[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Feb 7 20:10:26 GMT 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
60591c83 by security tracker role at 2022-02-07T20:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,13 +1,547 @@
-CVE-2022-24408
+CVE-2022-24665
+	RESERVED
+CVE-2022-24664
+	RESERVED
+CVE-2022-24663
+	RESERVED
+CVE-2022-24662
+	RESERVED
+CVE-2022-24661
+	RESERVED
+CVE-2022-24660
+	RESERVED
+CVE-2022-24659
+	RESERVED
+CVE-2022-24658
+	RESERVED
+CVE-2022-24657
+	RESERVED
+CVE-2022-24656
+	RESERVED
+CVE-2022-24655
+	RESERVED
+CVE-2022-24654
+	RESERVED
+CVE-2022-24653
+	RESERVED
+CVE-2022-24652
+	RESERVED
+CVE-2022-24651
+	RESERVED
+CVE-2022-24650
+	RESERVED
+CVE-2022-24649
+	RESERVED
+CVE-2022-24648
+	RESERVED
+CVE-2022-24647
+	RESERVED
+CVE-2022-24646
+	RESERVED
+CVE-2022-24645
+	RESERVED
+CVE-2022-24644
+	RESERVED
+CVE-2022-24643
+	RESERVED
+CVE-2022-24642
+	RESERVED
+CVE-2022-24641
+	RESERVED
+CVE-2022-24640
+	RESERVED
+CVE-2022-24639
+	RESERVED
+CVE-2022-24638
+	RESERVED
+CVE-2022-24637
+	RESERVED
+CVE-2022-24636
+	RESERVED
+CVE-2022-24635
+	RESERVED
+CVE-2022-24634
+	RESERVED
+CVE-2022-24633
+	RESERVED
+CVE-2022-24632
+	RESERVED
+CVE-2022-24631
+	RESERVED
+CVE-2022-24630
+	RESERVED
+CVE-2022-24629
+	RESERVED
+CVE-2022-24628
+	RESERVED
+CVE-2022-24627
+	RESERVED
+CVE-2022-24626
+	RESERVED
+CVE-2022-24625
+	RESERVED
+CVE-2022-24624
+	RESERVED
+CVE-2022-24623
+	RESERVED
+CVE-2022-24622
+	RESERVED
+CVE-2022-24621
+	RESERVED
+CVE-2022-24620
+	RESERVED
+CVE-2022-24619
+	RESERVED
+CVE-2022-24618
+	RESERVED
+CVE-2022-24617
+	RESERVED
+CVE-2022-24616
+	RESERVED
+CVE-2022-24615
+	RESERVED
+CVE-2022-24614
+	RESERVED
+CVE-2022-24613
+	RESERVED
+CVE-2022-24612
+	RESERVED
+CVE-2022-24611
+	RESERVED
+CVE-2022-24610
+	RESERVED
+CVE-2022-24609
+	RESERVED
+CVE-2022-24608
+	RESERVED
+CVE-2022-24607
+	RESERVED
+CVE-2022-24606
+	RESERVED
+CVE-2022-24605
+	RESERVED
+CVE-2022-24604
+	RESERVED
+CVE-2022-24603
+	RESERVED
+CVE-2022-24602
+	RESERVED
+CVE-2022-24601
+	RESERVED
+CVE-2022-24600
+	RESERVED
+CVE-2022-24599
+	RESERVED
+CVE-2022-24598
+	RESERVED
+CVE-2022-24597
+	RESERVED
+CVE-2022-24596
+	RESERVED
+CVE-2022-24595
+	RESERVED
+CVE-2022-24594
+	RESERVED
+CVE-2022-24593
+	RESERVED
+CVE-2022-24592
+	RESERVED
+CVE-2022-24591
+	RESERVED
+CVE-2022-24590
+	RESERVED
+CVE-2022-24589
+	RESERVED
+CVE-2022-24588
+	RESERVED
+CVE-2022-24587
+	RESERVED
+CVE-2022-24586
+	RESERVED
+CVE-2022-24585
+	RESERVED
+CVE-2022-24584
+	RESERVED
+CVE-2022-24583
+	RESERVED
+CVE-2022-24582
+	RESERVED
+CVE-2022-24581
+	RESERVED
+CVE-2022-24580
+	RESERVED
+CVE-2022-24579
+	RESERVED
+CVE-2022-24578
+	RESERVED
+CVE-2022-24577
+	RESERVED
+CVE-2022-24576
+	RESERVED
+CVE-2022-24575
+	RESERVED
+CVE-2022-24574
+	RESERVED
+CVE-2022-24573
+	RESERVED
+CVE-2022-24572
+	RESERVED
+CVE-2022-24571
+	RESERVED
+CVE-2022-24570
+	RESERVED
+CVE-2022-24569
+	RESERVED
+CVE-2022-24568
+	RESERVED
+CVE-2022-24567
+	RESERVED
+CVE-2022-24566
+	RESERVED
+CVE-2022-24565
+	RESERVED
+CVE-2022-24564
+	RESERVED
+CVE-2022-24563
+	RESERVED
+CVE-2022-24562
+	RESERVED
+CVE-2022-24561
+	RESERVED
+CVE-2022-24560
+	RESERVED
+CVE-2022-24559
+	RESERVED
+CVE-2022-24558
+	RESERVED
+CVE-2022-24557
+	RESERVED
+CVE-2022-24556
+	RESERVED
+CVE-2022-24555
+	RESERVED
+CVE-2022-24554
+	RESERVED
+CVE-2022-24553
+	RESERVED
+CVE-2022-24552 (StarWind SAN and NAS before 0.2 build 1685 allows remote code executio ...)
+	TODO: check
+CVE-2022-24551 (StarWind SAN and NAS before 0.2 build 1685 allows users to reset other ...)
+	TODO: check
+CVE-2022-24550
+	RESERVED
+CVE-2022-24549
+	RESERVED
+CVE-2022-24548
+	RESERVED
+CVE-2022-24547
+	RESERVED
+CVE-2022-24546
+	RESERVED
+CVE-2022-24545
+	RESERVED
+CVE-2022-24544
+	RESERVED
+CVE-2022-24543
+	RESERVED
+CVE-2022-24542
+	RESERVED
+CVE-2022-24541
+	RESERVED
+CVE-2022-24540
+	RESERVED
+CVE-2022-24539
+	RESERVED
+CVE-2022-24538
+	RESERVED
+CVE-2022-24537
+	RESERVED
+CVE-2022-24536
+	RESERVED
+CVE-2022-24535
+	RESERVED
+CVE-2022-24534
+	RESERVED
+CVE-2022-24533
+	RESERVED
+CVE-2022-24532
+	RESERVED
+CVE-2022-24531
+	RESERVED
+CVE-2022-24530
+	RESERVED
+CVE-2022-24529
+	RESERVED
+CVE-2022-24528
+	RESERVED
+CVE-2022-24527
+	RESERVED
+CVE-2022-24526
+	RESERVED
+CVE-2022-24525
+	RESERVED
+CVE-2022-24524
+	RESERVED
+CVE-2022-24523
 	RESERVED
-CVE-2022-0501
+CVE-2022-24522
 	RESERVED
+CVE-2022-24521
+	RESERVED
+CVE-2022-24520
+	RESERVED
+CVE-2022-24519
+	RESERVED
+CVE-2022-24518
+	RESERVED
+CVE-2022-24517
+	RESERVED
+CVE-2022-24516
+	RESERVED
+CVE-2022-24515
+	RESERVED
+CVE-2022-24514
+	RESERVED
+CVE-2022-24513
+	RESERVED
+CVE-2022-24512
+	RESERVED
+CVE-2022-24511
+	RESERVED
+CVE-2022-24510
+	RESERVED
+CVE-2022-24509
+	RESERVED
+CVE-2022-24508
+	RESERVED
+CVE-2022-24507
+	RESERVED
+CVE-2022-24506
+	RESERVED
+CVE-2022-24505
+	RESERVED
+CVE-2022-24504
+	RESERVED
+CVE-2022-24503
+	RESERVED
+CVE-2022-24502
+	RESERVED
+CVE-2022-24501
+	RESERVED
+CVE-2022-24500
+	RESERVED
+CVE-2022-24499
+	RESERVED
+CVE-2022-24498
+	RESERVED
+CVE-2022-24497
+	RESERVED
+CVE-2022-24496
+	RESERVED
+CVE-2022-24495
+	RESERVED
+CVE-2022-24494
+	RESERVED
+CVE-2022-24493
+	RESERVED
+CVE-2022-24492
+	RESERVED
+CVE-2022-24491
+	RESERVED
+CVE-2022-24490
+	RESERVED
+CVE-2022-24489
+	RESERVED
+CVE-2022-24488
+	RESERVED
+CVE-2022-24487
+	RESERVED
+CVE-2022-24486
+	RESERVED
+CVE-2022-24485
+	RESERVED
+CVE-2022-24484
+	RESERVED
+CVE-2022-24483
+	RESERVED
+CVE-2022-24482
+	RESERVED
+CVE-2022-24481
+	RESERVED
+CVE-2022-24480
+	RESERVED
+CVE-2022-24479
+	RESERVED
+CVE-2022-24478
+	RESERVED
+CVE-2022-24477
+	RESERVED
+CVE-2022-24476
+	RESERVED
+CVE-2022-24475
+	RESERVED
+CVE-2022-24474
+	RESERVED
+CVE-2022-24473
+	RESERVED
+CVE-2022-24472
+	RESERVED
+CVE-2022-24471
+	RESERVED
+CVE-2022-24470
+	RESERVED
+CVE-2022-24469
+	RESERVED
+CVE-2022-24468
+	RESERVED
+CVE-2022-24467
+	RESERVED
+CVE-2022-24466
+	RESERVED
+CVE-2022-24465
+	RESERVED
+CVE-2022-24464
+	RESERVED
+CVE-2022-24463
+	RESERVED
+CVE-2022-24462
+	RESERVED
+CVE-2022-24461
+	RESERVED
+CVE-2022-24460
+	RESERVED
+CVE-2022-24459
+	RESERVED
+CVE-2022-24458
+	RESERVED
+CVE-2022-24457
+	RESERVED
+CVE-2022-24456
+	RESERVED
+CVE-2022-24455
+	RESERVED
+CVE-2022-24454
+	RESERVED
+CVE-2022-24453
+	RESERVED
+CVE-2022-24452
+	RESERVED
+CVE-2022-24451
+	RESERVED
+CVE-2022-24450
+	RESERVED
+CVE-2022-24449
+	RESERVED
+CVE-2022-24448 (An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.1 ...)
+	TODO: check
+CVE-2022-24447
+	RESERVED
+CVE-2022-24446
+	RESERVED
+CVE-2022-24445
+	RESERVED
+CVE-2022-24444
+	RESERVED
+CVE-2022-24443
+	RESERVED
+CVE-2022-24442
+	RESERVED
+CVE-2022-24428
+	RESERVED
+CVE-2022-24427
+	RESERVED
+CVE-2022-24426
+	RESERVED
+CVE-2022-24425
+	RESERVED
+CVE-2022-24424
+	RESERVED
+CVE-2022-24423
+	RESERVED
+CVE-2022-24422
+	RESERVED
+CVE-2022-24421
+	RESERVED
+CVE-2022-24420
+	RESERVED
+CVE-2022-24419
+	RESERVED
+CVE-2022-24418
+	RESERVED
+CVE-2022-24417
+	RESERVED
+CVE-2022-24416
+	RESERVED
+CVE-2022-24415
+	RESERVED
+CVE-2022-24414
+	RESERVED
+CVE-2022-24413
+	RESERVED
+CVE-2022-24412
+	RESERVED
+CVE-2022-24411
+	RESERVED
+CVE-2022-24410
+	RESERVED
+CVE-2022-24409
+	RESERVED
+CVE-2022-24380
+	RESERVED
+CVE-2022-22147
+	RESERVED
+CVE-2022-21130
+	RESERVED
+CVE-2022-0515
+	RESERVED
+CVE-2022-0514
+	RESERVED
+CVE-2022-0513
+	RESERVED
+CVE-2022-0512
+	RESERVED
+CVE-2022-0511
+	RESERVED
+CVE-2022-0510
+	RESERVED
+CVE-2022-0509
+	RESERVED
+CVE-2022-0508
+	RESERVED
+CVE-2022-0507
+	RESERVED
+CVE-2022-0506
+	RESERVED
+CVE-2022-0505
+	RESERVED
+CVE-2022-0504
+	RESERVED
+CVE-2022-0503
+	RESERVED
+CVE-2022-0502 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
+	TODO: check
+CVE-2021-46675
+	RESERVED
+CVE-2021-46674
+	RESERVED
+CVE-2021-46673
+	RESERVED
+CVE-2021-46672
+	RESERVED
+CVE-2013-20004 (StarWind iSCSI SAN before 6.0 build 2013-03-20 allows a memory leak. ...)
+	TODO: check
+CVE-2007-20001 (StarWind iSCSI SAN before 3.5 build 2007-08-09 allows socket exhaustio ...)
+	TODO: check
+CVE-2022-24408
+	RESERVED
+CVE-2022-0501 (Cross-site Scripting (XSS) - Reflected in Packagist ptrofimov/beanstal ...)
+	TODO: check
 CVE-2022-0500
 	RESERVED
 CVE-2022-0499
 	RESERVED
 CVE-2022-0498
-	RESERVED
+	REJECTED
 CVE-2022-0497
 	RESERVED
 CVE-2022-0496
@@ -18,7 +552,7 @@ CVE-2022-0494
 	RESERVED
 CVE-2022-0493
 	RESERVED
-CVE-2021-46671 [information leak]
+CVE-2021-46671 (options.c in atftp before 0.7.5 reads past the end of an array, and co ...)
 	- atftp 0.7.git20210915-1 (bug #1004974)
 	[bullseye] - atftp <no-dsa> (Minor issue)
 	[buster] - atftp <no-dsa> (Minor issue)
@@ -106,8 +640,7 @@ CVE-2022-24384
 	RESERVED
 CVE-2022-21241
 	RESERVED
-CVE-2022-0487 [Use after free in moxart_remove]
-	RESERVED
+CVE-2022-0487 (A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in  ...)
 	- linux <unfixed>
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1194516
 	NOTE: https://lore.kernel.org/all/20220114075934.302464-1-gregkh@linuxfoundation.org/
@@ -115,8 +648,8 @@ CVE-2022-0486
 	RESERVED
 CVE-2022-0485
 	RESERVED
-CVE-2022-0484
-	RESERVED
+CVE-2022-0484 (Lack of validation of URLs causes Mirantis Container Cloud Lens Extens ...)
+	TODO: check
 CVE-2022-0483
 	RESERVED
 CVE-2022-0482
@@ -169,8 +702,8 @@ CVE-2022-24350
 	RESERVED
 CVE-2022-24349
 	RESERVED
-CVE-2022-24348
-	RESERVED
+CVE-2022-24348 (Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal ...)
+	TODO: check
 CVE-2022-24347
 	RESERVED
 CVE-2022-24346
@@ -237,8 +770,8 @@ CVE-2022-21194
 	RESERVED
 CVE-2022-21177
 	RESERVED
-CVE-2022-0481
-	RESERVED
+CVE-2022-0481 (NULL Pointer Dereference in Homebrew mruby prior to 3.2. ...)
+	TODO: check
 CVE-2022-24324
 	RESERVED
 CVE-2022-24323
@@ -283,10 +816,10 @@ CVE-2022-0476
 	RESERVED
 CVE-2022-0475
 	RESERVED
-CVE-2022-0474
-	RESERVED
-CVE-2022-0473
-	RESERVED
+CVE-2022-0474 (Full list of recipients from customer users in a contact field could b ...)
+	TODO: check
+CVE-2022-0473 (OTRS administrators can configure dynamic field and inject malicious J ...)
+	TODO: check
 CVE-2022-24308
 	RESERVED
 CVE-2022-24307 (Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access cont ...)
@@ -307,8 +840,8 @@ CVE-2022-24295
 	RESERVED
 CVE-2022-22986
 	RESERVED
-CVE-2022-0472
-	RESERVED
+CVE-2022-0472 (Unrestricted Upload of File with Dangerous Type in Packagist jsdecena/ ...)
+	TODO: check
 CVE-2022-0471
 	RESERVED
 CVE-2022-24294
@@ -468,8 +1001,8 @@ CVE-2022-24284
 	RESERVED
 CVE-2022-24283
 	RESERVED
-CVE-2022-0437
-	RESERVED
+CVE-2022-0437 (Cross-site Scripting (XSS) - DOM in NPM karma prior to 6.3.14. ...)
+	TODO: check
 CVE-2022-0436
 	RESERVED
 CVE-2021-46669 (MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_ ...)
@@ -600,14 +1133,14 @@ CVE-2022-24264 (Cuppa CMS v1.0 was discovered to contain a SQL injection vulnera
 	NOT-FOR-US: Cuppa CMS
 CVE-2022-24263 (Hospital Management System v4.0 was discovered to contain a SQL inject ...)
 	NOT-FOR-US: Hospital Management System
-CVE-2022-24262
-	RESERVED
+CVE-2022-24262 (The config restore function of Voipmonitor GUI before v24.96 does not  ...)
+	TODO: check
 CVE-2022-24261
 	RESERVED
-CVE-2022-24260
-	RESERVED
-CVE-2022-24259
-	RESERVED
+CVE-2022-24260 (A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows  ...)
+	TODO: check
+CVE-2022-24259 (An incorrect check in the component cdr.php of Voipmonitor GUI before  ...)
+	TODO: check
 CVE-2022-24258
 	RESERVED
 CVE-2022-24257
@@ -626,8 +1159,8 @@ CVE-2022-24251
 	RESERVED
 CVE-2022-24250
 	RESERVED
-CVE-2022-24249
-	RESERVED
+CVE-2022-24249 (A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the  ...)
+	TODO: check
 CVE-2022-24248
 	RESERVED
 CVE-2022-24247
@@ -883,6 +1416,7 @@ CVE-2022-0416
 CVE-2022-0415
 	RESERVED
 CVE-2022-24130 (xterm through Patch 370, when Sixel support is enabled, allows attacke ...)
+	{DLA-2913-1}
 	- xterm 370-2 (bug #1004689)
 	[bullseye] - xterm <no-dsa> (Minor issue)
 	[buster] - xterm <no-dsa> (Minor issue)
@@ -890,8 +1424,7 @@ CVE-2022-24130 (xterm through Patch 370, when Sixel support is enabled, allows a
 	NOTE: https://www.openwall.com/lists/oss-security/2022/01/30/2
 	NOTE: https://www.openwall.com/lists/oss-security/2022/01/30/3
 	NOTE: https://github.com/ThomasDickey/xterm-snapshots/commit/1584fc227673264661250d3a8d673c168ac9512d
-CVE-2022-24129
-	RESERVED
+CVE-2022-24129 (The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allow ...)
 	NOT-FOR-US: Shibboleth identity provider OIDC OP plugin
 CVE-2022-24128
 	RESERVED
@@ -960,12 +1493,12 @@ CVE-2022-24117
 	RESERVED
 CVE-2022-24116
 	RESERVED
-CVE-2022-24115
-	RESERVED
-CVE-2022-24114
-	RESERVED
-CVE-2022-24113
-	RESERVED
+CVE-2022-24115 (Local privilege escalation due to unrestricted loading of unsigned lib ...)
+	TODO: check
+CVE-2022-24114 (Local privilege escalation due to race condition on application startu ...)
+	TODO: check
+CVE-2022-24113 (Local privilege escalation due to excessive permissions assigned to ch ...)
+	TODO: check
 CVE-2022-0409
 	RESERVED
 CVE-2022-0408 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
@@ -1191,8 +1724,8 @@ CVE-2022-24036
 	RESERVED
 CVE-2022-23921
 	RESERVED
-CVE-2022-22987
-	RESERVED
+CVE-2022-22987 (The affected product has a hardcoded private key available inside the  ...)
+	TODO: check
 CVE-2022-21798
 	RESERVED
 CVE-2022-21154
@@ -1542,8 +2075,8 @@ CVE-2022-23982
 	RESERVED
 CVE-2022-23981
 	RESERVED
-CVE-2022-23980
-	RESERVED
+CVE-2022-23980 (Cross-Site Scripting (XSS) vulnerability discovered in Yasr – Ye ...)
+	TODO: check
 CVE-2022-23979 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-23978
@@ -1564,10 +2097,10 @@ CVE-2022-0382 [net ticp:fix a kernel-infoleak in __tipc_sendmsg()]
 	RESERVED
 	- linux 5.15.15-1
 	NOTE: Fixed by: https://git.kernel.org/linus/d6d86830705f173fca6087a3e67ceaf68db80523
-CVE-2022-0381
-	RESERVED
-CVE-2022-0380
-	RESERVED
+CVE-2022-0381 (The Embed Swagger WordPress plugin is vulnerable to Reflected Cross-Si ...)
+	TODO: check
+CVE-2022-0380 (The Fotobook WordPress plugin is vulnerable to Reflected Cross-Site Sc ...)
+	TODO: check
 CVE-2022-0379 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...)
 	NOT-FOR-US: microweber
 CVE-2022-0378 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/microwe ...)
@@ -1586,10 +2119,10 @@ CVE-2022-0372 (Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater
 	NOT-FOR-US: Crater
 CVE-2021-46561 (controller/org.controller/org.controller.js in the CVE Services API 1. ...)
 	NOT-FOR-US: controller/org.controller/org.controller.js in the CVE Services API
-CVE-2018-25029
-	RESERVED
-CVE-2013-20003
-	RESERVED
+CVE-2018-25029 (The Z-Wave specification requires that S2 security can be downgraded t ...)
+	TODO: check
+CVE-2013-20003 (Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (usin ...)
+	TODO: check
 CVE-2022-23973
 	RESERVED
 CVE-2022-23972
@@ -1658,10 +2191,10 @@ CVE-2021-46559 (The firmware on Moxa TN-5900 devices through 3.1 has a weak algo
 	NOT-FOR-US: Moxa
 CVE-2019-25056 (In Bromite through 78.0.3904.130, there are adblock rules in the relea ...)
 	NOT-FOR-US: Bromite
-CVE-2022-23947
-	RESERVED
-CVE-2022-23946
-	RESERVED
+CVE-2022-23947 (A stack-based buffer overflow vulnerability exists in the Gerber Viewe ...)
+	TODO: check
+CVE-2022-23946 (A stack-based buffer overflow vulnerability exists in the Gerber Viewe ...)
+	TODO: check
 CVE-2022-23945 (Missing authentication on ShenYu Admin when register by HTTP. This iss ...)
 	NOT-FOR-US: Apache ShenYu Admin
 CVE-2022-23944 (User can access /plugin api without authentication. This issue affecte ...)
@@ -1682,8 +2215,8 @@ CVE-2022-0367
 	RESERVED
 CVE-2022-0366 (An authenticated and authorized agent user could potentially gain admi ...)
 	NOT-FOR-US: Sophos
-CVE-2022-0365
-	RESERVED
+CVE-2022-0365 (The affected product is vulnerable to an authenticated OS command inje ...)
+	TODO: check
 CVE-2022-0364
 	RESERVED
 CVE-2022-0363
@@ -1789,8 +2322,8 @@ CVE-2021-4211
 	RESERVED
 CVE-2021-4210
 	RESERVED
-CVE-2022-23913
-	RESERVED
+CVE-2022-23913 (In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker coul ...)
+	TODO: check
 CVE-2022-23912
 	RESERVED
 CVE-2022-23911
@@ -2308,7 +2841,7 @@ CVE-2022-23839
 	RESERVED
 CVE-2022-23838
 	RESERVED
-CVE-2022-23837 (In api.rb in Sidekiq before 6.4.0, there is no limit on the number of  ...)
+CVE-2022-23837 (In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the ...)
 	- ruby-sidekiq <unfixed> (bug #1004193)
 	NOTE: https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956 (v6.4.0)
 CVE-2022-23836
@@ -2426,8 +2959,8 @@ CVE-2022-23807 (An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 b
 	NOTE: 2FA support is not packaged in Debian
 CVE-2022-23806
 	RESERVED
-CVE-2022-23805
-	RESERVED
+CVE-2022-23805 (A security out-of-bounds read information disclosure vulnerability in  ...)
+	TODO: check
 CVE-2022-23804
 	RESERVED
 CVE-2022-23803
@@ -2514,8 +3047,8 @@ CVE-2022-0318 (Heap-based Buffer Overflow in vim/vim prior to 8.2. ...)
 	[buster] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/0d10ba02-b138-4e68-a284-67f781a62d08
 	NOTE: https://github.com/vim/vim/commit/57df9e8a9f9ae1aafdde9b86b10ad907627a87dc (v8.2.4151)
-CVE-2022-0317
-	RESERVED
+CVE-2022-0317 (An improper input validation vulnerability in go-attestation before 0. ...)
+	TODO: check
 CVE-2022-0316
 	RESERVED
 CVE-2022-0315
@@ -2850,18 +3383,18 @@ CVE-2022-23616
 	RESERVED
 CVE-2022-23615
 	RESERVED
-CVE-2022-23614
-	RESERVED
+CVE-2022-23614 (Twig is an open source template language for PHP. When in a sandbox mo ...)
+	TODO: check
 CVE-2022-23613
 	RESERVED
 CVE-2022-23612
 	RESERVED
-CVE-2022-23611
-	RESERVED
+CVE-2022-23611 (iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows  ...)
+	TODO: check
 CVE-2022-23610
 	RESERVED
-CVE-2022-23609
-	RESERVED
+CVE-2022-23609 (iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows  ...)
+	TODO: check
 CVE-2022-23608
 	RESERVED
 CVE-2022-23607 (treq is an HTTP library inspired by requests but written on top of Twi ...)
@@ -2870,8 +3403,8 @@ CVE-2022-23607 (treq is an HTTP library inspired by requests but written on top
 	NOTE: https://github.com/twisted/treq/commit/1da6022cc880bbcff59321abe02bf8498b89efb2 (release-22.1.0)
 CVE-2022-23606
 	RESERVED
-CVE-2022-23605
-	RESERVED
+CVE-2022-23605 (Wire webapp is a web client for the wire messaging protocol. In versio ...)
+	TODO: check
 CVE-2022-23604
 	RESERVED
 CVE-2022-23603 (iTunesRPC-Remastered is a discord rich presence application for use wi ...)
@@ -2882,8 +3415,8 @@ CVE-2022-23601 (Symfony is a PHP framework for web and console applications and
 	- symfony <not-affected> (Vulnerable code not present; no Debian released version contained the vulnerable code)
 	NOTE: https://symfony.com/blog/cve-2022-23601-csrf-token-missing-in-forms
 	NOTE: https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50
-CVE-2022-23600
-	RESERVED
+CVE-2022-23600 (fleet is an open source device management, built on osquery. Versions  ...)
+	TODO: check
 CVE-2022-23599 (Products.ATContentTypes are the core content types for Plone 2.1 - 4.3 ...)
 	NOT-FOR-US: Plone
 CVE-2022-23598 (laminas-form is a package for validating and displaying simple and com ...)
@@ -2892,84 +3425,84 @@ CVE-2022-23597 (Element Desktop is a Matrix client for desktop platforms with El
 	NOT-FOR-US: Element Desktop
 CVE-2022-23596 (Junrar is an open source java RAR archive library. In affected version ...)
 	NOT-FOR-US: Junrar
-CVE-2022-23595
-	RESERVED
-CVE-2022-23594
-	RESERVED
-CVE-2022-23593
-	RESERVED
-CVE-2022-23592
-	RESERVED
-CVE-2022-23591
-	RESERVED
-CVE-2022-23590
-	RESERVED
-CVE-2022-23589
-	RESERVED
-CVE-2022-23588
-	RESERVED
-CVE-2022-23587
-	RESERVED
-CVE-2022-23586
-	RESERVED
-CVE-2022-23585
-	RESERVED
-CVE-2022-23584
-	RESERVED
-CVE-2022-23583
-	RESERVED
-CVE-2022-23582
-	RESERVED
-CVE-2022-23581
-	RESERVED
-CVE-2022-23580
-	RESERVED
-CVE-2022-23579
-	RESERVED
-CVE-2022-23578
-	RESERVED
-CVE-2022-23577
-	RESERVED
-CVE-2022-23576
-	RESERVED
-CVE-2022-23575
-	RESERVED
-CVE-2022-23574
-	RESERVED
-CVE-2022-23573
-	RESERVED
-CVE-2022-23572
-	RESERVED
-CVE-2022-23571
-	RESERVED
-CVE-2022-23570
-	RESERVED
+CVE-2022-23595 (Tensorflow is an Open Source Machine Learning Framework. When building ...)
+	TODO: check
+CVE-2022-23594 (Tensorflow is an Open Source Machine Learning Framework. The TFG diale ...)
+	TODO: check
+CVE-2022-23593 (Tensorflow is an Open Source Machine Learning Framework. The `simplify ...)
+	TODO: check
+CVE-2022-23592 (Tensorflow is an Open Source Machine Learning Framework. TensorFlow's  ...)
+	TODO: check
+CVE-2022-23591 (Tensorflow is an Open Source Machine Learning Framework. The `GraphDef ...)
+	TODO: check
+CVE-2022-23590 (Tensorflow is an Open Source Machine Learning Framework. A `GraphDef`  ...)
+	TODO: check
+CVE-2022-23589 (Tensorflow is an Open Source Machine Learning Framework. Under certain ...)
+	TODO: check
+CVE-2022-23588 (Tensorflow is an Open Source Machine Learning Framework. A malicious u ...)
+	TODO: check
+CVE-2022-23587 (Tensorflow is an Open Source Machine Learning Framework. Under certain ...)
+	TODO: check
+CVE-2022-23586 (Tensorflow is an Open Source Machine Learning Framework. A malicious u ...)
+	TODO: check
+CVE-2022-23585 (Tensorflow is an Open Source Machine Learning Framework. When decoding ...)
+	TODO: check
+CVE-2022-23584 (Tensorflow is an Open Source Machine Learning Framework. A malicious u ...)
+	TODO: check
+CVE-2022-23583 (Tensorflow is an Open Source Machine Learning Framework. A malicious u ...)
+	TODO: check
+CVE-2022-23582 (Tensorflow is an Open Source Machine Learning Framework. A malicious u ...)
+	TODO: check
+CVE-2022-23581 (Tensorflow is an Open Source Machine Learning Framework. The Grappler  ...)
+	TODO: check
+CVE-2022-23580 (Tensorflow is an Open Source Machine Learning Framework. During shape  ...)
+	TODO: check
+CVE-2022-23579 (Tensorflow is an Open Source Machine Learning Framework. The Grappler  ...)
+	TODO: check
+CVE-2022-23578 (Tensorflow is an Open Source Machine Learning Framework. If a graph no ...)
+	TODO: check
+CVE-2022-23577 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+	TODO: check
+CVE-2022-23576 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+	TODO: check
+CVE-2022-23575 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+	TODO: check
+CVE-2022-23574 (Tensorflow is an Open Source Machine Learning Framework. There is a ty ...)
+	TODO: check
+CVE-2022-23573 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+	TODO: check
+CVE-2022-23572 (Tensorflow is an Open Source Machine Learning Framework. Under certain ...)
+	TODO: check
+CVE-2022-23571 (Tensorflow is an Open Source Machine Learning Framework. When decoding ...)
+	TODO: check
+CVE-2022-23570 (Tensorflow is an Open Source Machine Learning Framework. When decoding ...)
+	TODO: check
 CVE-2022-23569 (Tensorflow is an Open Source Machine Learning Framework. Multiple oper ...)
 	- tensorflow <itp> (bug #804612)
 CVE-2022-23568 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
 	- tensorflow <itp> (bug #804612)
 CVE-2022-23567 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
 	- tensorflow <itp> (bug #804612)
-CVE-2022-23566
-	RESERVED
-CVE-2022-23565
-	RESERVED
-CVE-2022-23564
-	RESERVED
-CVE-2022-23563
-	RESERVED
-CVE-2022-23562
-	RESERVED
-CVE-2022-23561
-	RESERVED
-CVE-2022-23560
-	RESERVED
-CVE-2022-23559
-	RESERVED
-CVE-2022-23558
-	RESERVED
-CVE-2022-23557
-	RESERVED
+CVE-2022-23566 (Tensorflow is an Open Source Machine Learning Framework. TensorFlow is ...)
+	TODO: check
+CVE-2022-23565 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...)
+	TODO: check
+CVE-2022-23564 (Tensorflow is an Open Source Machine Learning Framework. When decoding ...)
+	TODO: check
+CVE-2022-23563 (Tensorflow is an Open Source Machine Learning Framework. In multiple p ...)
+	TODO: check
+CVE-2022-23562 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+	TODO: check
+CVE-2022-23561 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...)
+	TODO: check
+CVE-2022-23560 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...)
+	TODO: check
+CVE-2022-23559 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...)
+	TODO: check
+CVE-2022-23558 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...)
+	TODO: check
+CVE-2022-23557 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...)
+	TODO: check
 CVE-2022-23556
 	RESERVED
 CVE-2022-23555
@@ -3510,8 +4043,8 @@ CVE-2022-23381
 	RESERVED
 CVE-2022-23380
 	RESERVED
-CVE-2022-23379
-	RESERVED
+CVE-2022-23379 (Emlog v6.0 was discovered to contain a SQL injection vulnerability via ...)
+	TODO: check
 CVE-2022-23378
 	RESERVED
 CVE-2022-23377
@@ -3608,10 +4141,10 @@ CVE-2022-23332
 	RESERVED
 CVE-2022-23331
 	RESERVED
-CVE-2022-23330
-	RESERVED
-CVE-2022-23329
-	RESERVED
+CVE-2022-23330 (A remote code execution (RCE) vulnerability in HelloWorldAddonControll ...)
+	TODO: check
+CVE-2022-23329 (A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJ ...)
+	TODO: check
 CVE-2022-23328
 	RESERVED
 CVE-2022-23327
@@ -3628,8 +4161,8 @@ CVE-2022-23322
 	RESERVED
 CVE-2022-23321
 	RESERVED
-CVE-2022-23320
-	RESERVED
+CVE-2022-23320 (XMPie uStore 12.3.7244.0 allows for administrators to generate reports ...)
+	TODO: check
 CVE-2022-23319
 	RESERVED
 CVE-2022-23318
@@ -3668,7 +4201,7 @@ CVE-2022-0267
 	RESERVED
 CVE-2021-46399
 	RESERVED
-CVE-2021-46398 (A Cross-Site Request Forgery (CSRF) vulnerability exists in Filebrowse ...)
+CVE-2021-46398 (A Cross-Site Request Forgery vulnerability exists in Filebrowser <  ...)
 	TODO: check
 CVE-2021-46397
 	RESERVED
@@ -3686,8 +4219,8 @@ CVE-2021-46391
 	RESERVED
 CVE-2021-46390
 	RESERVED
-CVE-2021-46389
-	RESERVED
+CVE-2021-46389 (IIPImage High Resolution Streaming Image Server prior to commit 882925 ...)
+	TODO: check
 CVE-2021-46388
 	RESERVED
 CVE-2021-46387
@@ -3746,8 +4279,8 @@ CVE-2021-46361
 	RESERVED
 CVE-2021-46360
 	RESERVED
-CVE-2021-46359
-	RESERVED
+CVE-2021-46359 (FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerabilit ...)
+	TODO: check
 CVE-2021-46358
 	RESERVED
 CVE-2021-46357
@@ -3986,8 +4519,7 @@ CVE-2022-23303 (The implementations of SAE in hostapd before 2.10 and wpa_suppli
 	[stretch] - wpa <not-affected> (CVE-2019-9494 was not applied and is marked as ignored)
 	NOTE: https://w1.fi/security/2022-1/
 	NOTE: Issue exists because of an incomplete fix for CVE-2019-9494
-CVE-2022-0264 [bpf: Fix kernel address leakage in atomic fetch]
-	RESERVED
+CVE-2022-0264 (A vulnerability was found in the Linux kernel's eBPF verifier when han ...)
 	- linux 5.15.5-2
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
@@ -4097,12 +4629,12 @@ CVE-2022-23265
 	RESERVED
 CVE-2022-23264
 	RESERVED
-CVE-2022-23263
-	RESERVED
-CVE-2022-23262
-	RESERVED
-CVE-2022-23261
-	RESERVED
+CVE-2022-23263 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability.  ...)
+	TODO: check
+CVE-2022-23262 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability.  ...)
+	TODO: check
+CVE-2022-23261 (Microsoft Edge (Chromium-based) Tampering Vulnerability. ...)
+	TODO: check
 CVE-2022-23260
 	RESERVED
 CVE-2022-23259
@@ -4255,8 +4787,8 @@ CVE-2022-23208
 	RESERVED
 CVE-2022-23207
 	RESERVED
-CVE-2022-0227
-	RESERVED
+CVE-2022-0227 (Business Logic Errors in GitHub repository silverstripe/silverstripe-f ...)
+	TODO: check
 CVE-2021-46303
 	RESERVED
 CVE-2021-46302
@@ -4314,8 +4846,8 @@ CVE-2022-0220 (The check_privacy_settings AJAX action of the WordPress GDPR Word
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0219 (Improper Restriction of XML External Entity Reference in GitHub reposi ...)
 	NOT-FOR-US: jadx
-CVE-2022-0218
-	RESERVED
+CVE-2022-0218 (The WP HTML Mail WordPress plugin is vulnerable to unauthorized access ...)
+	TODO: check
 CVE-2022-0216
 	RESERVED
 CVE-2022-0215 (The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier  ...)
@@ -4334,8 +4866,8 @@ CVE-2022-0211
 	RESERVED
 CVE-2021-45729 (The Privilege Escalation vulnerability discovered in the WP Google Map ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-44779
-	RESERVED
+CVE-2021-44779 (Unauthenticated SQL Injection (SQLi) vulnerability discovered in [GWA] ...)
+	TODO: check
 CVE-2021-44777 (Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-44760
@@ -4358,8 +4890,7 @@ CVE-2021-23174 (Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vul
 	NOT-FOR-US: WordPress plugin
 CVE-2021-23150
 	RESERVED
-CVE-2022-23206
-	RESERVED
+CVE-2022-23206 (In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unpr ...)
 	NOT-FOR-US: Apache Traffic Control
 CVE-2022-23205
 	RESERVED
@@ -4403,8 +4934,8 @@ CVE-2022-23186
 	RESERVED
 CVE-2022-23185
 	RESERVED
-CVE-2022-23184
-	RESERVED
+CVE-2022-23184 (In affected Octopus Server versions when the server HTTP and HTTPS bin ...)
+	TODO: check
 CVE-2022-23181 (The fix for bug CVE-2020-9484 introduced a time of check, time of use  ...)
 	- tomcat9 <unfixed>
 	- tomcat8 <removed>
@@ -5057,8 +5588,8 @@ CVE-2022-22941
 	RESERVED
 CVE-2022-22940
 	RESERVED
-CVE-2022-22939
-	RESERVED
+CVE-2022-22939 (VMware Cloud Foundation contains an information disclosure vulnerabili ...)
+	TODO: check
 CVE-2022-22938 (VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windo ...)
 	NOT-FOR-US: VMware
 CVE-2022-22937
@@ -5073,8 +5604,7 @@ CVE-2022-22933
 	RESERVED
 CVE-2022-22932 (Apache Karaf obr:* commands and run goal on the karaf-maven-plugin hav ...)
 	- apache-karaf <itp> (bug #881297)
-CVE-2022-22931
-	RESERVED
+CVE-2022-22931 (Fix of CVE-2021-40525 do not prepend delimiters upon valid directory v ...)
 	NOT-FOR-US: Apache James
 CVE-2022-22930 (A remote code execution (RCE) vulnerability in the Template Management ...)
 	NOT-FOR-US: MCMS
@@ -5622,12 +6152,12 @@ CVE-2022-22835
 	RESERVED
 CVE-2022-22834
 	RESERVED
-CVE-2022-22833
-	RESERVED
-CVE-2022-22832
-	RESERVED
-CVE-2022-22831
-	RESERVED
+CVE-2022-22833 (An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obta ...)
+	TODO: check
+CVE-2022-22832 (An issue was discovered in Servisnet Tessa 0.0.2. Authorization data i ...)
+	TODO: check
+CVE-2022-22831 (An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add  ...)
+	TODO: check
 CVE-2022-22830
 	RESERVED
 CVE-2022-22829
@@ -5735,8 +6265,8 @@ CVE-2022-22806
 	RESERVED
 CVE-2022-22805
 	RESERVED
-CVE-2022-22804
-	RESERVED
+CVE-2022-22804 (A CWE-79: Improper Neutralization of Input During Web Page Generation  ...)
+	TODO: check
 CVE-2022-22803
 	RESERVED
 CVE-2022-22802
@@ -5989,10 +6519,10 @@ CVE-2022-0151 (An issue has been discovered in GitLab affecting all versions sta
 	- gitlab <unfixed>
 CVE-2022-0150
 	RESERVED
-CVE-2022-0149
-	RESERVED
-CVE-2022-0148
-	RESERVED
+CVE-2022-0149 (The WooCommerce WordPress plugin before 2.7.1 was affected by a Reflec ...)
+	TODO: check
+CVE-2022-0148 (The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon  ...)
+	TODO: check
 CVE-2022-0147
 	RESERVED
 CVE-2022-0146
@@ -6055,18 +6585,18 @@ CVE-2021-46146 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x befor
 	NOT-FOR-US: MediaWiki extension WikiBaseMediainfo
 CVE-2022-22728
 	RESERVED
-CVE-2022-22727
-	RESERVED
-CVE-2022-22726
-	RESERVED
-CVE-2022-22725
-	RESERVED
-CVE-2022-22724
-	RESERVED
-CVE-2022-22723
-	RESERVED
-CVE-2022-22722
-	RESERVED
+CVE-2022-22727 (A CWE-20: Improper Input Validation vulnerability exists that could al ...)
+	TODO: check
+CVE-2022-22726 (A CWE-20: Improper Input Validation vulnerability exists that could al ...)
+	TODO: check
+CVE-2022-22725 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...)
+	TODO: check
+CVE-2022-22724 (A CWE-400: Uncontrolled Resource Consumption vulnerability exists that ...)
+	TODO: check
+CVE-2022-22723 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...)
+	TODO: check
+CVE-2022-22722 (A CWE-798: Use of Hard-coded Credentials vulnerability exists that cou ...)
+	TODO: check
 CVE-2022-22721
 	RESERVED
 CVE-2022-22720
@@ -6162,8 +6692,8 @@ CVE-2022-22691 (The password reset component deployed within Umbraco uses the ho
 	NOT-FOR-US: Umbraco CMS
 CVE-2022-22690 (Within the Umbraco CMS, a configuration element named "UmbracoApplicat ...)
 	NOT-FOR-US: Umbraco CMS
-CVE-2022-22689
-	RESERVED
+CVE-2022-22689 (CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, an ...)
+	TODO: check
 CVE-2022-22688
 	RESERVED
 CVE-2022-22687
@@ -6180,12 +6710,12 @@ CVE-2022-22682
 	RESERVED
 CVE-2022-22681
 	RESERVED
-CVE-2022-22680
-	RESERVED
-CVE-2022-22679
-	RESERVED
-CVE-2022-22150
-	RESERVED
+CVE-2022-22680 (Exposure of sensitive information to an unauthorized actor vulnerabili ...)
+	TODO: check
+CVE-2022-22679 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
+	TODO: check
+CVE-2022-22150 (A memory corruption vulnerability exists in the JavaScript engine of F ...)
+	TODO: check
 CVE-2022-0130 (Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remo ...)
 	NOT-FOR-US: Tenable
 CVE-2021-46145 (The keyfob subsystem in Honda Civic 2012 vehicles allows a replay atta ...)
@@ -7656,7 +8186,7 @@ CVE-2022-0078
 	RESERVED
 CVE-2021-45959
 	REJECTED
-CVE-2021-45958 (UltraJSON (aka ujson) 4.0.2 through 5.0.0 has a stack-based buffer ove ...)
+CVE-2021-45958 (** DISPUTED ** UltraJSON (aka ujson) 4.0.2 through 5.0.0 has a stack-b ...)
 	- ujson <unfixed> (bug #1005140)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36009
 	NOTE: https://github.com/ultrajson/ultrajson/issues/501
@@ -9463,8 +9993,7 @@ CVE-2022-21137 (Omron CX-One Versions 4.60 and prior are vulnerable to a stack-b
 	NOT-FOR-US: Omron CX-One
 CVE-2021-45459 (lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js ...)
 	NOT-FOR-US: Node windows
-CVE-2021-4154 [cgroup: verify that source is a string]
-	RESERVED
+CVE-2021-4154 (A use-after-free flaw was found in cgroup1_parse_param in kernel/cgrou ...)
 	- linux 5.14.6-1
 	[bullseye] - linux 5.10.70-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
@@ -9757,8 +10286,8 @@ CVE-2021-45431
 	RESERVED
 CVE-2021-45430
 	RESERVED
-CVE-2021-45429
-	RESERVED
+CVE-2021-45429 (A Buffer Overflow vulnerablity exists in VirusTotal YARA git commit: 6 ...)
+	TODO: check
 CVE-2021-45428 (TLR-2005KSH is affected by an incorrect access control vulnerability.  ...)
 	NOT-FOR-US: TLR-2005KSH
 CVE-2021-45427 (Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated ar ...)
@@ -9802,8 +10331,8 @@ CVE-2021-45410
 	RESERVED
 CVE-2021-45409
 	RESERVED
-CVE-2021-45408
-	RESERVED
+CVE-2021-45408 (Open Redirect vulnerability exists in SeedDMS 6.0.15 in out.Login.php, ...)
+	TODO: check
 CVE-2021-45407
 	RESERVED
 CVE-2021-45406 (In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to ...)
@@ -10115,7 +10644,7 @@ CVE-2021-45270
 	RESERVED
 CVE-2021-45269
 	RESERVED
-CVE-2021-45268 (A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop C ...)
+CVE-2021-45268 (** DISPUTED ** A Cross Site Request Forgery (CSRF) vulnerability exist ...)
 	NOT-FOR-US: Backdrop CMS
 CVE-2021-45267 (An invalid memory address dereference vulnerability exists in gpac 1.1 ...)
 	- gpac <unfixed>
@@ -12848,8 +13377,8 @@ CVE-2021-4044 (Internally libssl in OpenSSL calls X509_verify_cert() on the clie
 	[experimental] - openssl 3.0.1-1
 	- openssl <not-affected> (Vulnerable code not present)
 	NOTE: https://www.openssl.org/news/secadv/20211214.txt
-CVE-2021-4043
-	RESERVED
+CVE-2021-4043 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0 ...)
+	TODO: check
 CVE-2021-4042
 	RESERVED
 CVE-2021-4041 [Improper shell escaping in ansible-runner]
@@ -13734,12 +14263,12 @@ CVE-2021-4018 (snipe-it is vulnerable to Improper Neutralization of Input During
 	NOT-FOR-US: snipe-it
 CVE-2021-4017 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
 	NOT-FOR-US: ShowDoc
-CVE-2021-44206
-	RESERVED
-CVE-2021-44205
-	RESERVED
-CVE-2021-44204
-	RESERVED
+CVE-2021-44206 (Local privilege escalation due to DLL hijacking vulnerability in Acron ...)
+	TODO: check
+CVE-2021-44205 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...)
+	TODO: check
+CVE-2021-44204 (Local privilege escalation via named pipe due to improper access contr ...)
+	TODO: check
 CVE-2021-44203 (Stored cross-site scripting (XSS) was possible in protection plan deta ...)
 	NOT-FOR-US: Acronis
 CVE-2021-44202 (Stored cross-site scripting (XSS) was possible in activity details. Th ...)
@@ -14846,16 +15375,16 @@ CVE-2021-43931 (The authentication algorithm of the WebHMI portal is sound, but
 	NOT-FOR-US: Distributed Data Systems
 CVE-2021-43930
 	RESERVED
-CVE-2021-43929
-	RESERVED
-CVE-2021-43928
-	RESERVED
-CVE-2021-43927
-	RESERVED
-CVE-2021-43926
-	RESERVED
-CVE-2021-43925
-	RESERVED
+CVE-2021-43929 (Improper neutralization of special elements in output used by a downst ...)
+	TODO: check
+CVE-2021-43928 (Improper neutralization of special elements used in an OS command ('OS ...)
+	TODO: check
+CVE-2021-43927 (Improper neutralization of special elements used in an SQL command ('S ...)
+	TODO: check
+CVE-2021-43926 (Improper neutralization of special elements used in an SQL command ('S ...)
+	TODO: check
+CVE-2021-43925 (Improper neutralization of special elements used in an SQL command ('S ...)
+	TODO: check
 CVE-2021-43924
 	RESERVED
 CVE-2021-43923
@@ -15046,8 +15575,8 @@ CVE-2021-43843 (jsx-slack is a package for building JSON objects for Slack block
 	NOT-FOR-US: jsx-slack
 CVE-2021-43842 (Wiki.js is a wiki app built on Node.js. Wiki.js versions 2.5.257 and e ...)
 	NOT-FOR-US: Wiki.js
-CVE-2021-43841
-	RESERVED
+CVE-2021-43841 (XWiki is a generic wiki platform offering runtime services for applica ...)
+	TODO: check
 CVE-2021-43840 (message_bus is a messaging bus for Ruby processes and web clients. In  ...)
 	TODO: check
 CVE-2021-43839 (Cronos is a commercial implementation of a blockchain. In Cronos nodes ...)
@@ -16381,8 +16910,8 @@ CVE-2021-43637 (Amazon WorkSpaces agent is affected by Buffer Overflow. IOCTL Ha
 	NOT-FOR-US: Amazon
 CVE-2021-43636
 	RESERVED
-CVE-2021-43635
-	RESERVED
+CVE-2021-43635 (A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4. ...)
+	TODO: check
 CVE-2021-43634
 	RESERVED
 CVE-2021-43633
@@ -19492,8 +20021,8 @@ CVE-2021-42835 (An issue was discovered in Plex Media Server through 1.24.4.5081
 	NOT-FOR-US: Plex Media Server
 CVE-2021-42834
 	RESERVED
-CVE-2021-42833
-	RESERVED
+CVE-2021-42833 (A Use of Hardcoded Credentials vulnerability exists in AquaView versio ...)
+	TODO: check
 CVE-2021-42832
 	RESERVED
 CVE-2021-42831
@@ -23173,8 +23702,7 @@ CVE-2021-41817 (Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (
 	NOTE: Followups to mimic previous behaviour:
 	NOTE: https://github.com/ruby/date/commit/8f2d7a0c7e52cea8333824bd527822e5449ed83d (v3.2.2)
 	NOTE: https://github.com/ruby/date/commit/376c65942bd1d81803f14d37351737df60ec4664 (v3.2.2)
-CVE-2021-41816 [Buffer Overrun in CGI.escape_html]
-	RESERVED
+CVE-2021-41816 (CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integ ...)
 	{DSA-5067-1}
 	- ruby3.0 <unfixed> (bug #1002995)
 	- ruby2.7 2.7.5-1
@@ -23961,7 +24489,7 @@ CVE-2021-41498 (Buffer overflow in ajaxsoundstudio.com Pyo &lt and 1.03 in t
 	NOTE: https://github.com/belangeo/pyo/commit/017702c73332a8560c8554a36250a6da587a2418 (1.0.4)
 CVE-2021-41497 (Null pointer reference in CMS_Conservative_increment_obj in RaRe-Techn ...)
 	NOT-FOR-US: RaRe-Technologies bounter
-CVE-2021-41496 (Buffer overflow in the array_from_pyobj function of fortranobject.c in ...)
+CVE-2021-41496 (** DISPUTED ** Buffer overflow in the array_from_pyobj function of for ...)
 	- numpy <unfixed>
 	[bullseye] - numpy <no-dsa> (Minor issue)
 	NOTE: https://github.com/numpy/numpy/issues/19000
@@ -26625,8 +27153,8 @@ CVE-2021-40422
 	RESERVED
 CVE-2021-40421
 	RESERVED
-CVE-2021-40420
-	RESERVED
+CVE-2021-40420 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
+	TODO: check
 CVE-2021-40419 (A firmware update vulnerability exists in the 'factory' binary of reol ...)
 	NOT-FOR-US: Reolink
 CVE-2021-40418 (When parsing a file that is submitted to the DPDecoder service as a jo ...)
@@ -26659,12 +27187,12 @@ CVE-2021-40405
 	RESERVED
 CVE-2021-40404 (An authentication bypass vulnerability exists in the cgiserver.cgi Log ...)
 	NOT-FOR-US: Reolink
-CVE-2021-40403
-	RESERVED
+CVE-2021-40403 (An information disclosure vulnerability exists in the pick-and-place r ...)
+	TODO: check
 CVE-2021-40402
 	RESERVED
-CVE-2021-40401
-	RESERVED
+CVE-2021-40401 (A use-after-free vulnerability exists in the RS-274X aperture definiti ...)
+	TODO: check
 CVE-2021-40400
 	RESERVED
 CVE-2021-40399
@@ -29376,8 +29904,8 @@ CVE-2021-39282 (Live555 through 1.08 has a memory leak in AC3AudioStreamParser f
 	NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021970.html
 CVE-2021-39281
 	RESERVED
-CVE-2021-39280
-	RESERVED
+CVE-2021-39280 (Certain Korenix JetWave devices allow authenticated users to execute a ...)
+	TODO: check
 CVE-2021-39279 (Certain MOXA devices allow Authenticated Command Injection via /forms/ ...)
 	NOT-FOR-US: MOXA
 CVE-2021-39278 (Certain MOXA devices allow reflected XSS via the Config Import menu. T ...)
@@ -30090,8 +30618,8 @@ CVE-2021-39023
 	RESERVED
 CVE-2021-39022
 	RESERVED
-CVE-2021-39021
-	RESERVED
+CVE-2021-39021 (IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently or send ...)
+	TODO: check
 CVE-2021-39020
 	RESERVED
 CVE-2021-39019
@@ -30212,8 +30740,8 @@ CVE-2021-38962
 	RESERVED
 CVE-2021-38961 (IBM OPENBMC OP910 is vulnerable to cross-site scripting. This vulnerab ...)
 	NOT-FOR-US: IBM
-CVE-2021-38960
-	RESERVED
+CVE-2021-38960 (IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated use ...)
+	TODO: check
 CVE-2021-38959 (IBM SPSS Statistics for Windows 24.0, 25.0, 26.0, 27.0, 27.0.1, and 28 ...)
 	NOT-FOR-US: IBM
 CVE-2021-38958 (IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service ...)
@@ -32213,8 +32741,8 @@ CVE-2021-38173 (Btrbk before 0.31.2 allows command execution because of the mish
 	[buster] - btrbk 0.27.1-1+deb10u1
 	NOTE: Fixed by: https://github.com/digint/btrbk/commit/58212de771c381cd4fa05625927080bf264e9584 (v0.31.2)
 	NOTE: Introduced by: https://github.com/digint/btrbk/commit/ccb5ed5e7191a083da52998df4c880f693451144 (v0.23.0-rc1)
-CVE-2021-38172
-	RESERVED
+CVE-2021-38172 (perM 0.4.0 has a Buffer Overflow related to strncpy. (Debian initially ...)
+	TODO: check
 CVE-2021-38171 (adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not  ...)
 	{DSA-4998-1 DSA-4990-1 DLA-2818-1}
 	- ffmpeg 7:4.4.1-1
@@ -32323,8 +32851,8 @@ CVE-2021-38132
 	RESERVED
 CVE-2021-38131
 	RESERVED
-CVE-2021-38130
-	RESERVED
+CVE-2021-38130 (A potential Information leakage vulnerability has been identified in v ...)
+	TODO: check
 CVE-2021-38129 (Escalation of privileges vulnerability in Micro Focus in Micro Focus O ...)
 	NOT-FOR-US: Micro Focus
 CVE-2021-38128
@@ -37135,11 +37663,9 @@ CVE-2021-36154 (HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows
 	NOT-FOR-US: gRPC Swift
 CVE-2021-36153 (Mismanaged state in GRPCWebToHTTP2ServerCodec.swift in gRPC Swift 1.1. ...)
 	NOT-FOR-US: gRPC Swift
-CVE-2021-36152
-	RESERVED
+CVE-2021-36152 (Apache Gobblin trusts all certificates used for LDAP connections in Go ...)
 	NOT-FOR-US: Apache Gobblin
-CVE-2021-36151
-	RESERVED
+CVE-2021-36151 (In Apache Gobblin, the Hadoop token is written to a temp file that is  ...)
 	NOT-FOR-US: Apache Gobblin
 CVE-2021-3636 (It was found in OpenShift, before version 4.8, that the generated cert ...)
 	NOT-FOR-US: OpenShift
@@ -43651,7 +44177,7 @@ CVE-2021-33432
 	RESERVED
 CVE-2021-33431
 	RESERVED
-CVE-2021-33430 (A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_N ...)
+CVE-2021-33430 (** DISPUTED ** A Buffer Overflow vulnerability exists in NumPy 1.9.x i ...)
 	- numpy 1:1.21.4-2
 	[bullseye] - numpy <no-dsa> (Minor issue)
 	NOTE: https://github.com/numpy/numpy/issues/18939
@@ -45426,8 +45952,8 @@ CVE-2021-32734 (Nextcloud Server is a Nextcloud package that handles data storag
 	- nextcloud-server <itp> (bug #941708)
 CVE-2021-32733 (Nextcloud Text is a collaborative document editing application that us ...)
 	NOT-FOR-US: Nextcloud Text
-CVE-2021-32732
-	RESERVED
+CVE-2021-32732 (### Impact It's possible to know if a user has or not an account in a  ...)
+	TODO: check
 CVE-2021-32731 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
 	NOT-FOR-US: XWiki
 CVE-2021-32730 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
@@ -47173,8 +47699,8 @@ CVE-2021-32037 (An authorized user may trigger an invariant which may result in
 	- mongodb <removed>
 	[stretch] - mongodb <end-of-life> (https://lists.debian.org/debian-lts/2020/11/msg00058.html)
 	NOTE: https://jira.mongodb.org/browse/SERVER-59071
-CVE-2021-32036
-	RESERVED
+CVE-2021-32036 (An authenticated user without any specific authorizations may be able  ...)
+	TODO: check
 CVE-2021-32035
 	RESERVED
 CVE-2021-32034
@@ -52546,7 +53072,7 @@ CVE-2021-30123 (FFmpeg <=4.3 contains a buffer overflow vulnerability in liba
 	NOTE: Introduced in https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9c0beaf0d3bb72f6e83b3b155a598a9ec28c8468
 CVE-2021-30122
 	RESERVED
-CVE-2021-30121 (Local file inclusion exists in Kaseya VSA before 9.5.6. ...)
+CVE-2021-30121 (Authenticated local file inclusion in Kaseya VSA < v9.5.6 ...)
 	NOT-FOR-US: Kaseya
 CVE-2021-30120 (Kaseya VSA through 9.5.7 allows attackers to bypass the 2FA requiremen ...)
 	NOT-FOR-US: Kaseya
@@ -54465,18 +54991,18 @@ CVE-2021-29400 (A cross-site request forgery (CSRF) vulnerability in the My SMTP
 	NOT-FOR-US: My SMTP Contact plugin for GetSimple CMS
 CVE-2021-29399 (XMB is vulnerable to cross-site scripting (XSS) due to inadequate filt ...)
 	NOT-FOR-US: XMB
-CVE-2021-29398
-	RESERVED
-CVE-2021-29397
-	RESERVED
-CVE-2021-29396
-	RESERVED
-CVE-2021-29395
-	RESERVED
-CVE-2021-29394
-	RESERVED
-CVE-2021-29393
-	RESERVED
+CVE-2021-29398 (Directory traversal in /northstar/Common/NorthFileManager/fileManagerO ...)
+	TODO: check
+CVE-2021-29397 (Cleartext Transmission of Sensitive Information in /northstar/Admin/lo ...)
+	TODO: check
+CVE-2021-29396 (Systemic Insecure Permissions in Northstar Technologies Inc NorthStar  ...)
+	TODO: check
+CVE-2021-29395 (Directory travesal in /northstar/filemanager/download.jsp in Northstar ...)
+	TODO: check
+CVE-2021-29394 (Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar  ...)
+	TODO: check
+CVE-2021-29393 (Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar T ...)
+	TODO: check
 CVE-2021-29392
 	RESERVED
 CVE-2021-29391
@@ -54871,10 +55397,10 @@ CVE-2021-29221 (A local privilege escalation vulnerability was discovered in Erl
 	- erlang <not-affected> (Windows-specific)
 CVE-2021-29220
 	RESERVED
-CVE-2021-29219
-	RESERVED
-CVE-2021-29218
-	RESERVED
+CVE-2021-29219 (A potential local buffer overflow vulnerability has been identified in ...)
+	TODO: check
+CVE-2021-29218 (A local unquoted search path security vulnerability has been identifie ...)
+	TODO: check
 CVE-2021-29217
 	RESERVED
 CVE-2021-29216
@@ -56664,8 +57190,8 @@ CVE-2021-28505
 	RESERVED
 CVE-2021-28504
 	RESERVED
-CVE-2021-28503
-	RESERVED
+CVE-2021-28503 (The impact of this vulnerability is that Arista's EOS eAPI may skip re ...)
+	TODO: check
 CVE-2021-28502
 	RESERVED
 CVE-2021-28501 (An issue has recently been discovered in Arista EOS where the incorrec ...)
@@ -61585,13 +62111,13 @@ CVE-2021-26476 (EPrints 3.4.2 allows remote attackers to execute OS commands via
 	NOT-FOR-US: EPrints
 CVE-2021-26475 (EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal ...)
 	NOT-FOR-US: EPrints
-CVE-2021-26474 (Vembu BDR Suite before 4.2.0 allows Unauthenticated SSRF via a GET req ...)
+CVE-2021-26474 (Various Vembu products allow an attacker to execute a (non-blind) http ...)
 	NOT-FOR-US: Vembu BDR Suite
-CVE-2021-26473 (Vembu BDR Suite before 4.2.0 allows Unauthenticated file write via a G ...)
+CVE-2021-26473 (In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http  ...)
 	NOT-FOR-US: Vembu BDR Suite
-CVE-2021-26472 (Vembu BDR Suite before 4.2.0 allows Unauthenticated Remote Code Execut ...)
+CVE-2021-26472 (In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed ...)
 	NOT-FOR-US: Vembu BDR Suite
-CVE-2021-26471 (Vembu BDR Suite before 4.2.0 allows Unauthenticated Remote Code Execut ...)
+CVE-2021-26471 (In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http ...)
 	NOT-FOR-US: Vembu BDR Suite
 CVE-2021-26470
 	RESERVED
@@ -65232,8 +65758,8 @@ CVE-2021-25116
 	RESERVED
 CVE-2021-25115
 	RESERVED
-CVE-2021-25114
-	RESERVED
+CVE-2021-25114 (The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape ...)
+	TODO: check
 CVE-2021-25113
 	RESERVED
 CVE-2021-25112
@@ -65244,18 +65770,18 @@ CVE-2021-25110
 	RESERVED
 CVE-2021-25109
 	RESERVED
-CVE-2021-25108
-	RESERVED
+CVE-2021-25108 (The IP2Location Country Blocker WordPress plugin before 2.26.6 does no ...)
+	TODO: check
 CVE-2021-25107
 	RESERVED
-CVE-2021-25106
-	RESERVED
-CVE-2021-25105
-	RESERVED
+CVE-2021-25106 (The Privacy Policy Generator, Terms & Conditions Generator WordPre ...)
+	TODO: check
+CVE-2021-25105 (The Ivory Search WordPress plugin before 5.4.1 does not escape some of ...)
+	TODO: check
 CVE-2021-25104
 	RESERVED
-CVE-2021-25103
-	RESERVED
+CVE-2021-25103 (The Translate WordPress with GTranslate WordPress plugin before 2.9.7  ...)
+	TODO: check
 CVE-2021-25102
 	RESERVED
 CVE-2021-25101
@@ -65268,10 +65794,10 @@ CVE-2021-25098
 	RESERVED
 CVE-2021-25097 (The LabTools WordPress plugin through 1.0 does not have proper authori ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-25096
-	RESERVED
-CVE-2021-25095
-	RESERVED
+CVE-2021-25096 (The IP2Location Country Blocker WordPress plugin before 2.26.5 bans ca ...)
+	TODO: check
+CVE-2021-25095 (The IP2Location Country Blocker WordPress plugin before 2.26.5 does no ...)
+	TODO: check
 CVE-2021-25094
 	RESERVED
 CVE-2021-25093 (The Link Library WordPress plugin before 7.2.8 does not have authorisa ...)
@@ -65292,8 +65818,8 @@ CVE-2021-25086
 	RESERVED
 CVE-2021-25085 (The WOOF WordPress plugin before 1.2.6.3 does not sanitise and escape  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-25084
-	RESERVED
+CVE-2021-25084 (The Advanced Cron Manager WordPress plugin before 2.4.2, advanced-cron ...)
+	TODO: check
 CVE-2021-25083 (The Registrations for the Events Calendar WordPress plugin before 2.7. ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25082
@@ -65306,8 +65832,8 @@ CVE-2021-25079 (The Contact Form Entries WordPress plugin before 1.2.4 does not
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25078 (The Affiliates Manager WordPress plugin before 2.9.0 does not validate ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-25077
-	RESERVED
+CVE-2021-25077 (The Store Toolkit for WooCommerce WordPress plugin before 2.3.2 does n ...)
+	TODO: check
 CVE-2021-25076 (The WP User Frontend WordPress plugin before 3.5.26 does not validate  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25075
@@ -65402,8 +65928,8 @@ CVE-2021-25031 (The Image Hover Effects Ultimate (Image Gallery, Effects, Lightb
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25030 (The Events Made Easy WordPress plugin before 2.2.36 does not sanitise  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-25029
-	RESERVED
+CVE-2021-25029 (The CLUEVO LMS, E-Learning Platform WordPress plugin before 1.8.1 does ...)
+	TODO: check
 CVE-2021-25028 (The Event Tickets WordPress plugin before 5.2.2 does not validate the  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25027 (The PowerPack Addons for Elementor WordPress plugin before 2.6.2 does  ...)
@@ -65452,8 +65978,8 @@ CVE-2021-25006
 	RESERVED
 CVE-2021-25005 (The SEUR Oficial WordPress plugin before 1.7.0 does not sanitize and e ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-25004
-	RESERVED
+CVE-2021-25004 (The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with ...)
+	TODO: check
 CVE-2021-25003
 	RESERVED
 CVE-2021-25002
@@ -65474,8 +66000,8 @@ CVE-2021-24995
 	RESERVED
 CVE-2021-24994
 	RESERVED
-CVE-2021-24993
-	RESERVED
+CVE-2021-24993 (The Ultimate Product Catalog WordPress plugin before 5.0.26 does not h ...)
+	TODO: check
 CVE-2021-24992 (The Smart Floating / Sticky Buttons WordPress plugin before 2.5.5 does ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24991 (The WooCommerce PDF Invoices & Packing Slips WordPress plugin befo ...)
@@ -65566,8 +66092,8 @@ CVE-2021-24949 (The "WP Search Filters" widget of The Plus Addons for Elementor
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24948 (The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-24947
-	RESERVED
+CVE-2021-24947 (The RVM WordPress plugin before 6.4.2 does not have proper authorisati ...)
+	TODO: check
 CVE-2021-24946 (The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24945 (The Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.38  ...)
@@ -65604,8 +66130,8 @@ CVE-2021-24930 (The WordPress Online Booking and Scheduling Plugin WordPress plu
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24929
 	RESERVED
-CVE-2021-24928
-	RESERVED
+CVE-2021-24928 (The Rearrange Woocommerce Products WordPress plugin before 3.0.8 does  ...)
+	TODO: check
 CVE-2021-24927 (The My Calendar WordPress plugin before 3.2.18 does not sanitise and e ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24926 (The Domain Check WordPress plugin before 1.0.17 does not sanitise and  ...)
@@ -65700,12 +66226,12 @@ CVE-2021-24882 (The Slideshow Gallery WordPress plugin before 1.7.4 does not san
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24881
 	RESERVED
-CVE-2021-24880
-	RESERVED
-CVE-2021-24879
-	RESERVED
-CVE-2021-24878
-	RESERVED
+CVE-2021-24880 (The SupportCandy WordPress plugin before 2.2.7 does not validate and e ...)
+	TODO: check
+CVE-2021-24879 (The SupportCandy WordPress plugin before 2.2.7 does not have CSRF chec ...)
+	TODO: check
+CVE-2021-24878 (The SupportCandy WordPress plugin before 2.2.7 does not sanitise and e ...)
+	TODO: check
 CVE-2021-24877 (The MainWP Child WordPress plugin before 4.1.8 does not validate the o ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24876 (The Registrations for the Events Calendar WordPress plugin before 2.7. ...)
@@ -65774,16 +66300,16 @@ CVE-2021-24845 (The Improved Include Page WordPress plugin through 1.2 allows pa
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24844 (The Affiliates Manager WordPress plugin before 2.8.7 does not validate ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-24843
-	RESERVED
+CVE-2021-24843 (The SupportCandy WordPress plugin before 2.2.7 does not have CRSF chec ...)
+	TODO: check
 CVE-2021-24842 (The Bulk Datetime Change WordPress plugin before 1.12 does not enforce ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24841 (The Helpful WordPress plugin before 4.4.59 does not sanitise and escap ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24840 (The Squaretype WordPress theme before 3.0.4 allows unauthenticated use ...)
 	NOT-FOR-US: WordPress theme
-CVE-2021-24839
-	RESERVED
+CVE-2021-24839 (The SupportCandy WordPress plugin before 2.2.5 does not have authorisa ...)
+	TODO: check
 CVE-2021-24838 (The AnyComment WordPress plugin through 0.2.17 has an API endpoint whi ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24837
@@ -66124,7 +66650,7 @@ CVE-2021-24670 (The CoolClock WordPress plugin before 4.3.5 does not escape some
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24669 (The MAZ Loader – Preloader Builder for WordPress plugin before 1 ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-24668 (The MAZ Loader WordPress plugin through 1.3.4 does not enforce nonce c ...)
+CVE-2021-24668 (The MAZ Loader WordPress plugin before 1.4.1 does not enforce nonce ch ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24667 (A stored cross-site scripting vulnerability has been discovered in : S ...)
 	NOT-FOR-US: FortiGuard
@@ -66774,7 +67300,7 @@ CVE-2021-24345 (The page lists-management feature of the Sendit WP Newsletter Wo
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24344 (The Easy Preloader WordPress plugin through 1.0.0 does not sanitise it ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-24343 (The iFlyChat - WordPress Chat plugin through 4.6.4 does not sanitise i ...)
+CVE-2021-24343 (The iFlyChat WordPress plugin before 4.7.0 does not sanitise its APP I ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24342 (The JNews WordPress theme before 8.0.6 did not sanitise the cat_id par ...)
 	NOT-FOR-US: WordPress theme
@@ -68769,8 +69295,8 @@ CVE-2021-23509 (This affects the package json-ptr before 3.0.0. A type confusion
 	NOT-FOR-US: Node json-ptr
 CVE-2021-23508
 	RESERVED
-CVE-2021-23507
-	RESERVED
+CVE-2021-23507 (The package object-path-set before 1.0.2 are vulnerable to Prototype P ...)
+	TODO: check
 CVE-2021-23506
 	RESERVED
 CVE-2021-23505
@@ -68789,8 +69315,8 @@ CVE-2021-23499
 	RESERVED
 CVE-2021-23498
 	RESERVED
-CVE-2021-23497
-	RESERVED
+CVE-2021-23497 (This affects the package @strikeentco/set before 1.0.2. It allows an a ...)
+	TODO: check
 CVE-2021-23496
 	RESERVED
 CVE-2021-23495
@@ -68844,8 +69370,8 @@ CVE-2021-23472 (This affects versions before 1.19.1 of package bootstrap-table.
 	NOTE: URL in CVE has moved. https://github.com/wenzhixin/bootstrap-table/pull/5941
 CVE-2021-23471
 	RESERVED
-CVE-2021-23470
-	RESERVED
+CVE-2021-23470 (This affects the package putil-merge before 3.8.0. The merge() functio ...)
+	TODO: check
 CVE-2021-23469
 	RESERVED
 CVE-2021-23468
@@ -71607,16 +72133,16 @@ CVE-2021-22290
 	RESERVED
 CVE-2021-22289
 	RESERVED
-CVE-2021-22288
-	RESERVED
+CVE-2021-22288 (Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 ...)
+	TODO: check
 CVE-2021-22287
 	RESERVED
-CVE-2021-22286
-	RESERVED
-CVE-2021-22285
-	RESERVED
-CVE-2021-22284
-	RESERVED
+CVE-2021-22286 (Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 ...)
+	TODO: check
+CVE-2021-22285 (Improper Handling of Exceptional Conditions, Improper Check for Unusua ...)
+	TODO: check
+CVE-2021-22284 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
+	TODO: check
 CVE-2021-22283
 	RESERVED
 CVE-2021-22282
@@ -72349,32 +72875,32 @@ CVE-2021-3009
 	RESERVED
 CVE-2021-3008
 	RESERVED
-CVE-2021-21971
-	RESERVED
-CVE-2021-21970
-	RESERVED
-CVE-2021-21969
-	RESERVED
-CVE-2021-21968
-	RESERVED
+CVE-2021-21971 (An out-of-bounds write vulnerability exists in the URL_decode function ...)
+	TODO: check
+CVE-2021-21970 (An out-of-bounds write vulnerability exists in the HandleSeaCloudMessa ...)
+	TODO: check
+CVE-2021-21969 (An out-of-bounds write vulnerability exists in the HandleSeaCloudMessa ...)
+	TODO: check
+CVE-2021-21968 (A file write vulnerability exists in the OTA update task functionality ...)
+	TODO: check
 CVE-2021-21967
 	RESERVED
 CVE-2021-21966
 	RESERVED
-CVE-2021-21965
-	RESERVED
-CVE-2021-21964
-	RESERVED
-CVE-2021-21963
-	RESERVED
-CVE-2021-21962
-	RESERVED
-CVE-2021-21961
-	RESERVED
-CVE-2021-21960
-	RESERVED
-CVE-2021-21959
-	RESERVED
+CVE-2021-21965 (A denial of service vulnerability exists in the SeaMax remote configur ...)
+	TODO: check
+CVE-2021-21964 (A denial of service vulnerability exists in the Modbus configuration f ...)
+	TODO: check
+CVE-2021-21963 (An information disclosure vulnerability exists in the Web Server funct ...)
+	TODO: check
+CVE-2021-21962 (A heap-based buffer overflow vulnerability exists in the OTA Update u- ...)
+	TODO: check
+CVE-2021-21961 (A stack-based buffer overflow vulnerability exists in the NBNS functio ...)
+	TODO: check
+CVE-2021-21960 (A stack-based buffer overflow vulnerability exists in both the LLMNR f ...)
+	TODO: check
+CVE-2021-21959 (A misconfiguration exists in the MQTTS functionality of Sealevel Syste ...)
+	TODO: check
 CVE-2021-21958
 	RESERVED
 CVE-2021-21957 (A privilege escalation vulnerability exists in the Remote Server funct ...)
@@ -124615,10 +125141,10 @@ CVE-2020-12968
 	REJECTED
 CVE-2020-12967 (The lack of nested page table protection in the AMD SEV/SEV-ES feature ...)
 	NOT-FOR-US: AMD
-CVE-2020-12966
-	RESERVED
-CVE-2020-12965
-	RESERVED
+CVE-2020-12966 (AMD EPYC™ Processors contain an information disclosure vulnerabi ...)
+	TODO: check
+CVE-2020-12965 (When combined with specific software sequences, AMD CPUs may transient ...)
+	TODO: check
 CVE-2020-12964 (A potential privilege escalation/denial of service issue exists in the ...)
 	NOT-FOR-US: Intel / AMD
 CVE-2020-12963 (An insufficient pointer validation vulnerability in the AMD Graphics D ...)
@@ -124771,8 +125297,7 @@ CVE-2020-12893 (Stack Buffer Overflow in AMD Graphics Driver for Windows 10 in E
 	NOT-FOR-US: Intel / AMD
 CVE-2020-12892 (An untrusted search path in AMD Radeon settings Installer may lead to  ...)
 	NOT-FOR-US: Intel / AMD
-CVE-2020-12891
-	RESERVED
+CVE-2020-12891 (AMD Radeon Software may be vulnerable to DLL Hijacking through path va ...)
 	NOT-FOR-US: AMD
 CVE-2020-12890 (Improper handling of pointers in the System Management Mode (SMM) hand ...)
 	NOT-FOR-US: AMD
@@ -140157,8 +140682,8 @@ CVE-2020-7536 (A CWE-754:Improper Check for Unusual or Exceptional Conditions vu
 	NOT-FOR-US: Modicon
 CVE-2020-7535 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory  ...)
 	NOT-FOR-US: Modicon
-CVE-2020-7534
-	RESERVED
+CVE-2020-7534 (A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on t ...)
+	TODO: check
 CVE-2020-7533 (A CWE-255: Credentials Management vulnerability exists in Web Server o ...)
 	NOT-FOR-US: Modicon
 CVE-2020-7532 (A CWE-502 Deserialization of Untrusted Data vulnerability exists in SC ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60591c831241145b246717e0fe59701057b934c8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60591c831241145b246717e0fe59701057b934c8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220207/0cad6e32/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list