[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Feb 16 20:10:32 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
08ef0d08 by security tracker role at 2022-02-16T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,85 @@
+CVE-2022-25257
+ RESERVED
+CVE-2022-25256
+ RESERVED
+CVE-2022-25255 (In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux ...)
+ TODO: check
+CVE-2022-25254
+ RESERVED
+CVE-2022-25253
+ RESERVED
+CVE-2022-25252
+ RESERVED
+CVE-2022-25251
+ RESERVED
+CVE-2022-25250
+ RESERVED
+CVE-2022-25249
+ RESERVED
+CVE-2022-25248
+ RESERVED
+CVE-2022-25247
+ RESERVED
+CVE-2022-25246
+ RESERVED
+CVE-2022-24374
+ RESERVED
+CVE-2022-23916
+ RESERVED
+CVE-2022-23810
+ RESERVED
+CVE-2022-21142
+ RESERVED
+CVE-2022-0648
+ RESERVED
+CVE-2022-0647
+ RESERVED
+CVE-2022-0646
+ RESERVED
+CVE-2022-0645
+ RESERVED
+CVE-2022-0644
+ RESERVED
+CVE-2022-0643
+ RESERVED
+CVE-2022-0642
+ RESERVED
+CVE-2022-0641
+ RESERVED
+CVE-2022-0640
+ RESERVED
+CVE-2022-0639
+ RESERVED
+CVE-2022-0638
+ RESERVED
+CVE-2022-0637
+ RESERVED
+CVE-2022-0636
+ RESERVED
+CVE-2022-0635
+ RESERVED
+CVE-2022-0634
+ RESERVED
+CVE-2022-0633
+ RESERVED
+CVE-2022-0632
+ RESERVED
+CVE-2022-0631
+ RESERVED
+CVE-2022-0630
+ RESERVED
+CVE-2022-0629
+ RESERVED
+CVE-2022-0628
+ RESERVED
+CVE-2022-0627
+ RESERVED
+CVE-2022-0626
+ RESERVED
+CVE-2022-0625
+ RESERVED
+CVE-2022-0624
+ RESERVED
CVE-2022-XXXX [Improper input validation - SA-CORE-2022-003]
- drupal7 <removed>
[stretch] - drupal7 7.52-2+deb9u18
@@ -97,8 +179,7 @@ CVE-2022-21159
RESERVED
CVE-2022-0618
RESERVED
-CVE-2022-0617 [Null pointer dereference can be triggered when write to an ICB inode]
- RESERVED
+CVE-2022-0617 (A flaw null pointer dereference in the Linux kernel UDF file system fu ...)
- linux 5.16.7-1
NOTE: https://git.kernel.org/linus/7fc3b7c2981bbd1047916ade327beccb90994eee
NOTE: https://git.kernel.org/linus/ea8569194b43f0f01f0a84c689388542c7254a1f
@@ -106,12 +187,12 @@ CVE-2022-0616
RESERVED
CVE-2022-0615
RESERVED
-CVE-2022-0614
- RESERVED
-CVE-2022-0613
- RESERVED
+CVE-2022-0614 (Use of Out-of-range Pointer Offset in Homebrew mruby prior to 3.2. ...)
+ TODO: check
+CVE-2022-0613 (Authorization Bypass Through User-Controlled Key in NPM urijs prior to ...)
+ TODO: check
CVE-2021-4220
- RESERVED
+ REJECTED
CVE-2021-4219
RESERVED
CVE-2022-25212 (A cross-site request forgery (CSRF) vulnerability in Jenkins SWAMP Plu ...)
@@ -1328,8 +1409,8 @@ CVE-2022-0561 (Null source pointer passed as an argument to memcpy() function wi
NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef
CVE-2022-0560 (Open Redirect in Packagist microweber/microweber prior to 1.2.11. ...)
NOT-FOR-US: microweber
-CVE-2022-0559
- RESERVED
+CVE-2022-0559 (Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2. ...)
+ TODO: check
CVE-2022-0558 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...)
NOT-FOR-US: microweber
CVE-2022-0557 (OS Command Injection in Packagist microweber/microweber prior to 1.2.1 ...)
@@ -1547,12 +1628,12 @@ CVE-2022-0516 [KVM: s390: Return error on SIDA memop on normal guest]
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://git.kernel.org/linus/2c212e1baedcd782b2535a3f86bc491977677c0e
NOTE: https://www.openwall.com/lists/oss-security/2022/02/11/2
-CVE-2022-24665
- RESERVED
-CVE-2022-24664
- RESERVED
-CVE-2022-24663
- RESERVED
+CVE-2022-24665 (PHP Everywhere <= 2.0.3 included functionality that allowed executi ...)
+ TODO: check
+CVE-2022-24664 (PHP Everywhere <= 2.0.3 included functionality that allowed executi ...)
+ TODO: check
+CVE-2022-24663 (PHP Everywhere <= 2.0.3 included functionality that allowed executi ...)
+ TODO: check
CVE-2022-24662
RESERVED
CVE-2022-24661
@@ -2052,8 +2133,8 @@ CVE-2022-0515
RESERVED
CVE-2022-0514
RESERVED
-CVE-2022-0513
- RESERVED
+CVE-2022-0513 (The WP Statistics WordPress plugin is vulnerable to SQL Injection due ...)
+ TODO: check
CVE-2022-0512 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...)
TODO: check
CVE-2022-0511
@@ -3232,8 +3313,8 @@ CVE-2022-24088
RESERVED
CVE-2022-24087
RESERVED
-CVE-2022-24086
- RESERVED
+CVE-2022-24086 (Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earli ...)
+ TODO: check
CVE-2022-24085
RESERVED
CVE-2022-24084
@@ -4627,10 +4708,10 @@ CVE-2022-23806 (Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17
NOTE: https://github.com/golang/go/commit/e16331902340c02bdf1831b5508df2307b871ef6 (go1.17.7)
CVE-2022-23805 (A security out-of-bounds read information disclosure vulnerability in ...)
NOT-FOR-US: Trend Micro
-CVE-2022-23804
- RESERVED
-CVE-2022-23803
- RESERVED
+CVE-2022-23804 (A stack-based buffer overflow vulnerability exists in the Gerber Viewe ...)
+ TODO: check
+CVE-2022-23803 (A stack-based buffer overflow vulnerability exists in the Gerber Viewe ...)
+ TODO: check
CVE-2022-23802
RESERVED
CVE-2022-23801
@@ -5009,8 +5090,8 @@ CVE-2022-23646
RESERVED
CVE-2022-23645
RESERVED
-CVE-2022-23644
- RESERVED
+CVE-2022-23644 (BookWyrm is a decentralized social network for tracking reading habits ...)
+ TODO: check
CVE-2022-23643 (Sourcegraph is a code search and navigation engine. Sourcegraph versio ...)
TODO: check
CVE-2022-23642
@@ -5774,8 +5855,8 @@ CVE-2022-23360
RESERVED
CVE-2022-23359
RESERVED
-CVE-2022-23358
- RESERVED
+CVE-2022-23358 (EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. In ...)
+ TODO: check
CVE-2022-23357 (mozilo2.0 was discovered to be vulnerable to directory traversal attac ...)
TODO: check
CVE-2022-23356
@@ -5910,8 +5991,8 @@ CVE-2021-46390
RESERVED
CVE-2021-46389 (IIPImage High Resolution Streaming Image Server prior to commit 882925 ...)
NOT-FOR-US: IIPImage High Resolution Streaming Image Server
-CVE-2021-46388
- RESERVED
+CVE-2021-46388 (WAGO 750-8212 PFC200 G2 2ETH RS Firmware version 03.05.10(17) is affec ...)
+ TODO: check
CVE-2021-46387
RESERVED
CVE-2021-46386 (https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: File U ...)
@@ -6589,44 +6670,44 @@ CVE-2022-23206 (In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, a
NOT-FOR-US: Apache Traffic Control
CVE-2022-23205
RESERVED
-CVE-2022-23204
- RESERVED
-CVE-2022-23203
- RESERVED
-CVE-2022-23202
- RESERVED
+CVE-2022-23204 (Adobe Premiere Rush versions 2.0 and earlier are affected by an out-of ...)
+ TODO: check
+CVE-2022-23203 (Adobe Photoshop versions 22.5.4 (and earlier) and 23.1 (and earlier) a ...)
+ TODO: check
+CVE-2022-23202 (Adobe Creative Cloud Desktop version 2.7.0.13 (and earlier) is affecte ...)
+ TODO: check
CVE-2022-23201
RESERVED
-CVE-2022-23200
- RESERVED
-CVE-2022-23199
- RESERVED
-CVE-2022-23198
- RESERVED
-CVE-2022-23197
- RESERVED
-CVE-2022-23196
- RESERVED
-CVE-2022-23195
- RESERVED
-CVE-2022-23194
- RESERVED
-CVE-2022-23193
- RESERVED
-CVE-2022-23192
- RESERVED
-CVE-2022-23191
- RESERVED
-CVE-2022-23190
- RESERVED
-CVE-2022-23189
- RESERVED
-CVE-2022-23188
- RESERVED
+CVE-2022-23200 (Adobe After Effects versions 22.1.1 (and earlier) and 18.4.3 (and earl ...)
+ TODO: check
+CVE-2022-23199 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+ TODO: check
+CVE-2022-23198 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+ TODO: check
+CVE-2022-23197 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+ TODO: check
+CVE-2022-23196 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+ TODO: check
+CVE-2022-23195 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+ TODO: check
+CVE-2022-23194 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+ TODO: check
+CVE-2022-23193 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+ TODO: check
+CVE-2022-23192 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+ TODO: check
+CVE-2022-23191 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+ TODO: check
+CVE-2022-23190 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+ TODO: check
+CVE-2022-23189 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+ TODO: check
+CVE-2022-23188 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+ TODO: check
CVE-2022-23187
RESERVED
-CVE-2022-23186
- RESERVED
+CVE-2022-23186 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+ TODO: check
CVE-2022-23185
RESERVED
CVE-2022-23184 (In affected Octopus Server versions when the server HTTP and HTTPS bin ...)
@@ -7271,8 +7352,8 @@ CVE-2022-22947
RESERVED
CVE-2022-22946
RESERVED
-CVE-2022-22945
- RESERVED
+CVE-2022-22945 (VMware NSX Edge contains a CLI shell injection vulnerability. A malici ...)
+ TODO: check
CVE-2022-22944
RESERVED
CVE-2022-22943
@@ -7488,8 +7569,8 @@ CVE-2022-22855
RESERVED
CVE-2022-22854 (An access control issue in hprms/admin/?page=user/list of Hospital Pat ...)
NOT-FOR-US: Hospital Patient Record Management System
-CVE-2022-22853
- RESERVED
+CVE-2022-22853 (A stored cross-site scripting (XSS) vulnerability in Hospital Patient ...)
+ TODO: check
CVE-2022-22852 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodt ...)
NOT-FOR-US: Sourcecodtester
CVE-2022-22851 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodt ...)
@@ -7991,8 +8072,8 @@ CVE-2022-22794
RESERVED
CVE-2022-22793
RESERVED
-CVE-2022-22792
- RESERVED
+CVE-2022-22792 (MobiSoft - MobiPlus User Take Over and Improper Handling of url Parame ...)
+ TODO: check
CVE-2022-22791 (SYNEL - eharmony Authenticated Blind & Stored XSS. Inject JS code ...)
NOT-FOR-US: SYNEL
CVE-2022-22790 (SYNEL - eharmony Directory Traversal. Directory Traversal - is an atta ...)
@@ -12008,6 +12089,7 @@ CVE-2021-45446
CVE-2021-45445 (Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 h ...)
NOT-FOR-US: Unisys
CVE-2021-45444 (In zsh before 5.8.1, an attacker can achieve code execution if they co ...)
+ {DSA-5078-1}
- zsh 5.8.1-1
NOTE: https://sourceforge.net/p/zsh/code/ci/c187154f47697cdbf822c2f9d714d570ed4a0fd1/
NOTE: https://sourceforge.net/p/zsh/code/ci/fdb8b0ce6244ff26bf55e0fd825310a58d0d3156/
@@ -12138,8 +12220,8 @@ CVE-2021-45393
RESERVED
CVE-2021-45392 (A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01. ...)
NOT-FOR-US: Tenda
-CVE-2021-45391
- RESERVED
+CVE-2021-45391 (A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01. ...)
+ TODO: check
CVE-2021-45390
RESERVED
CVE-2021-45389 (StarWind SAN & NAS build 1578 and StarWind Command Center Build 68 ...)
@@ -13012,8 +13094,8 @@ CVE-2021-4135
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/481221775d53d6215a6e5e9ce1cce6d2b4ab9a46 (5.16-rc6)
NOTE: CONFIG_NETDEVSIM is not set in Debian
-CVE-2021-4134
- RESERVED
+CVE-2021-4134 (The Fancy Product Designer WordPress plugin is vulnerable to SQL Injec ...)
+ TODO: check
CVE-2021-4133 (A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 ...)
NOT-FOR-US: Keycloak
CVE-2021-4132 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
@@ -14052,8 +14134,8 @@ CVE-2021-44834
RESERVED
CVE-2021-4107 (yetiforcecrm is vulnerable to Improper Neutralization of Input During ...)
NOT-FOR-US: yetiforcecrm
-CVE-2021-4106
- RESERVED
+CVE-2021-4106 (A vulnerability in Snow Inventory Java Scanner allows an attacker to r ...)
+ TODO: check
CVE-2021-4105
RESERVED
CVE-2018-25022 (The Onion module in toxcore before 0.2.2 doesn't restrict which packet ...)
@@ -27996,8 +28078,7 @@ CVE-2021-3783 (yourls is vulnerable to Improper Neutralization of Input During W
NOT-FOR-US: yourls
CVE-2021-3782
RESERVED
-CVE-2021-3781 [Include device specifier strings in access validation]
- RESERVED
+CVE-2021-3781 (A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was ...)
{DSA-4972-1}
- ghostscript 9.53.3~dfsg-8 (bug #994011)
[buster] - ghostscript <not-affected> (Vulnerable code introduced later)
@@ -28702,8 +28783,7 @@ CVE-2021-3775 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: ShowDoc
CVE-2021-3774 (Meross Smart Wi-Fi 2 Way Wall Switch (MSS550X), on its 3.1.3 version a ...)
NOT-FOR-US: Meross Smart Wi-Fi 2 Way Wall Switch
-CVE-2021-3773
- RESERVED
+CVE-2021-3773 (A flaw in netfilter could allow a network-connected attacker to infer ...)
NOTE: https://www.openwall.com/lists/oss-security/2021/09/08/3
NOTE: https://breakpointingbad.com/2021/09/08/Port-Shadows-via-Network-Alchemy.html
TODO: fill in tracking details
@@ -29148,8 +29228,7 @@ CVE-2021-3761 (Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into
- cfrpki 1.3.0-1 (bug #994572)
NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-c8xp-8mf3-62h9
NOTE: https://github.com/cloudflare/cfrpki/commit/a8db4e009ef217484598ba1fd1c595b54e0f6422
-CVE-2021-3760
- RESERVED
+CVE-2021-3760 (A flaw was found in the Linux kernel. A use-after-free vulnerability i ...)
{DLA-2843-1}
- linux 5.14.16-1 (unimportant)
[bullseye] - linux 5.10.84-1
@@ -29229,14 +29308,12 @@ CVE-2021-3755
REJECTED
CVE-2021-3754
RESERVED
-CVE-2021-3753
- RESERVED
+CVE-2021-3753 (A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c ...)
{DSA-4978-1 DLA-2843-1 DLA-2785-1}
- linux 5.14.6-1
[buster] - linux 4.19.208-1
NOTE: https://git.kernel.org/linus/2287a51ba822384834dafc1c798453375d1107c7
-CVE-2021-3752
- RESERVED
+CVE-2021-3752 (A use-after-free flaw was found in the Linux kernel’s Bluetooth ...)
- linux 5.15.3-1
[bullseye] - linux 5.10.84-1
NOTE: https://www.openwall.com/lists/oss-security/2021/09/15/4
@@ -31661,16 +31738,16 @@ CVE-2021-39303 (The server in Jamf Pro before 10.32.0 has an SSRF vulnerability,
NOT-FOR-US: Jamf Pro
CVE-2021-39302 (MISP 2.4.148, in certain configurations, allows SQL injection via the ...)
NOT-FOR-US: MISP
-CVE-2021-39301
- RESERVED
-CVE-2021-39300
- RESERVED
-CVE-2021-39299
- RESERVED
-CVE-2021-39298
- RESERVED
-CVE-2021-39297
- RESERVED
+CVE-2021-39301 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...)
+ TODO: check
+CVE-2021-39300 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...)
+ TODO: check
+CVE-2021-39299 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...)
+ TODO: check
+CVE-2021-39298 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...)
+ TODO: check
+CVE-2021-39297 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...)
+ TODO: check
CVE-2021-39296 (In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass auth ...)
NOT-FOR-US: OpenBMC
CVE-2021-39295
@@ -38202,7 +38279,7 @@ CVE-2021-36742 (A improper input validation vulnerability in Trend Micro Apex On
CVE-2021-36741 (An improper input validation vulnerability in Trend Micro Apex One, Ap ...)
NOT-FOR-US: Trend Micro
CVE-2021-3648
- RESERVED
+ REJECTED
- binutils <unfixed> (unimportant)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100968
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99935
@@ -45076,8 +45153,7 @@ CVE-2021-33807 (Cartadis Gespage through 8.2.1 allows Directory Traversal in ges
NOT-FOR-US: Cartadis Gespage
CVE-2021-3579 (Incorrect Default Permissions vulnerability in the bdservicehost.exe a ...)
NOT-FOR-US: Bitdefender
-CVE-2021-3578 [possible remote code execution in isync/mbsync]
- RESERVED
+CVE-2021-3578 (A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecke ...)
- isync 1.3.0-2.2 (bug #989564)
[buster] - isync 1.3.0-2.2~deb10u1
[stretch] - isync <no-dsa> (Minor issue)
@@ -45940,8 +46016,7 @@ CVE-2021-3561 (An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed
NOTE: https://sourceforge.net/p/mcj/tickets/116/
NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/6827c09d2d6491cb2ae3ac7196439ff3aa791fd9/
NOTE: Depends on CVE-2019-19797 fix
-CVE-2021-3560 [local privilege escalation using polkit_system_bus_name_get_creds_sync()]
- RESERVED
+CVE-2021-3560 (It was found that polkit could be tricked into bypassing the credentia ...)
- policykit-1 0.105-31 (bug #989429)
[buster] - policykit-1 <not-affected> (Vulnerable code introduced later)
[stretch] - policykit-1 <not-affected> (Vulnerable code introduced later)
@@ -46554,8 +46629,7 @@ CVE-2021-3559 (A flaw was found in libvirt in the virConnectListAllNodeDevices A
CVE-2021-3558
RESERVED
- moodle <removed>
-CVE-2021-3557
- RESERVED
+CVE-2021-3557 (A flaw was found in argocd. Any unprivileged user is able to deploy ar ...)
NOT-FOR-US: Argo CD
CVE-2021-3556
REJECTED
@@ -47260,8 +47334,7 @@ CVE-2021-32927
RESERVED
CVE-2021-32926 (When an authenticated password change request takes place, this vulner ...)
NOT-FOR-US: Rockwell Automation
-CVE-2021-3551
- RESERVED
+CVE-2021-3551 (A flaw was found in the PKI-server, where the spkispawn command, when ...)
- dogtag-pki 10.10.6-1 (bug #991665)
[bullseye] - dogtag-pki <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1959971
@@ -63318,8 +63391,8 @@ CVE-2021-26728
RESERVED
CVE-2021-26727
RESERVED
-CVE-2021-26726
- RESERVED
+CVE-2021-26726 (A remote code execution vulnerability affecting a Valmet DNA service l ...)
+ TODO: check
CVE-2021-26725 (Path Traversal vulnerability when changing timezone using web GUI of N ...)
NOT-FOR-US: Nozomi Networks Guardian
CVE-2021-26724 (OS Command Injection vulnerability when changing date settings or host ...)
@@ -70810,8 +70883,8 @@ CVE-2021-23684
RESERVED
CVE-2021-23683
RESERVED
-CVE-2021-23682
- RESERVED
+CVE-2021-23682 (This affects the package litespeed.js before 0.3.12; the package appwr ...)
+ TODO: check
CVE-2021-23681
RESERVED
CVE-2021-23680
@@ -74583,8 +74656,8 @@ CVE-2021-22052
RESERVED
CVE-2021-22051 (Applications using Spring Cloud Gateway are vulnerable to specifically ...)
NOT-FOR-US: Spring Cloud Gateway
-CVE-2021-22050
- RESERVED
+CVE-2021-22050 (ESXi contains a slow HTTP POST denial-of-service vulnerability in rhtt ...)
+ TODO: check
CVE-2021-22049 (The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Requ ...)
NOT-FOR-US: VMware
CVE-2021-22048 (The vCenter Server contains a privilege escalation vulnerability in th ...)
@@ -74597,14 +74670,14 @@ CVE-2021-22045 (VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before
NOT-FOR-US: VMware
CVE-2021-22044 (In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEA ...)
NOT-FOR-US: Spring Cloud OpenFeign
-CVE-2021-22043
- RESERVED
-CVE-2021-22042
- RESERVED
-CVE-2021-22041
- RESERVED
-CVE-2021-22040
- RESERVED
+CVE-2021-22043 (VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerabilit ...)
+ TODO: check
+CVE-2021-22042 (VMware ESXi contains an unauthorized access vulnerability due to VMX h ...)
+ TODO: check
+CVE-2021-22041 (VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerabil ...)
+ TODO: check
+CVE-2021-22040 (VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerab ...)
+ TODO: check
CVE-2021-22039
RESERVED
CVE-2021-22038 (On Windows, the uninstaller binary copies itself to a fixed temporary ...)
@@ -74773,8 +74846,8 @@ CVE-2021-21968 (A file write vulnerability exists in the OTA update task functio
NOT-FOR-US: Sealevel Systems
CVE-2021-21967
RESERVED
-CVE-2021-21966
- RESERVED
+CVE-2021-21966 (An information disclosure vulnerability exists in the HTTP Server /pin ...)
+ TODO: check
CVE-2021-21965 (A denial of service vulnerability exists in the SeaMax remote configur ...)
NOT-FOR-US: Sealevel Systems
CVE-2021-21964 (A denial of service vulnerability exists in the Modbus configuration f ...)
@@ -74789,8 +74862,8 @@ CVE-2021-21960 (A stack-based buffer overflow vulnerability exists in both the L
NOT-FOR-US: Sealevel Systems
CVE-2021-21959 (A misconfiguration exists in the MQTTS functionality of Sealevel Syste ...)
NOT-FOR-US: Sealevel Systems
-CVE-2021-21958
- RESERVED
+CVE-2021-21958 (A heap-based buffer overflow vulnerability exists in the Hword HwordAp ...)
+ TODO: check
CVE-2021-21957 (A privilege escalation vulnerability exists in the Remote Server funct ...)
NOT-FOR-US: Dream Report ODS Remote Connector
CVE-2021-21956
@@ -144044,18 +144117,18 @@ CVE-2020-6924
RESERVED
CVE-2020-6923
RESERVED
-CVE-2020-6922
- RESERVED
-CVE-2020-6921
- RESERVED
-CVE-2020-6920
- RESERVED
-CVE-2020-6919
- RESERVED
-CVE-2020-6918
- RESERVED
-CVE-2020-6917
- RESERVED
+CVE-2020-6922 (Potential security vulnerabilities including compromise of integrity, ...)
+ TODO: check
+CVE-2020-6921 (Potential security vulnerabilities including compromise of integrity, ...)
+ TODO: check
+CVE-2020-6920 (Potential security vulnerabilities including compromise of integrity, ...)
+ TODO: check
+CVE-2020-6919 (Potential security vulnerabilities including compromise of integrity, ...)
+ TODO: check
+CVE-2020-6918 (Potential security vulnerabilities including compromise of integrity, ...)
+ TODO: check
+CVE-2020-6917 (Potential security vulnerabilities including compromise of integrity, ...)
+ TODO: check
CVE-2020-6916
RESERVED
CVE-2020-6915
@@ -206319,10 +206392,10 @@ CVE-2019-4354
RESERVED
CVE-2019-4353
RESERVED
-CVE-2019-4352
- RESERVED
-CVE-2019-4351
- RESERVED
+CVE-2019-4352 (IBM Maximo Anywhere 7.6.4.0 applications could allow obfuscation of th ...)
+ TODO: check
+CVE-2019-4351 (IBM Maximo Anywhere 7.6.4.0 applications could disclose sensitive info ...)
+ TODO: check
CVE-2019-4350
RESERVED
CVE-2019-4349 (IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 application ...)
@@ -206441,8 +206514,8 @@ CVE-2019-4293 (IBM Storwize V7000 Unified (2073) 1.6 configuration may allow an
NOT-FOR-US: IBM
CVE-2019-4292 (IBM Security Guardium 10.5 could allow a remote attacker to upload arb ...)
NOT-FOR-US: IBM
-CVE-2019-4291
- RESERVED
+CVE-2019-4291 (IBM Maximo Anywhere 7.6.4.0 could allow an attacker to reverse enginee ...)
+ TODO: check
CVE-2019-4290
RESERVED
CVE-2019-4289
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08ef0d08c1036d50d62fdf890816b606a63e26b5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08ef0d08c1036d50d62fdf890816b606a63e26b5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220216/7ea21b2e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list