 [memory initialization issue in vrend_resource_alloc_buffer() can lead to info leak]
@@ -26994,8 +27023,8 @@ CVE-2021-44396 (A denial of service vulnerability exists in the cgiserver.cgi JS
NOT-FOR-US: Reolink
CVE-2021-44395 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
NOT-FOR-US: Reolink
-CVE-2021-44394
- RESERVED
+CVE-2021-44394 (Multiple denial of service vulnerabilities exist in the cgiserver.cgi ...)
+ TODO: check
CVE-2021-44393 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
NOT-FOR-US: Reolink
CVE-2021-44392 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
@@ -27032,8 +27061,8 @@ CVE-2021-44377 (A denial of service vulnerability exists in the cgiserver.cgi JS
NOT-FOR-US: Reolink
CVE-2021-44376 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
NOT-FOR-US: Reolink
-CVE-2021-44375
- RESERVED
+CVE-2021-44375 (Multiple denial of service vulnerabilities exist in the cgiserver.cgi ...)
+ TODO: check
CVE-2021-44374 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
NOT-FOR-US: Reolink
CVE-2021-44373 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
@@ -27050,8 +27079,8 @@ CVE-2021-44368 (A denial of service vulnerability exists in the cgiserver.cgi JS
NOT-FOR-US: Reolink
CVE-2021-44367 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
NOT-FOR-US: Reolink
-CVE-2021-44366
- RESERVED
+CVE-2021-44366 (Multiple denial of service vulnerabilities exist in the cgiserver.cgi ...)
+ TODO: check
CVE-2021-44365 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
NOT-FOR-US: Reolink
CVE-2021-44364 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
@@ -27068,14 +27097,14 @@ CVE-2021-44359 (A denial of service vulnerability exists in the cgiserver.cgi JS
NOT-FOR-US: Reolink
CVE-2021-44358 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
NOT-FOR-US: Reolink
-CVE-2021-44357
- RESERVED
-CVE-2021-44356
- RESERVED
-CVE-2021-44355
- RESERVED
-CVE-2021-44354
- RESERVED
+CVE-2021-44357 (Multiple denial of service vulnerabilities exist in the cgiserver.cgi ...)
+ TODO: check
+CVE-2021-44356 (Multiple denial of service vulnerabilities exist in the cgiserver.cgi ...)
+ TODO: check
+CVE-2021-44355 (Multiple denial of service vulnerabilities exist in the cgiserver.cgi ...)
+ TODO: check
+CVE-2021-44354 (Multiple denial of service vulnerabilities exist in the cgiserver.cgi ...)
+ TODO: check
CVE-2021-4034 (A local privilege escalation vulnerability was found on polkit's pkexe ...)
{DSA-5059-1 DLA-2899-1}
- policykit-1 0.105-31.1
@@ -31413,8 +31442,8 @@ CVE-2021-43259
RESERVED
CVE-2021-43258
RESERVED
-CVE-2021-43257
- RESERVED
+CVE-2021-43257 (Lack of Neutralization of Formula Elements in the CSV API of MantisBT ...)
+ TODO: check
CVE-2021-3923
RESERVED
CVE-2021-3922
@@ -40647,18 +40676,17 @@ CVE-2021-40428
RESERVED
CVE-2021-40427
RESERVED
-CVE-2021-40426
- RESERVED
+CVE-2021-40426 (A heap-based buffer overflow vulnerability exists in the sphere.c star ...)
- sox <unfixed>
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1434
-CVE-2021-40425
- RESERVED
-CVE-2021-40424
- RESERVED
+CVE-2021-40425 (An out-of-bounds read vulnerability exists in the IOCTL GetProcessComm ...)
+ TODO: check
+CVE-2021-40424 (An out-of-bounds read vulnerability exists in the IOCTL GetProcessComm ...)
+ TODO: check
CVE-2021-40423 (A denial of service vulnerability exists in the cgiserver.cgi API comm ...)
NOT-FOR-US: Reolink
-CVE-2021-40422
- RESERVED
+CVE-2021-40422 (An authentication bypass vulnerability exists in the device password g ...)
+ TODO: check
CVE-2021-40421
RESERVED
CVE-2021-40420 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
@@ -40691,8 +40719,8 @@ CVE-2021-40407 (An OS command injection vulnerability exists in the device netwo
NOT-FOR-US: Reolink
CVE-2021-40406 (A denial of service vulnerability exists in the cgiserver.cgi session ...)
NOT-FOR-US: Reolink
-CVE-2021-40405
- RESERVED
+CVE-2021-40405 (A denial of service vulnerability exists in the cgiserver.cgi Upgrade ...)
+ TODO: check
CVE-2021-40404 (An authentication bypass vulnerability exists in the cgiserver.cgi Log ...)
NOT-FOR-US: Reolink
CVE-2021-40403 (An information disclosure vulnerability exists in the pick-and-place r ...)
@@ -40700,8 +40728,7 @@ CVE-2021-40403 (An information disclosure vulnerability exists in the pick-and-p
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1417
NOTE: https://github.com/gerbv/gerbv/issues/82
NOTE: Proposed patch: https://github.com/gerbv/gerbv/commit/387f07b163cc30cd95e9bedf53bc07e7b38cc318
-CVE-2021-40402
- RESERVED
+CVE-2021-40402 (An out-of-bounds read vulnerability exists in the RS-274X aperture mac ...)
- gerbv <unfixed>
NOTE: https://github.com/gerbv/gerbv/issues/80
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1416
@@ -40710,15 +40737,14 @@ CVE-2021-40401 (A use-after-free vulnerability exists in the RS-274X aperture de
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1415
NOTE: https://github.com/gerbv/gerbv/commit/68ee18945bcf68ff964c42f12af79c5c0e2f4069
NOTE: https://github.com/gerbv/gerbv/issues/81
-CVE-2021-40400
- RESERVED
+CVE-2021-40400 (An out-of-bounds read vulnerability exists in the RS-274X aperture mac ...)
- gerbv <unfixed>
NOTE: https://github.com/gerbv/gerbv/issues/79
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1413
CVE-2021-40399
RESERVED
-CVE-2021-40398
- RESERVED
+CVE-2021-40398 (An out-of-bounds write vulnerability exists in the parse_raster_data f ...)
+ TODO: check
CVE-2021-40397 (A privilege escalation vulnerability exists in the installation of Adv ...)
NOT-FOR-US: Advantech
CVE-2021-40396 (A privilege escalation vulnerability exists in the installation of Adv ...)
@@ -40741,8 +40767,8 @@ CVE-2021-40393 (An out-of-bounds write vulnerability exists in the RS-274X apert
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1404
NOTE: https://github.com/advisories/GHSA-w67q-2hr6-7cjf
NOTE: https://github.com/gerbv/gerbv/commit/4d12b696aed19fbcc115fe83aa7597b7c42ba8d6 (v2.8.2-rc.1)
-CVE-2021-40392
- RESERVED
+CVE-2021-40392 (An information disclosure vulnerability exists in the Web Application ...)
+ TODO: check
CVE-2021-40391 (An out-of-bounds write vulnerability exists in the drill format T-code ...)
{DLA-2839-1}
- gerbv 2.7.1-1
@@ -40751,16 +40777,16 @@ CVE-2021-40391 (An out-of-bounds write vulnerability exists in the drill format
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1402
NOTE: https://github.com/gerbv/gerbv/commit/9f83950b772b37b49ee188300e444546e6aab17e
NOTE: https://github.com/gerbv/gerbv/issues/30
-CVE-2021-40390
- RESERVED
+CVE-2021-40390 (An authentication bypass vulnerability exists in the Web Application f ...)
+ TODO: check
CVE-2021-40389 (A privilege escalation vulnerability exists in the installation of Adv ...)
NOT-FOR-US: Advantech
CVE-2021-40388 (A privilege escalation vulnerability exists in Advantech SQ Manager Se ...)
NOT-FOR-US: Advantech
CVE-2021-40387 (An issue was discovered in the server software in Kaseya Unitrends Bac ...)
NOT-FOR-US: Kaseya Unitrends Backup Software
-CVE-2021-40386
- RESERVED
+CVE-2021-40386 (Kaseya Unitrends Client/Agent through 10.5,5 allows remote attackers t ...)
+ TODO: check
CVE-2021-40385 (An issue was discovered in the server software in Kaseya Unitrends Bac ...)
NOT-FOR-US: Kaseya Unitrends Backup Software
CVE-2021-40384
@@ -70796,8 +70822,8 @@ CVE-2021-28507 (An issue has recently been discovered in Arista EOS where, under
NOT-FOR-US: Arista
CVE-2021-28506 (An issue has recently been discovered in Arista EOS where certain gNOI ...)
NOT-FOR-US: Arista
-CVE-2021-28505
- RESERVED
+CVE-2021-28505 (On affected Arista EOS platforms, if a VXLAN match rule exists in an I ...)
+ TODO: check
CVE-2021-28504 (On Arista Strata family products which have “TCAM profile” ...)
NOT-FOR-US: Arista
CVE-2021-28503 (The impact of this vulnerability is that Arista's EOS eAPI may skip re ...)
@@ -86555,8 +86581,8 @@ CVE-2021-21969 (An out-of-bounds write vulnerability exists in the HandleSeaClou
NOT-FOR-US: Sealevel Systems
CVE-2021-21968 (A file write vulnerability exists in the OTA update task functionality ...)
NOT-FOR-US: Sealevel Systems
-CVE-2021-21967
- RESERVED
+CVE-2021-21967 (An out-of-bounds write vulnerability exists in the OTA update task fun ...)
+ TODO: check
CVE-2021-21966 (An information disclosure vulnerability exists in the HTTP Server /pin ...)
NOT-FOR-US: Texas Instruments
CVE-2021-21965 (A denial of service vulnerability exists in the SeaMax remote configur ...)
@@ -86577,8 +86603,8 @@ CVE-2021-21958 (A heap-based buffer overflow vulnerability exists in the Hword H
NOT-FOR-US: Hancom Office 2020
CVE-2021-21957 (A privilege escalation vulnerability exists in the Remote Server funct ...)
NOT-FOR-US: Dream Report ODS Remote Connector
-CVE-2021-21956
- RESERVED
+CVE-2021-21956 (A php unserialize vulnerability exists in the Ai-Bolit functionality o ...)
+ TODO: check
CVE-2021-21955 (An authentication bypass vulnerability exists in the get_aes_key_info_ ...)
NOT-FOR-US: Anker Eufy Homebase
CVE-2021-21954 (A command execution vulnerability exists in the wifi_country_code_upda ...)
@@ -86591,30 +86617,30 @@ CVE-2021-21951 (An out-of-bounds write vulnerability exists in the CMD_DEVICE_GE
NOT-FOR-US: Anker Eufy Homebase
CVE-2021-21950 (An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERV ...)
NOT-FOR-US: Anker Eufy Homebase
-CVE-2021-21949
- RESERVED
-CVE-2021-21948
- RESERVED
-CVE-2021-21947
- RESERVED
-CVE-2021-21946
- RESERVED
-CVE-2021-21945
- RESERVED
-CVE-2021-21944
- RESERVED
-CVE-2021-21943
- RESERVED
-CVE-2021-21942
- RESERVED
+CVE-2021-21949 (An improper array index validation vulnerability exists in the JPEG-JF ...)
+ TODO: check
+CVE-2021-21948 (A heap-based buffer overflow vulnerability exists in the readDatHeadVe ...)
+ TODO: check
+CVE-2021-21947 (Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF ...)
+ TODO: check
+CVE-2021-21946 (Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF ...)
+ TODO: check
+CVE-2021-21945 (Two heap-based buffer overflow vulnerabilities exist in the TIFF parse ...)
+ TODO: check
+CVE-2021-21944 (Two heap-based buffer overflow vulnerabilities exist in the TIFF parse ...)
+ TODO: check
+CVE-2021-21943 (A heap-based buffer overflow vulnerability exists in the XWD parser fu ...)
+ TODO: check
+CVE-2021-21942 (An out-of-bounds write vulnerability exists in the TIFF YCbCr image pa ...)
+ TODO: check
CVE-2021-21941 (A use-after-free vulnerability exists in the pushMuxer CreatePushThrea ...)
NOT-FOR-US: Anker Eufy Homebase
CVE-2021-21940 (A heap-based buffer overflow vulnerability exists in the pushMuxer pro ...)
NOT-FOR-US: Anker Eufy Homebase
-CVE-2021-21939
- RESERVED
-CVE-2021-21938
- RESERVED
+CVE-2021-21939 (A heap-based buffer overflow vulnerability exists in the XWD parser fu ...)
+ TODO: check
+CVE-2021-21938 (A heap-based buffer overflow vulnerability exists in the Palette box p ...)
+ TODO: check
CVE-2021-21937 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
NOT-FOR-US: Advantech
CVE-2021-21936 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
@@ -86661,8 +86687,8 @@ CVE-2021-21916 (An exploitable SQL injection vulnerability exist in the ‘g
NOT-FOR-US: Advantech
CVE-2021-21915 (An exploitable SQL injection vulnerability exist in the ‘group_l ...)
NOT-FOR-US: Advantech
-CVE-2021-21914
- RESERVED
+CVE-2021-21914 (A heap-based buffer overflow vulnerability exists in the DecoderStream ...)
+ TODO: check
CVE-2021-21913 (An information disclosure vulnerability exists in the WiFi Smart Mesh ...)
NOT-FOR-US: D-LINK
CVE-2021-21912 (A privilege escalation vulnerability exists in the Windows version of ...)
@@ -110737,44 +110763,44 @@ CVE-2020-25170 (An Excel Macro Injection vulnerability exists in the export feat
NOT-FOR-US: B. Braun OnlineSuite Version AP
CVE-2020-25169 (The affected Reolink P2P products do not sufficiently protect data tra ...)
NOT-FOR-US: Reolink P2P products
-CVE-2020-25168
- RESERVED
+CVE-2020-25168 (Hard-coded credentials in the B. Braun Melsungen AG SpaceCom Version L ...)
+ TODO: check
CVE-2020-25167
RESERVED
-CVE-2020-25166
- RESERVED
+CVE-2020-25166 (An improper verification of the cryptographic signature of firmware up ...)
+ TODO: check
CVE-2020-25165 (BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alar ...)
NOT-FOR-US: BD Alaris PC Unit
-CVE-2020-25164
- RESERVED
+CVE-2020-25164 (A vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 ...)
+ TODO: check
CVE-2020-25163
RESERVED
-CVE-2020-25162
- RESERVED
+CVE-2020-25162 (A XPath injection vulnerability in the B. Braun Melsungen AG SpaceCom ...)
+ TODO: check
CVE-2020-25161 (The WADashboard component of WebAccess/SCADA Versions 9.0 and prior ma ...)
NOT-FOR-US: WebAccess/SCADA
-CVE-2020-25160
- RESERVED
+CVE-2020-25160 (Improper access controls in the B. Braun Melsungen AG SpaceCom Version ...)
+ TODO: check
CVE-2020-25159 (499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack- ...)
NOT-FOR-US: 499ES
-CVE-2020-25158
- RESERVED
+CVE-2020-25158 (A reflected cross-site scripting (XSS) vulnerability in the B. Braun M ...)
+ TODO: check
CVE-2020-25157 (The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection ...)
NOT-FOR-US: R-SeeNet
-CVE-2020-25156
- RESERVED
+CVE-2020-25156 (Active debug code in the B. Braun Melsungen AG SpaceCom Version L8/U61 ...)
+ TODO: check
CVE-2020-25155 (The affected product transmits unencrypted sensitive information, whic ...)
NOT-FOR-US: NEXCOM
-CVE-2020-25154
- RESERVED
+CVE-2020-25154 (An open redirect vulnerability in the administrative interface of the ...)
+ TODO: check
CVE-2020-25153 (The built-in web service for MOXA NPort IAW5000A-I/O firmware version ...)
NOT-FOR-US: MOXA NPort IAW5000A-I/O firmware
-CVE-2020-25152
- RESERVED
+CVE-2020-25152 (A session fixation vulnerability in the B. Braun Melsungen AG SpaceCom ...)
+ TODO: check
CVE-2020-25151 (The affected product does not properly validate input, which may allow ...)
NOT-FOR-US: NEXCOM
-CVE-2020-25150
- RESERVED
+CVE-2020-25150 (A relative path traversal attack in the B. Braun Melsungen AG SpaceCom ...)
+ TODO: check
CVE-2020-25149 (An issue was discovered in Observium Professional, Enterprise & Co ...)
NOT-FOR-US: Observium
CVE-2020-25148 (An issue was discovered in Observium Professional, Enterprise & Co ...)
@@ -129932,8 +129958,8 @@ CVE-2020-16240 (GE Digital APM Classic, Versions 4.4 and prior. An insecure dire
NOT-FOR-US: GE Digital APM Classic
CVE-2020-16239 (Philips SureSigns VS4, A.07.107 and prior. When an actor claims to hav ...)
NOT-FOR-US: Philips SureSigns
-CVE-2020-16238
- RESERVED
+CVE-2020-16238 (A vulnerability in the configuration import mechanism of the B. Braun ...)
+ TODO: check
CVE-2020-16237 (Philips SureSigns VS4, A.07.107 and prior. The product receives input ...)
NOT-FOR-US: Philips SureSigns
CVE-2020-16236 (FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f7bb2262f839c41c0380b310ba11d2827034794
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f7bb2262f839c41c0380b310ba11d2827034794
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220415/1c5d2bcb/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list