[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jul 18 09:10:20 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
481f4f71 by security tracker role at 2022-07-18T08:10:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,299 @@
+CVE-2022-36275
+ RESERVED
+CVE-2022-36274
+ RESERVED
+CVE-2022-36273
+ RESERVED
+CVE-2022-36272
+ RESERVED
+CVE-2022-36271
+ RESERVED
+CVE-2022-36270
+ RESERVED
+CVE-2022-36269
+ RESERVED
+CVE-2022-36268
+ RESERVED
+CVE-2022-36267
+ RESERVED
+CVE-2022-36266
+ RESERVED
+CVE-2022-36265
+ RESERVED
+CVE-2022-36264
+ RESERVED
+CVE-2022-36263
+ RESERVED
+CVE-2022-36262
+ RESERVED
+CVE-2022-36261
+ RESERVED
+CVE-2022-36260
+ RESERVED
+CVE-2022-36259
+ RESERVED
+CVE-2022-36258
+ RESERVED
+CVE-2022-36257
+ RESERVED
+CVE-2022-36256
+ RESERVED
+CVE-2022-36255
+ RESERVED
+CVE-2022-36254
+ RESERVED
+CVE-2022-36253
+ RESERVED
+CVE-2022-36252
+ RESERVED
+CVE-2022-36251
+ RESERVED
+CVE-2022-36250
+ RESERVED
+CVE-2022-36249
+ RESERVED
+CVE-2022-36248
+ RESERVED
+CVE-2022-36247
+ RESERVED
+CVE-2022-36246
+ RESERVED
+CVE-2022-36245
+ RESERVED
+CVE-2022-36244
+ RESERVED
+CVE-2022-36243
+ RESERVED
+CVE-2022-36242
+ RESERVED
+CVE-2022-36241
+ RESERVED
+CVE-2022-36240
+ RESERVED
+CVE-2022-36239
+ RESERVED
+CVE-2022-36238
+ RESERVED
+CVE-2022-36237
+ RESERVED
+CVE-2022-36236
+ RESERVED
+CVE-2022-36235
+ RESERVED
+CVE-2022-36234
+ RESERVED
+CVE-2022-36233
+ RESERVED
+CVE-2022-36232
+ RESERVED
+CVE-2022-36231
+ RESERVED
+CVE-2022-36230
+ RESERVED
+CVE-2022-36229
+ RESERVED
+CVE-2022-36228
+ RESERVED
+CVE-2022-36227
+ RESERVED
+CVE-2022-36226
+ RESERVED
+CVE-2022-36225
+ RESERVED
+CVE-2022-36224
+ RESERVED
+CVE-2022-36223
+ RESERVED
+CVE-2022-36222
+ RESERVED
+CVE-2022-36221
+ RESERVED
+CVE-2022-36220
+ RESERVED
+CVE-2022-36219
+ RESERVED
+CVE-2022-36218
+ RESERVED
+CVE-2022-36217
+ RESERVED
+CVE-2022-36216
+ RESERVED
+CVE-2022-36215
+ RESERVED
+CVE-2022-36214
+ RESERVED
+CVE-2022-36213
+ RESERVED
+CVE-2022-36212
+ RESERVED
+CVE-2022-36211
+ RESERVED
+CVE-2022-36210
+ RESERVED
+CVE-2022-36209
+ RESERVED
+CVE-2022-36208
+ RESERVED
+CVE-2022-36207
+ RESERVED
+CVE-2022-36206
+ RESERVED
+CVE-2022-36205
+ RESERVED
+CVE-2022-36204
+ RESERVED
+CVE-2022-36203
+ RESERVED
+CVE-2022-36202
+ RESERVED
+CVE-2022-36201
+ RESERVED
+CVE-2022-36200
+ RESERVED
+CVE-2022-36199
+ RESERVED
+CVE-2022-36198
+ RESERVED
+CVE-2022-36197
+ RESERVED
+CVE-2022-36196
+ RESERVED
+CVE-2022-36195
+ RESERVED
+CVE-2022-36194
+ RESERVED
+CVE-2022-36193
+ RESERVED
+CVE-2022-36192
+ RESERVED
+CVE-2022-36191
+ RESERVED
+CVE-2022-36190
+ RESERVED
+CVE-2022-36189
+ RESERVED
+CVE-2022-36188
+ RESERVED
+CVE-2022-36187
+ RESERVED
+CVE-2022-36186
+ RESERVED
+CVE-2022-36185
+ RESERVED
+CVE-2022-36184
+ RESERVED
+CVE-2022-36183
+ RESERVED
+CVE-2022-36182
+ RESERVED
+CVE-2022-36181
+ RESERVED
+CVE-2022-36180
+ RESERVED
+CVE-2022-36179
+ RESERVED
+CVE-2022-36178
+ RESERVED
+CVE-2022-36177
+ RESERVED
+CVE-2022-36176
+ RESERVED
+CVE-2022-36175
+ RESERVED
+CVE-2022-36174
+ RESERVED
+CVE-2022-36173
+ RESERVED
+CVE-2022-36172
+ RESERVED
+CVE-2022-36171
+ RESERVED
+CVE-2022-36170
+ RESERVED
+CVE-2022-36169
+ RESERVED
+CVE-2022-36168
+ RESERVED
+CVE-2022-36167
+ RESERVED
+CVE-2022-36166
+ RESERVED
+CVE-2022-36165
+ RESERVED
+CVE-2022-36164
+ RESERVED
+CVE-2022-36163
+ RESERVED
+CVE-2022-36162
+ RESERVED
+CVE-2022-36161
+ RESERVED
+CVE-2022-36160
+ RESERVED
+CVE-2022-36159
+ RESERVED
+CVE-2022-36158
+ RESERVED
+CVE-2022-36157
+ RESERVED
+CVE-2022-36156
+ RESERVED
+CVE-2022-36155
+ RESERVED
+CVE-2022-36154
+ RESERVED
+CVE-2022-36153
+ RESERVED
+CVE-2022-36152
+ RESERVED
+CVE-2022-36151
+ RESERVED
+CVE-2022-36150
+ RESERVED
+CVE-2022-36149
+ RESERVED
+CVE-2022-36148
+ RESERVED
+CVE-2022-36147
+ RESERVED
+CVE-2022-36146
+ RESERVED
+CVE-2022-36145
+ RESERVED
+CVE-2022-36144
+ RESERVED
+CVE-2022-36143
+ RESERVED
+CVE-2022-36142
+ RESERVED
+CVE-2022-36141
+ RESERVED
+CVE-2022-36140
+ RESERVED
+CVE-2022-36139
+ RESERVED
+CVE-2022-36138
+ RESERVED
+CVE-2022-36137
+ RESERVED
+CVE-2022-36136
+ RESERVED
+CVE-2022-36135
+ RESERVED
+CVE-2022-36134
+ RESERVED
+CVE-2022-36133
+ RESERVED
+CVE-2022-36132
+ RESERVED
+CVE-2022-36131
+ RESERVED
+CVE-2022-36130
+ RESERVED
+CVE-2022-36129
+ RESERVED
+CVE-2022-2455
+ RESERVED
CVE-2022-36128
RESERVED
CVE-2022-36127
@@ -5770,8 +6066,7 @@ CVE-2022-33905
RESERVED
CVE-2022-33904
RESERVED
-CVE-2022-33903
- RESERVED
+CVE-2022-33903 (Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging ...)
- tor 0.4.7.8-1
[bullseye] - tor <not-affected> (Only affects 0.4.7.x)
[buster] - tor <not-affected> (Only affects 0.4.7.x)
@@ -7849,8 +8144,8 @@ CVE-2022-2054 (Command Injection in GitHub repository nuitka/nuitka prior to 0.9
[stretch] - nuitka <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/ea4a842c-c48c-4aae-a599-3305125c63a7/
NOTE: https://github.com/nuitka/nuitka/commit/09647745d7cbb6ff32f9fa948f19d5558b32bcad
-CVE-2022-32985
- RESERVED
+CVE-2022-32985 (libnx_apl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.0 ...)
+ TODO: check
CVE-2022-32984
RESERVED
CVE-2022-32983 (Knot Resolver through 5.5.1 may allow DNS cache poisoning when there i ...)
@@ -9667,8 +9962,8 @@ CVE-2022-32265 (qDecoder before 12.1.0 does not ensure that the percent characte
NOT-FOR-US: qDecoder
CVE-2022-32264
RESERVED
-CVE-2022-32263
- RESERVED
+CVE-2022-32263 (Pexip Infinity before 28.1 allows remote attackers to trigger a softwa ...)
+ TODO: check
CVE-2022-32262 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
NOT-FOR-US: Siemens
CVE-2022-32261 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
@@ -12562,8 +12857,8 @@ CVE-2022-1809 (Access of Uninitialized Pointer in GitHub repository radareorg/ra
- radare2 <unfixed> (bug #1014478)
NOTE: https://huntr.dev/bounties/0730a95e-c485-4ff2-9a5d-bb3abfda0b17
NOTE: https://github.com/radareorg/radare2/commit/919e3ac1a13f753c73e7a8e8d8bb4a143218732d
-CVE-2022-31260
- RESERVED
+CVE-2022-31260 (In Montala ResourceSpace through 9.8 before r19636, csv_export_results ...)
+ TODO: check
CVE-2022-31259 (The route lookup process in beego through 1.12.4 and 2.x through 2.0.2 ...)
NOT-FOR-US: Beego
CVE-2022-31258 (In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1. ...)
@@ -12692,28 +12987,26 @@ CVE-2022-31214 (A Privilege Context Switching issue was discovered in join.c in
NOTE: https://github.com/netblue30/firejail/commit/dab835e7a0eb287822016f5ae4e87f46e1d363e7 (0.9.70)
NOTE: https://github.com/netblue30/firejail/commit/1884ea22a90d225950d81c804f1771b42ae55f54 (0.9.70)
NOTE: https://github.com/netblue30/firejail/files/8913178/CVE-2022-31214.zip (0.9.58.2 - 0.9.68 backports)
-CVE-2022-31213 [null pointer reference when supplying a malformed XML config file]
- RESERVED
+CVE-2022-31213 (An issue was discovered in dbus-broker before 31. Multiple NULL pointe ...)
- dbus-broker 30-1
[bullseye] - dbus-broker <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2094722
NOTE: "CHANGES WITH 30:" mention: Fix NULL-derefs in the XML configuration parser. Empty XML tags could
NOTE: have caused NULL-derefs before.
TODO: Isolate upstream commit.
-CVE-2022-31212
- RESERVED
+CVE-2022-31212 (An issue was discovered in dbus-broker before 31. It depends on c-uitl ...)
- dbus-broker 30-1 (bug #1013343)
[bullseye] - dbus-broker 26-1+deb11u1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2094718
NOTE: Fixed by: https://github.com/c-util/c-shquote/commit/7fd15f8e272136955f7ffc37df29fbca9ddceca1 (v1.0.0)
-CVE-2022-31211
- RESERVED
-CVE-2022-31210
- RESERVED
-CVE-2022-31209
- RESERVED
-CVE-2022-31208
- RESERVED
+CVE-2022-31211 (An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank ...)
+ TODO: check
+CVE-2022-31210 (An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file ...)
+ TODO: check
+CVE-2022-31209 (An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The firmware con ...)
+ TODO: check
+CVE-2022-31208 (An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver co ...)
+ TODO: check
CVE-2022-31207
RESERVED
CVE-2022-31206
@@ -12724,10 +13017,10 @@ CVE-2022-31204
RESERVED
CVE-2022-31203
RESERVED
-CVE-2022-31202
- RESERVED
-CVE-2022-31201
- RESERVED
+CVE-2022-31202 (The export function in SoftGuard Web (SGW) before 5.1.5 allows directo ...)
+ TODO: check
+CVE-2022-31201 (SoftGuard Web (SGW) before 5.1.5 allows HTML injection. ...)
+ TODO: check
CVE-2022-31200
RESERVED
CVE-2022-31199
@@ -13253,10 +13546,10 @@ CVE-2022-30984
RESERVED
CVE-2022-30983
RESERVED
-CVE-2022-30982
- RESERVED
-CVE-2022-30981
- RESERVED
+CVE-2022-30982 (An issue was discovered in Gentics CMS before 5.43.1. There is stored ...)
+ TODO: check
+CVE-2022-30981 (An issue was discovered in Gentics CMS before 5.43.1. By uploading a m ...)
+ TODO: check
CVE-2022-30980
RESERVED
CVE-2022-30979
@@ -14376,8 +14669,8 @@ CVE-2022-30624
RESERVED
CVE-2022-30623
RESERVED
-CVE-2022-30622
- RESERVED
+CVE-2022-30622 (Disclosure of information - the system allows you to view usernames an ...)
+ TODO: check
CVE-2022-30621
RESERVED
CVE-2022-30620
@@ -17718,8 +18011,7 @@ CVE-2022-1420 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim p
[stretch] - vim <not-affected> (Vulnerable code not present)
NOTE: https://huntr.dev/bounties/a4323ef8-90ea-4e1c-90e9-c778f0ecf326
NOTE: https://github.com/vim/vim/commit/8b91e71441069b1dde9ac9ff9d9a829b1b4aecca (v8.2.4774)
-CVE-2021-46784
- RESERVED
+CVE-2021-46784 (In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due ...)
{DSA-5171-1}
- squid 5.6-1
- squid3 <removed>
@@ -18425,8 +18717,8 @@ CVE-2022-29288
RESERVED
CVE-2022-29287 (Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vul ...)
NOT-FOR-US: Kentico CMS
-CVE-2022-29286
- RESERVED
+CVE-2022-29286 (Pexip Infinity 27 before 28.0 allows remote attackers to trigger exces ...)
+ TODO: check
CVE-2022-29285
RESERVED
CVE-2022-29284
@@ -19808,12 +20100,12 @@ CVE-2022-28811
RESERVED
CVE-2022-28810 (Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote ...)
NOT-FOR-US: Zoho ManageEngine
-CVE-2022-28809
- RESERVED
-CVE-2022-28808
- RESERVED
-CVE-2022-28807
- RESERVED
+CVE-2022-28809 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...)
+ TODO: check
+CVE-2022-28808 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...)
+ TODO: check
+CVE-2022-28807 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...)
+ TODO: check
CVE-2022-28806 (An issue was discovered on certain Fujitsu LIEFBOOK devices (A3510, U9 ...)
NOT-FOR-US: Fujitsu
CVE-2022-28805 (singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) ...)
@@ -22542,26 +22834,26 @@ CVE-2022-27939 (tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_l
CVE-2022-27938 (stb_image.h (aka the stb image loader) 2.19, as used in libsixel and o ...)
- libstb <unfixed> (unimportant)
NOTE: Negligible security impact
-CVE-2022-27937
- RESERVED
-CVE-2022-27936
- RESERVED
-CVE-2022-27935
- RESERVED
-CVE-2022-27934
- RESERVED
-CVE-2022-27933
- RESERVED
-CVE-2022-27932
- RESERVED
-CVE-2022-27931
- RESERVED
-CVE-2022-27930
- RESERVED
-CVE-2022-27929
- RESERVED
-CVE-2022-27928
- RESERVED
+CVE-2022-27937 (Pexip Infinity before 27.3 allows remote attackers to trigger excessiv ...)
+ TODO: check
+CVE-2022-27936 (Pexip Infinity before 27.3 allows remote attackers to trigger a softwa ...)
+ TODO: check
+CVE-2022-27935 (Pexip Infinity before 27.3 allows remote attackers to trigger a softwa ...)
+ TODO: check
+CVE-2022-27934 (Pexip Infinity before 27.3 allows remote attackers to trigger a softwa ...)
+ TODO: check
+CVE-2022-27933 (Pexip Infinity before 27.3 allows remote attackers to trigger a softwa ...)
+ TODO: check
+CVE-2022-27932 (Pexip Infinity before 27.3 allows remote attackers to trigger a softwa ...)
+ TODO: check
+CVE-2022-27931 (Pexip Infinity before 27.3 allows remote attackers to trigger a softwa ...)
+ TODO: check
+CVE-2022-27930 (Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a s ...)
+ TODO: check
+CVE-2022-27929 (Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a s ...)
+ TODO: check
+CVE-2022-27928 (Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a s ...)
+ TODO: check
CVE-2022-1106 (use after free in mrb_vm_exec in GitHub repository mruby/mruby prior t ...)
- mruby <not-affected> (Vulnerable code introduced later)
NOTE: https://huntr.dev/bounties/16b9d0ea-71ed-41bc-8a88-2deb4c20be8f
@@ -23866,8 +24158,8 @@ CVE-2022-27436 (A cross-site scripting (XSS) vulnerability in /public/admin/inde
NOT-FOR-US: Ecommerce-Website
CVE-2022-27435 (An unrestricted file upload at /public/admin/index.php?add_product of ...)
NOT-FOR-US: ashymuzuro/Full-Ecommece-Website
-CVE-2022-27434
- RESERVED
+CVE-2022-27434 (UNIT4 TETA Mobile Edition (ME) before 29.5.HF17 was discovered to cont ...)
+ TODO: check
CVE-2022-27433
RESERVED
CVE-2022-27432 (A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attack ...)
@@ -26168,14 +26460,14 @@ CVE-2022-26659 (Docker Desktop installer on Windows in versions before 4.6.0 all
NOT-FOR-US: Docker Desktop installer on Windows
CVE-2022-26658
RESERVED
-CVE-2022-26657
- RESERVED
-CVE-2022-26656
- RESERVED
-CVE-2022-26655
- RESERVED
-CVE-2022-26654
- RESERVED
+CVE-2022-26657 (Pexip Infinity before 27.3 allows remote attackers to trigger a softwa ...)
+ TODO: check
+CVE-2022-26656 (Pexip Infinity before 27.3 allows remote attackers to trigger a softwa ...)
+ TODO: check
+CVE-2022-26655 (Pexip Infinity 27.x before 27.3 has Improper Input Validation. The cli ...)
+ TODO: check
+CVE-2022-26654 (Pexip Infinity before 27.3 allows remote attackers to force a software ...)
+ TODO: check
CVE-2022-26653 (Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2022-26652 (NATS nats-server before 2.7.4 allows Directory Traversal (with write a ...)
@@ -26585,14 +26877,14 @@ CVE-2022-26484 (An issue was discovered in Veritas InfoScale Operations Manager
NOT-FOR-US: Veritas InfoScale Operations Manager (VIOM)
CVE-2022-26483 (An issue was discovered in Veritas InfoScale Operations Manager (VIOM) ...)
NOT-FOR-US: Veritas InfoScale Operations Manager (VIOM)
-CVE-2022-26482
- RESERVED
-CVE-2022-26481
- RESERVED
+CVE-2022-26482 (An issue was discovered in Poly EagleEye Director II before 2.2.2.1. o ...)
+ TODO: check
+CVE-2022-26481 (An issue was discovered in Poly Studio before 3.7.0. Command Injection ...)
+ TODO: check
CVE-2022-26480
RESERVED
-CVE-2022-26479
- RESERVED
+CVE-2022-26479 (An issue was discovered in Poly EagleEye Director II before 2.2.2.1. E ...)
+ TODO: check
CVE-2022-26478
RESERVED
CVE-2022-26477 (The Security Team noticed that the termination condition of the for lo ...)
@@ -27060,8 +27352,8 @@ CVE-2022-0824 (Improper Access Control to Remote Code Execution in GitHub reposi
- webmin <removed>
CVE-2022-0823 (An improper control of interaction frequency vulnerability in Zyxel GS ...)
NOT-FOR-US: Zyxel
-CVE-2022-26352
- RESERVED
+CVE-2022-26352 (An issue was discovered in the ContentResource API in dotCMS 3.0 throu ...)
+ TODO: check
CVE-2022-26351
REJECTED
CVE-2022-26350
@@ -29667,8 +29959,8 @@ CVE-2022-25359 (On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devic
NOT-FOR-US: ICL ScadaFlex II SCADA Controller
CVE-2022-25358 (A ..%2F path traversal vulnerability exists in the path handler of awf ...)
NOT-FOR-US: awful-salmonella-tar
-CVE-2022-25357
- RESERVED
+CVE-2022-25357 (Pexip Infinity 27.x before 27.2 has Improper Access Control. An attack ...)
+ TODO: check
CVE-2022-25356 (Alt-N MDaemon Security Gateway through 8.5.0 allows SecurityGateway.dl ...)
NOT-FOR-US: Alt-N Technologies Mdaemon
CVE-2022-25344 (An XSS issue was discovered on Olivetti d-COLOR MF3555 2XD_S000.002.27 ...)
@@ -44872,8 +45164,8 @@ CVE-2021-44956 (Two Heap based buffer overflow vulnerabilities exist in ffjpeg t
NOT-FOR-US: ffjpeg
CVE-2021-44955
RESERVED
-CVE-2021-44954
- RESERVED
+CVE-2021-44954 (In QVIS NVR DVR before 2021-12-13, an attacker can escalate privileges ...)
+ TODO: check
CVE-2021-44953
RESERVED
CVE-2021-44952
@@ -53102,8 +53394,8 @@ CVE-2021-42925
RESERVED
CVE-2021-42924
RESERVED
-CVE-2021-42923
- RESERVED
+CVE-2021-42923 (ShowMyPC 3606 on Windows suffers from a DLL hijack vulnerability. If a ...)
+ TODO: check
CVE-2021-42922
RESERVED
CVE-2021-42921
@@ -58182,8 +58474,8 @@ CVE-2021-41421 (A PHP code injection vulnerability in MaianAffiliate v.1.0 allow
NOT-FOR-US: MaianAffiliate
CVE-2021-41420 (A stored XSS vulnerability in MaianAffiliate v.1.0 allows an authentic ...)
NOT-FOR-US: MaianAffiliate
-CVE-2021-41419
- RESERVED
+CVE-2021-41419 (QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution ...)
+ TODO: check
CVE-2021-41418 (AriaNg v0.1.0~v1.2.2 is affected by an incorrect access control vulner ...)
NOT-FOR-US: AriaNg
CVE-2021-41417
@@ -59548,8 +59840,7 @@ CVE-2021-40876
RESERVED
CVE-2021-40875 (Improper Access Control in Gurock TestRail versions < 7.2.0.3014 re ...)
NOT-FOR-US: Gurock TestRail
-CVE-2021-40874 [RESTServer pwdConfirm always returns true with Combination + Kerberos]
- RESERVED
+CVE-2021-40874 (An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. Wh ...)
[experimental] - lemonldap-ng 2.0.14~exp+ds-1
- lemonldap-ng 2.0.14+ds-1 (bug #1005302)
[bullseye] - lemonldap-ng 2.0.11+ds-4+deb11u1
@@ -61443,10 +61734,10 @@ CVE-2021-40153 (squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores th
NOTE: https://bugs.launchpad.net/ubuntu/+source/squashfs-tools/+bug/1941790
NOTE: https://github.com/plougher/squashfs-tools/commit/79b5a555058eef4e1e7ff220c344d39f8cd09646 (4.5)
NOTE: https://github.com/plougher/squashfs-tools/issues/72
-CVE-2021-40150
- RESERVED
-CVE-2021-40149
- RESERVED
+CVE-2021-40150 (The web server of the E1 Zoom camera through 3.0.0.716 discloses its c ...)
+ TODO: check
+CVE-2021-40149 (The web server of the E1 Zoom camera through 3.0.0.716 discloses its S ...)
+ TODO: check
CVE-2021-40148 (In Modem EMM, there is a possible information disclosure due to a miss ...)
NOT-FOR-US: Mediatek components for Android
CVE-2021-3743 (An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC ...)
@@ -134773,12 +135064,12 @@ CVE-2020-23565 (Irfanview v4.53 allows attackers to execute arbitrary code via a
NOT-FOR-US: Irfanview
CVE-2020-23564
RESERVED
-CVE-2020-23563
- RESERVED
-CVE-2020-23562
- RESERVED
-CVE-2020-23561
- RESERVED
+CVE-2020-23563 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
+ TODO: check
+CVE-2020-23562 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
+ TODO: check
+CVE-2020-23561 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
+ TODO: check
CVE-2020-23560
RESERVED
CVE-2020-23559
@@ -150705,8 +150996,7 @@ CVE-2020-16094 (In imap_scan_tree_recursive in Claws Mail through 3.17.6, a mali
[buster] - claws-mail <no-dsa> (Minor issue)
[stretch] - claws-mail <no-dsa> (Minor issue)
NOTE: https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4313
-CVE-2020-16093
- RESERVED
+CVE-2020-16093 (In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.5 ...)
- lemonldap-ng 2.0.9+ds-1
[buster] - lemonldap-ng <no-dsa> (Minor issue)
[stretch] - lemonldap-ng <no-dsa> (Minor issue + 2.x is a complete re-write, so very hard to backport!)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/481f4f71929c164931dfc152c4623bbf09e4bed8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/481f4f71929c164931dfc152c4623bbf09e4bed8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220718/3f55c3ee/attachment.htm>
More information about the debian-security-tracker-commits
mailing list