[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Jul 22 23:02:10 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b7fd5616 by Moritz Muehlenhoff at 2022-07-23T00:01:42+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -71,9 +71,9 @@ CVE-2022-2513
CVE-2022-2512
RESERVED
CVE-2022-2511 (Cross-site Scripting (XSS) vulnerability in the "commonuserinterface" ...)
- TODO: check
+ NOT-FOR-US: BlueSpice
CVE-2022-2510 (Cross-site Scripting (XSS) vulnerability in "Extension:ExtendedSearch" ...)
- TODO: check
+ NOT-FOR-US: BlueSpice
CVE-2019-XXXX [djangorestframework XSS]
- djangorestframework 3.10.2-1
[buster] - djangorestframework 3.9.0-1+deb10u1
@@ -340,7 +340,7 @@ CVE-2022-2472
CVE-2022-2471
RESERVED
CVE-2022-2470 (Cross-site Scripting (XSS) - Reflected in GitHub repository microweber ...)
- TODO: check
+ NOT-FOR-US: microweber
CVE-2022-2469 (GNU SASL libgsasl server-side read-out-of-bounds with malicious authen ...)
- gsasl 2.0.1-1
NOTE: Advisory: https://lists.gnu.org/archive/html/help-gsasl/2022-07/msg00001.html
@@ -709,7 +709,7 @@ CVE-2022-36133
CVE-2022-36132
RESERVED
CVE-2022-36131 (The Better PDF Exporter add-on 10.0.0 for Atlassian Jira is prone to s ...)
- TODO: check
+ NOT-FOR-US: Atlassian addon
CVE-2022-36130
RESERVED
CVE-2022-36129
@@ -747,15 +747,15 @@ CVE-2022-2448
CVE-2022-2447
RESERVED
CVE-2017-20143 (A vulnerability, which was classified as critical, has been found in I ...)
- TODO: check
+ NOT-FOR-US: Itech Movie Portal Script
CVE-2017-20142 (A vulnerability classified as critical was found in Itech Movie Portal ...)
- TODO: check
+ NOT-FOR-US: Itech Movie Portal Script
CVE-2017-20141 (A vulnerability classified as critical has been found in Itech Movie P ...)
- TODO: check
+ NOT-FOR-US: Itech Movie Portal Script
CVE-2017-20140 (A vulnerability was found in Itech Movie Portal Script 7.36. It has be ...)
- TODO: check
+ NOT-FOR-US: Itech Movie Portal Script
CVE-2017-20139 (A vulnerability was found in Itech Movie Portal Script 7.36. It has be ...)
- TODO: check
+ NOT-FOR-US: Itech Movie Portal Script
CVE-2016-15003 (A vulnerability has been found in FileZilla Client 3.17.0.0 and classi ...)
- filezilla <not-affected> (Installer not relevant to Debian)
CVE-2015-10003 (A vulnerability, which was classified as problematic, was found in Fil ...)
@@ -3745,11 +3745,11 @@ CVE-2022-34870
CVE-2022-34858
RESERVED
CVE-2022-34853 (Multiple Authenticated (contributor or higher user role) Persistent Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-34847
RESERVED
CVE-2022-34839 (Authentication Bypass vulnerability in CodexShaper's WP OAuth2 Server ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-34838
RESERVED
CVE-2022-34837
@@ -3759,7 +3759,7 @@ CVE-2022-34836
CVE-2022-34654
RESERVED
CVE-2022-34650 (Multiple Authenticated (contributor or higher user role) Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-34487 (Unauthenticated Arbitrary Option Update vulnerability in biplob018's S ...)
NOT-FOR-US: WordPress plugin
CVE-2022-34347
@@ -3777,15 +3777,15 @@ CVE-2022-33965
CVE-2022-33961
RESERVED
CVE-2022-33960 (Multiple Authenticated (subscriber or higher user role) SQL Injection ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-33901 (Unauthenticated Arbitrary File Read vulnerability in MultiSafepay plug ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-33900
RESERVED
CVE-2022-33198 (Unauthenticated WordPress Options Change vulnerability in Biplob Adhik ...)
NOT-FOR-US: WordPress plugin
CVE-2022-33191 (Authenticated (contributor or higher user role) Stored Cross-Site Scri ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-33177
RESERVED
CVE-2022-32970
@@ -3795,15 +3795,15 @@ CVE-2022-32776
CVE-2022-32587
RESERVED
CVE-2022-30998 (Multiple Authenticated (subscriber or higher user role) SQL Injection ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-30705
RESERVED
CVE-2022-29495 (Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Build ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29489
RESERVED
CVE-2022-27235 (Multiple Broken Access Control vulnerabilities in Social Share Buttons ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-26366
RESERVED
CVE-2022-25952
@@ -5756,23 +5756,23 @@ CVE-2022-34159
CVE-2022-34158
RESERVED
CVE-2022-2143 (The affected product is vulnerable to two instances of command injecti ...)
- TODO: check
+ NOT-FOR-US: iView
CVE-2022-2142 (The affected product is vulnerable to a SQL injection with high attack ...)
- TODO: check
+ NOT-FOR-US: iView
CVE-2022-2141 (SMS-based GPS commands can be executed by MiCODUS MV720 GPS tracker wi ...)
NOT-FOR-US: MiCODUS
CVE-2022-2140 (Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable inpu ...)
NOT-FOR-US: Elcomplus SmartICS
CVE-2022-2139 (The affected product is vulnerable to directory traversal, which may a ...)
- TODO: check
+ NOT-FOR-US: iView
CVE-2022-2138 (The affected product is vulnerable due to missing authentication, whic ...)
- TODO: check
+ NOT-FOR-US: iView
CVE-2022-2137 (The affected product is vulnerable to two SQL injections that require ...)
- TODO: check
+ NOT-FOR-US: iView
CVE-2022-2136 (The affected product is vulnerable to multiple SQL injections that req ...)
- TODO: check
+ NOT-FOR-US: iView
CVE-2022-2135 (The affected product is vulnerable to multiple SQL injections, which m ...)
- TODO: check
+ NOT-FOR-US: iView
CVE-2022-2134 (Denial of Service in GitHub repository inventree/inventree prior to 0. ...)
NOT-FOR-US: inventree
CVE-2022-2133 (The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't valida ...)
@@ -6007,7 +6007,7 @@ CVE-2022-34039
CVE-2022-34038
RESERVED
CVE-2022-34037 (An out-of-bounds read in the rewrite function at /modules/caddyhttp/re ...)
- TODO: check
+ NOT-FOR-US: Caddy
CVE-2022-34036
RESERVED
CVE-2022-34035 (HTMLDoc v1.9.12 and below was discovered to contain a heap overflow vi ...)
@@ -12658,51 +12658,51 @@ CVE-2022-31561 (The varijkapil13/Sphere_ImageBackend repository through 2019-10-
CVE-2022-31560 (The uncleYiba/photo_tag repository through 2020-08-31 on GitHub allows ...)
NOT-FOR-US: uncleYiba/photo_tag
CVE-2022-31559 (The tsileo/flask-yeoman repository through 2013-09-13 on GitHub allows ...)
- TODO: check
+ NOT-FOR-US: tsileo/flask-yeoman
CVE-2022-31558 (The tooxie/shiva-server repository through 0.10.0 on GitHub allows abs ...)
- TODO: check
+ NOT-FOR-US: tooxie/shiva-server
CVE-2022-31557 (The seveas/golem repository through 2016-05-17 on GitHub allows absolu ...)
- TODO: check
+ NOT-FOR-US: seveas/golem
CVE-2022-31556 (The rusyasoft/TrainEnergyServer repository through 2017-08-03 on GitHu ...)
- TODO: check
+ NOT-FOR-US: rusyasoft/TrainEnergyServer
CVE-2022-31555 (The romain20100/nursequest repository through 2018-02-22 on GitHub all ...)
- TODO: check
+ NOT-FOR-US: romain20100/nursequest
CVE-2022-31554 (The rohitnayak/movie-review-sentiment-analysis repository through 2017 ...)
- TODO: check
+ NOT-FOR-US: rohitnayak/movie-review-sentiment-analysis
CVE-2022-31553 (The rainsoupah/sleep-learner repository through 2021-02-21 on GitHub a ...)
- TODO: check
+ NOT-FOR-US: rainsoupah/sleep-learner
CVE-2022-31552 (The project-anuvaad/anuvaad-corpus repository through 2020-11-23 on Gi ...)
- TODO: check
+ NOT-FOR-US: project-anuvaad/anuvaad-corpus
CVE-2022-31551 (The pleomax00/flask-mongo-skel repository through 2012-11-01 on GitHub ...)
- TODO: check
+ NOT-FOR-US: pleomax00/flask-mongo-skel
CVE-2022-31550 (The olmax99/pyathenastack repository through 2019-11-08 on GitHub allo ...)
- TODO: check
+ NOT-FOR-US: olmax99/pyathenastack
CVE-2022-31549 (The olmax99/helm-flask-celery repository before 2022-05-25 on GitHub a ...)
- TODO: check
+ NOT-FOR-US: olmax99/helm-flask-celery
CVE-2022-31548 (The nrlakin/homepage repository through 2017-03-06 on GitHub allows ab ...)
- TODO: check
+ NOT-FOR-US: nrlakin/homepage
CVE-2022-31547 (The noamezekiel/sphere repository through 2020-05-31 on GitHub allows ...)
- TODO: check
+ NOT-FOR-US: noamezekiel/sphere
CVE-2022-31546 (The nlpweb/glance repository through 2014-06-27 on GitHub allows absol ...)
- TODO: check
+ NOT-FOR-US: nlpweb/glance
CVE-2022-31545 (The ml-inory/ModelConverter repository through 2021-04-26 on GitHub al ...)
- TODO: check
+ NOT-FOR-US: ml-inory/ModelConverter
CVE-2022-31544 (The meerstein/rbtm repository through 1.5 on GitHub allows absolute pa ...)
- TODO: check
+ NOT-FOR-US: meerstein/rbtm
CVE-2022-31543 (The maxtortime/SetupBox repository through 1.0 on GitHub allows absolu ...)
- TODO: check
+ NOT-FOR-US: maxtortime/SetupBox
CVE-2022-31542 (The mandoku/mdweb repository through 2015-05-07 on GitHub allows absol ...)
- TODO: check
+ NOT-FOR-US: mandoku/mdweb
CVE-2022-31541 (The lyubolp/Barry-Voice-Assistant repository through 2021-01-18 on Git ...)
- TODO: check
+ NOT-FOR-US: lyubolp/Barry-Voice-Assistant
CVE-2022-31540 (The kumardeepak/hin-eng-preprocessing repository through 2019-07-16 on ...)
- TODO: check
+ NOT-FOR-US: kumardeepak/hin-eng-preprocessing
CVE-2022-31539 (The kotekan/kotekan repository through 2021.11 on GitHub allows absolu ...)
- TODO: check
+ NOT-FOR-US: kotekan/kotekan
CVE-2022-31538 (The joaopedro-fg/mp-m08-interface repository through 2020-12-10 on Git ...)
- TODO: check
+ NOT-FOR-US: joaopedro-fg/mp-m08-interface
CVE-2022-31537 (The jmcginty15/Solar-system-simulator repository through 2021-07-26 on ...)
- TODO: check
+ NOT-FOR-US: jmcginty15/Solar-system-simulator
CVE-2022-31536 (The jaygarza1982/ytdl-sync repository through 2021-01-02 on GitHub all ...)
TODO: check
CVE-2022-31535 (The freefood89/Fishtank repository through 2015-06-24 on GitHub allows ...)
@@ -13355,7 +13355,7 @@ CVE-2022-31252
CVE-2022-31251
RESERVED
CVE-2022-31250 (A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of o ...)
- TODO: check
+ NOT-FOR-US: keylime
CVE-2022-31249
RESERVED
CVE-2022-31248 (A Observable Response Discrepancy vulnerability in spacewalk-java of S ...)
@@ -13560,9 +13560,9 @@ CVE-2022-31171
CVE-2022-31170 (OpenZeppelin Contracts is a library for smart contract development. Ve ...)
NOT-FOR-US: OpenZeppelin Contracts
CVE-2022-31169 (Wasmtime is a standalone runtime for WebAssembly. There is a bug in Wa ...)
- TODO: check
+ NOT-FOR-US: wasmtime
CVE-2022-31168 (Zulip is an open source team chat tool. Due to an incorrect authorizat ...)
- TODO: check
+ NOT-FOR-US: Zulip
CVE-2022-31167
RESERVED
CVE-2022-31166
@@ -13570,7 +13570,7 @@ CVE-2022-31166
CVE-2022-31165
RESERVED
CVE-2022-31164 (Tovy is a a staff management system for Roblox groups. A vulnerability ...)
- TODO: check
+ NOT-FOR-US: Tovy
CVE-2022-31163 (TZInfo is a Ruby library that provides access to time zone data and al ...)
TODO: check
CVE-2022-31162 (Slack Morphism is an async client library for Rust. Prior to 0.41.0, i ...)
@@ -13582,9 +13582,9 @@ CVE-2022-31160 (jQuery UI is a curated set of user interface interactions, effec
CVE-2022-31159 (The AWS SDK for Java enables Java developers to work with Amazon Web S ...)
NOT-FOR-US: AWS SDK for Java
CVE-2022-31158 (LTI 1.3 Tool Library is a library used for building IMS-certified LTI ...)
- TODO: check
+ NOT-FOR-US: LTI
CVE-2022-31157 (LTI 1.3 Tool Library is a library used for building IMS-certified LTI ...)
- TODO: check
+ NOT-FOR-US: LTI
CVE-2022-31156 (Gradle is a build tool. Dependency verification is a security feature ...)
TODO: check
CVE-2022-31155
@@ -13606,9 +13606,9 @@ CVE-2022-31148
CVE-2022-31147 (The jQuery Validation Plugin (jquery-validation) provides drop-in vali ...)
TODO: check
CVE-2022-31146 (Wasmtime is a standalone runtime for WebAssembly. There is a bug in th ...)
- TODO: check
+ NOT-FOR-US: wasmtime
CVE-2022-31145 (FlyteAdmin is the control plane for Flyte responsible for managing ent ...)
- TODO: check
+ NOT-FOR-US: FlyteAdmin
CVE-2022-31144 (Redis is an in-memory database that persists on disk. A specially craf ...)
- redis 5:7.0.4-1
[bullseye] - redis <not-affected> (Only affects 7.x)
@@ -13618,25 +13618,23 @@ CVE-2022-31144 (Redis is an in-memory database that persists on disk. A speciall
CVE-2022-31143
RESERVED
CVE-2022-31142 (@fastify/bearer-auth is a Fastify plugin to require bearer Authorizati ...)
- TODO: check
+ NOT-FOR-US: @fastify/bearer-auth
CVE-2022-31141
RESERVED
CVE-2022-31140 (Valinor is a PHP library that helps to map any input into a strongly-t ...)
TODO: check
CVE-2022-31139 (UnsafeAccessor (UA) is a bridge to access jdk.internal.misc.Unsafe &am ...)
- TODO: check
+ NOT-FOR-US: UnsafeAccessor
CVE-2022-31138 (mailcow is a mailserver suite. Prior to mailcow-dockerized version 202 ...)
- TODO: check
-CVE-2022-31137 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Kee ...)
- TODO: check
+ NOT-FOR-US: mailcow
CVE-2022-31136 (Bookwyrm is an open source social reading and reviewing program. Versi ...)
- TODO: check
+ NOT-FOR-US: Bookwyrm
CVE-2022-31135 (Akashi is an open source server implementation of the Attorney Online ...)
- TODO: check
+ NOT-FOR-US: Akashi
CVE-2022-31134 (Zulip is an open-source team collaboration tool. Zulip Server versions ...)
- TODO: check
+ NOT-FOR-US: Zulip
CVE-2022-31133 (HumHub is an Open Source Enterprise Social Network. Affected versions ...)
- TODO: check
+ NOT-FOR-US: HumHub
CVE-2022-31132
RESERVED
CVE-2022-31131 (Nextcloud mail is a Mail app for the Nextcloud home server product. Ve ...)
@@ -13653,7 +13651,7 @@ CVE-2022-31129 (moment is a JavaScript date library for parsing, validating, man
CVE-2022-31128
RESERVED
CVE-2022-31127 (NextAuth.js is a complete open source authentication solution for Next ...)
- TODO: check
+ NOT-FOR-US: NextAuth.js
CVE-2022-31126 (Roxy-wi is an open source web interface for managing Haproxy, Nginx, A ...)
NOT-FOR-US: Roxy-wi
CVE-2022-31125 (Roxy-wi is an open source web interface for managing Haproxy, Nginx, A ...)
@@ -14282,7 +14280,7 @@ CVE-2022-30792 (In CmpChannelServer of CODESYS V3 in multiple versions an uncont
CVE-2022-30791 (In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled res ...)
NOT-FOR-US: CODESYS
CVE-2022-30758 (Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-202 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-30757 (Improper authorization in isemtelephony prior to SMR Jul-2022 Release ...)
NOT-FOR-US: Samsung
CVE-2022-30756 (Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-202 ...)
@@ -15346,7 +15344,7 @@ CVE-2022-30572
CVE-2022-30571
RESERVED
CVE-2022-30570 (The Column Based Security component of TIBCO Software Inc.'s TIBCO Dat ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2022-30569
RESERVED
CVE-2022-30568
@@ -15676,7 +15674,7 @@ CVE-2022-30519
CVE-2022-30518 (ChatBot Application with a Suggestion Feature 1.0 was discovered to co ...)
NOT-FOR-US: ChatBot Application with a Suggestion Feature
CVE-2022-30517 (Mogu blog 5.2 is vulnerable to Cross Site Scripting (XSS). ...)
- TODO: check
+ NOT-FOR-US: Mogu
CVE-2022-30516 (In Hospital-Management-System v1.0, the editid parameter in the doctor ...)
NOT-FOR-US: Hospital-Management-System
CVE-2022-30515
@@ -16169,9 +16167,9 @@ CVE-2022-30304
CVE-2022-30303
RESERVED
CVE-2022-30302 (Multiple relative path traversal vulnerabilities [CWE-23] in FortiDece ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-30301 (A path traversal vulnerability [CWE-22] in FortiAP-U CLI 6.2.0 through ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-30300
RESERVED
CVE-2022-30299
@@ -18286,11 +18284,11 @@ CVE-2022-29604
CVE-2022-29603 (A SQL Injection vulnerability exists in UniverSIS UniverSIS-API throug ...)
NOT-FOR-US: UniverSIS
CVE-2022-29602 (The gridelements (aka Grid Elements) extension through 7.6.1, 8.x thro ...)
- TODO: check
+ NOT-FOR-US: Typo3 extension
CVE-2022-29601 (The seminars (aka Seminar Manager) extension through 4.1.3 for TYPO3 a ...)
- TODO: check
+ NOT-FOR-US: Typo3 extension
CVE-2022-29600 (The oelib (aka One is Enough Library) extension through 4.1.5 for TYPO ...)
- TODO: check
+ NOT-FOR-US: Typo3 extension
CVE-2022-1455 (The Call Now Button WordPress plugin before 1.1.2 does not escape a pa ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1454
@@ -18347,7 +18345,7 @@ CVE-2022-29595
CVE-2022-29594 (eG Agent before 7.2 has weak file permissions that enable escalation o ...)
NOT-FOR-US: eG Agent
CVE-2022-29593 (relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1. ...)
- TODO: check
+ NOT-FOR-US: Dingtian
CVE-2022-1441 (MP4Box is a component of GPAC-2.0.0, which is a widely-used third-part ...)
- gpac <unfixed>
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -19919,13 +19917,13 @@ CVE-2022-29062
CVE-2022-29061
RESERVED
CVE-2022-29060 (A use of hard-coded cryptographic key vulnerability [CWE-321] in Forti ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-29059
RESERVED
CVE-2022-29058
RESERVED
CVE-2022-29057 (A improper neutralization of input during web page generation ('cross- ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-29056
RESERVED
CVE-2022-29055
@@ -20440,13 +20438,13 @@ CVE-2022-28881
CVE-2022-28880
RESERVED
CVE-2022-28879 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...)
- TODO: check
+ NOT-FOR-US: F-Secure
CVE-2022-28878 (A Denial-of-Service vulnerability was discovered in the F-Secure Atlan ...)
- TODO: check
+ NOT-FOR-US: F-Secure
CVE-2022-28877 (This vulnerability allows local user to delete arbitrary file in the s ...)
- TODO: check
+ NOT-FOR-US: F-Secure
CVE-2022-28876 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...)
- TODO: check
+ NOT-FOR-US: F-Secure
CVE-2022-28875 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...)
NOT-FOR-US: F-Secure
CVE-2022-28874 (Multiple Denial-of-Service vulnerabilities was discovered in the F-Sec ...)
@@ -20476,9 +20474,9 @@ CVE-2022-28863
CVE-2022-28862 (In Archibus Web Central before 26.2, multiple SQL Injection vulnerabil ...)
NOT-FOR-US: ARCHIBUS Web Central
CVE-2022-28861 (The server in Citilog 8.0 allows an attacker (in a man in the middle p ...)
- TODO: check
+ NOT-FOR-US: Citilog
CVE-2022-28860 (An authentication downgrade in the server in Citilog 8.0 allows an att ...)
- TODO: check
+ NOT-FOR-US: Citilog
CVE-2022-1285 (Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prio ...)
NOT-FOR-US: Go Git Service
CVE-2022-28857
@@ -20970,7 +20968,7 @@ CVE-2022-1266 (The Post Grid, Slider & Carousel Ultimate WordPress plugin be
CVE-2022-1265 (The BulletProof Security WordPress plugin before 6.1 does not sanitize ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1264 (The affected product may allow an attacker with access to the Ignition ...)
- TODO: check
+ NOT-FOR-US: Ignition
CVE-2022-1262 (A command injection vulnerability in the protest binary allows an atta ...)
NOT-FOR-US: D-Link Routers
CVE-2022-1261 (Matrikon, a subsidary of Honeywell Matrikon OPC Server (all versions) ...)
@@ -24275,9 +24273,9 @@ CVE-2022-27582
CVE-2022-27581
RESERVED
CVE-2022-27580 (A deserialization vulnerability in a .NET framework class used and not ...)
- TODO: check
+ NOT-FOR-US: SICK
CVE-2022-27579 (A deserialization vulnerability in a .NET framework class used and not ...)
- TODO: check
+ NOT-FOR-US: SICK
CVE-2022-27578 (An attacker can perform a privilege escalation through the SICK OEE if ...)
NOT-FOR-US: SICK
CVE-2022-27577 (The vulnerability in the MSC800 in all versions before 4.15 allows for ...)
@@ -24486,7 +24484,7 @@ CVE-2022-27485
CVE-2022-27484
RESERVED
CVE-2022-27483 (A improper neutralization of special elements used in an os command (' ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-27482
RESERVED
CVE-2022-27481 (A vulnerability has been identified in SCALANCE W1788-1 M12 (All versi ...)
@@ -26580,7 +26578,7 @@ CVE-2022-0904 (A stack overflow bug in the document extractor in Mattermost Serv
CVE-2022-0903 (A call stack overflow bug in the SAML login feature in Mattermost serv ...)
- mattermost-server <itp> (bug #823556)
CVE-2022-0902 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2022-0901 (The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sa ...)
NOT-FOR-US: WordPress plugins
CVE-2022-0900 (A Stored Cross-Site Scripting (XSS) vulnerability in DivvyDrive's "aci ...)
@@ -26958,11 +26956,11 @@ CVE-2022-0880 (Cross-site Scripting (XSS) - Stored in GitHub repository star7th/
CVE-2022-26650 (In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pat ...)
NOT-FOR-US: Apache ShenYu
CVE-2022-26649 (A vulnerability has been identified in SCALANCE X200-4P IRT (All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-26648 (A vulnerability has been identified in SCALANCE X200-4P IRT (All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-26647 (A vulnerability has been identified in SCALANCE X200-4P IRT (All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-26646 (Online Banking System Protect v1.0 was discovered to contain a local f ...)
NOT-FOR-US: Sourcecodester Banking System
CVE-2022-26645 (A remote code execution (RCE) vulnerability in Online Banking System P ...)
@@ -28540,13 +28538,13 @@ CVE-2022-26122
CVE-2022-26121
RESERVED
CVE-2022-26120 (Multiple improper neutralization of special elements used in an SQL Co ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-26119
RESERVED
CVE-2022-26118 (A privilege chaining vulnerability [CWE-268] in FortiManager and Forti ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-26117 (An empty password in configuration file vulnerability [CWE-258] in For ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-26116 (Multiple improper neutralization of special elements used in SQL comma ...)
NOT-FOR-US: Fortiguard FortiNAC
CVE-2022-26115
@@ -28554,7 +28552,7 @@ CVE-2022-26115
CVE-2022-26114
RESERVED
CVE-2022-26113 (An execution with unnecessary privileges vulnerability [CWE-250] in Fo ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-26112
RESERVED
CVE-2022-26042 (An OS command injection vulnerability exists in the daretools binary f ...)
@@ -28862,7 +28860,7 @@ CVE-2022-25893
CVE-2022-25892
RESERVED
CVE-2022-25891 (The package github.com/containrrr/shoutrrr/pkg/util before 0.6.0 are v ...)
- TODO: check
+ NOT-FOR-US: github.com/containrrr/shoutrrr/pkg/util
CVE-2022-25890
RESERVED
CVE-2022-25888
@@ -32179,7 +32177,7 @@ CVE-2022-24801 (Twisted is an event-based framework for internet applications, s
NOTE: https://github.com/twisted/twisted/releases/tag/twisted-22.4.0rc1
NOTE: https://github.com/twisted/twisted/commit/592217e951363d60e9cd99c5bbfd23d4615043ac (twisted-22.04.0rc1)
CVE-2022-24800 (October/System is the system module for October CMS, a self-hosted CMS ...)
- TODO: check
+ NOT-FOR-US: October CMS
CVE-2022-24799 (wire-webapp is the web application interface for the wire messaging se ...)
NOT-FOR-US: wire-webapp
CVE-2022-24798 (Internet Routing Registry daemon version 4 is an IRR database server, ...)
@@ -36297,9 +36295,9 @@ CVE-2022-23747
CVE-2022-23746
RESERVED
CVE-2022-23745 (A potential memory corruption issue was found in Capsule Workspace And ...)
- TODO: check
+ NOT-FOR-US: Checkpoint Harmony Capsule Workspace
CVE-2022-23744 (Check Point Endpoint before version E86.50 failed to protect against s ...)
- TODO: check
+ NOT-FOR-US: Check Point
CVE-2022-23743 (Check Point ZoneAlarm before version 15.8.200.19118 allows a local act ...)
NOT-FOR-US: Check Point ZoneAlarm
CVE-2022-23742 (Check Point Endpoint Security Client for Windows versions earlier than ...)
@@ -38330,9 +38328,9 @@ CVE-2022-23144
CVE-2022-23143
RESERVED
CVE-2022-23142 (ZXEN CG200 has a DoS vulnerability. An attacker could construct and se ...)
- TODO: check
+ NOT-FOR-US: ZXEN CG200
CVE-2022-23141 (ZXMP M721 has an information leak vulnerability. Since the serial port ...)
- TODO: check
+ NOT-FOR-US: ZXMP M721
CVE-2022-23140
RESERVED
CVE-2022-23139 (ZTE's ZXMP M721 product has a permission and access control vulnerabil ...)
@@ -38784,9 +38782,9 @@ CVE-2022-23000
CVE-2022-22999
RESERVED
CVE-2022-22998 (Implemented protections on AWS credentials that were not properly prot ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2022-22997 (Addressed a remote code execution vulnerability by resolving a command ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2022-22996 (The G-RAID 4/8 Software Utility setups for Windows were affected by a ...)
NOT-FOR-US: Western Digital Windows setup
CVE-2022-22995 (The combination of primitives offered by SMB and AFP in their default ...)
@@ -38832,13 +38830,13 @@ CVE-2021-4204 [eBPF Improper Input Validation Vulnerability]
CVE-2022-22983
RESERVED
CVE-2022-22982 (The vCenter Server contains a server-side request forgery (SSRF) vulne ...)
- TODO: check
+ NOT-FOR-US: VMWare
CVE-2022-22981
RESERVED
CVE-2022-22980 (A Spring Data MongoDB application is vulnerable to SpEL Injection when ...)
NOT-FOR-US: Spring Data MongoDB
CVE-2022-22979 (In Spring Cloud Function versions prior to 3.2.6, it is possible for a ...)
- TODO: check
+ NOT-FOR-US: Spring Cloud Function
CVE-2022-22978 (In Spring Security versions 5.5.6 and 5.6.3 and older unsupported vers ...)
- libspring-security-2.0-java <removed>
CVE-2022-22977 (VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML Ex ...)
@@ -40168,7 +40166,7 @@ CVE-2022-22684
CVE-2022-22683
RESERVED
CVE-2022-22682 (Improper neutralization of input during web page generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2022-22681 (Session fixation vulnerability in access control management in Synolog ...)
NOT-FOR-US: Synology
CVE-2022-22680 (Exposure of sensitive information to an unauthorized actor vulnerabili ...)
@@ -40918,7 +40916,7 @@ CVE-2022-22447
CVE-2022-22446
RESERVED
CVE-2022-22445 (An attacker that gains service access to the FSP (POWER9 only) or gain ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-22444 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user to exploi ...)
NOT-FOR-US: IBM
CVE-2022-22443 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...)
@@ -41204,7 +41202,7 @@ CVE-2022-22306 (An improper certificate validation vulnerability [CWE-295] in Fo
CVE-2022-22305
RESERVED
CVE-2022-22304 (An improper neutralization of input during web page generation vulnera ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-22303 (An exposure of sensitive system information to an unauthorized control ...)
NOT-FOR-US: FortiGuard
CVE-2022-22302
@@ -45638,7 +45636,7 @@ CVE-2021-44956 (Two Heap based buffer overflow vulnerabilities exist in ffjpeg t
CVE-2021-44955
RESERVED
CVE-2021-44954 (In QVIS NVR DVR before 2021-12-13, an attacker can escalate privileges ...)
- TODO: check
+ NOT-FOR-US: QVIS NVR DVR
CVE-2021-44953
RESERVED
CVE-2021-44952
@@ -48035,9 +48033,9 @@ CVE-2021-44223 (WordPress before 5.8 lacks support for the Update URI plugin hea
NOTE: https://vavkamil.cz/2021/11/25/wordpress-plugin-confusion-update-can-get-you-pwned/
NOTE: https://make.wordpress.org/core/2021/06/29/introducing-update-uri-plugin-header-in-wordpress-5-8/
CVE-2021-44222 (A vulnerability has been identified in SIMATIC eaSie Core Package (All ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44221 (A vulnerability has been identified in SIMATIC eaSie Core Package (All ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-4021 (A vulnerability was found in Radare2 in versions prior to 5.6.2, 5.6.0 ...)
- radare2 <unfixed> (bug #1014490)
NOTE: https://github.com/radareorg/radare2/issues/19436
@@ -48171,7 +48169,7 @@ CVE-2021-44172
CVE-2021-44171
RESERVED
CVE-2021-44170 (A stack-based buffer overflow vulnerability [CWE-121] in the command l ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2021-44169 (A improper initialization in Fortinet FortiClient (Windows) version 6. ...)
NOT-FOR-US: Fortinet FortiClient
CVE-2021-44168 (A download of code without integrity check vulnerability in the "execu ...)
@@ -49818,7 +49816,7 @@ CVE-2022-21557 (Vulnerability in the Oracle WebLogic Server product of Oracle Fu
CVE-2022-21556 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed> (bug #1015789)
CVE-2022-21555 (Vulnerability in the MySQL Shell for VS Code product of Oracle MySQL ( ...)
- TODO: check
+ NOT-FOR-US: MySQL Shell for VS Code
CVE-2022-21554 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 6.1.36-dfsg-1
CVE-2022-21553 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
@@ -53875,7 +53873,7 @@ CVE-2021-42925
CVE-2021-42924
RESERVED
CVE-2021-42923 (ShowMyPC 3606 on Windows suffers from a DLL hijack vulnerability. If a ...)
- TODO: check
+ NOT-FOR-US: ShowMyPC 3606 on Windows
CVE-2021-42922
RESERVED
CVE-2021-42921
@@ -54287,7 +54285,7 @@ CVE-2021-42757 (A buffer overflow [CWE-121] in the TFTP client library of FortiO
CVE-2021-42756
RESERVED
CVE-2021-42755 (An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitc ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2021-42754 (An improper control of generation of code vulnerability [CWE-94] in Fo ...)
NOT-FOR-US: Fortiguard
CVE-2021-42753 (An improper limitation of a pathname to a restricted directory ('Path ...)
@@ -55673,7 +55671,7 @@ CVE-2022-20236 (A drm driver have oob problem, could cause the system crash or E
CVE-2022-20235
RESERVED
CVE-2022-20234 (In Car Settings app, the NotificationAccessConfirmationActivity is exp ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20233 (In param_find_digests_internal and related functions of the Titan-M so ...)
NOT-FOR-US: Google Pixel
CVE-2022-20232
@@ -55706,7 +55704,7 @@ CVE-2022-20220 (In openFile of CallLogProvider.java, there is a possible permiss
CVE-2022-20219 (In multiple functions of StorageManagerService.java and UserManagerSer ...)
NOT-FOR-US: Android
CVE-2022-20218 (In PermissionController, there is a possible way to get and retain per ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20217 (There is a unauthorized broadcast in the SprdContactsProvider. A third ...)
NOT-FOR-US: Unisoc
CVE-2022-20216 (android exported is used to set third-party app access permissions, an ...)
@@ -55718,7 +55716,7 @@ CVE-2022-20214
CVE-2022-20213
RESERVED
CVE-2022-20212 (In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a p ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20211
RESERVED
CVE-2022-20210 (The UE and the EMM communicate with each other using NAS messages. Whe ...)
@@ -58959,7 +58957,7 @@ CVE-2021-41421 (A PHP code injection vulnerability in MaianAffiliate v.1.0 allow
CVE-2021-41420 (A stored XSS vulnerability in MaianAffiliate v.1.0 allows an authentic ...)
NOT-FOR-US: MaianAffiliate
CVE-2021-41419 (QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution ...)
- TODO: check
+ NOT-FOR-US: QVIS NVR DVR
CVE-2021-41418 (AriaNg v0.1.0~v1.2.2 is affected by an incorrect access control vulner ...)
NOT-FOR-US: AriaNg
CVE-2021-41417
@@ -59956,7 +59954,7 @@ CVE-2021-41043 (Use after free in tcpslice triggers AddressSanitizer, no other c
NOTE: https://github.com/the-tcpdump-group/tcpslice/issues/11
NOTE: https://github.com/the-tcpdump-group/tcpslice/commit/030859fce9c77417de657b9bb29c0f78c2d68f4a (tcpslice-1.5)
CVE-2021-41042 (In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initia ...)
- TODO: check
+ NOT-FOR-US: Eclipse Lyo
CVE-2021-41041 (In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw ...)
NOT-FOR-US: Eclipse OpenJ9
CVE-2021-41040 (In Eclipse Wakaama, ever since its inception until 2021-01-14, the CoA ...)
@@ -59970,7 +59968,7 @@ CVE-2021-41039 (In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 clien
CVE-2021-41038 (In versions of the @theia/plugin-ext component of Eclipse Theia prior ...)
NOT-FOR-US: Eclipse Theia
CVE-2021-41037 (In Eclipse p2, installable units are able to alter the Eclipse Platfor ...)
- TODO: check
+ NOT-FOR-US: Eclipse p2
CVE-2021-41036 (In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client ...)
- paho.mqtt.c <not-affected> (Fixed before initial upload to Debian)
NOTE: https://github.com/eclipse/paho.mqtt.embedded-c/issues/96
@@ -59983,7 +59981,7 @@ CVE-2021-41033 (In all released versions of Eclipse Equinox, at least until vers
CVE-2021-41032 (An improper access control vulnerability [CWE-284] in FortiOS versions ...)
NOT-FOR-US: Fortiguard
CVE-2021-41031 (A relative path traversal vulnerability [CWE-23] in FortiClient for Wi ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2021-41030 (An authentication bypass by capture-replay vulnerability [CWE-294] in ...)
NOT-FOR-US: FortiGuard
CVE-2021-41029 (A improper neutralization of input during web page generation ('cross- ...)
@@ -62219,9 +62217,9 @@ CVE-2021-40153 (squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores th
NOTE: https://github.com/plougher/squashfs-tools/commit/79b5a555058eef4e1e7ff220c344d39f8cd09646 (4.5)
NOTE: https://github.com/plougher/squashfs-tools/issues/72
CVE-2021-40150 (The web server of the E1 Zoom camera through 3.0.0.716 discloses its c ...)
- TODO: check
+ NOT-FOR-US: E1 Zoom camera
CVE-2021-40149 (The web server of the E1 Zoom camera through 3.0.0.716 discloses its S ...)
- TODO: check
+ NOT-FOR-US: E1 Zoom camera
CVE-2021-40148 (In Modem EMM, there is a possible information disclosure due to a miss ...)
NOT-FOR-US: Mediatek components for Android
CVE-2021-3743 (An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC ...)
@@ -62563,15 +62561,15 @@ CVE-2021-40018 (The eID module has a null pointer reference vulnerability. Succe
CVE-2021-40017
RESERVED
CVE-2021-40016 (Improper permission control vulnerability in the Bluetooth module.Succ ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40015 (There is a race condition vulnerability in the binder driver subsystem ...)
NOT-FOR-US: Huawei
CVE-2021-40014 (The bone voice ID trusted application (TA) has a heap overflow vulnera ...)
NOT-FOR-US: Huawei
CVE-2021-40013 (Improper permission control vulnerability in the Bluetooth module.Succ ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40012 (Vulnerability of pointers being incorrectly used during data transmiss ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40011 (There is an uncontrolled resource consumption vulnerability in the dis ...)
NOT-FOR-US: Huawei
CVE-2021-40010 (The bone voice ID TA has a heap overflow vulnerability.Successful expl ...)
@@ -62597,7 +62595,7 @@ CVE-2021-40001 (The CaasKit module has a path traversal vulnerability. Successfu
CVE-2021-40000 (The Bluetooth module has an out-of-bounds write vulnerability. Success ...)
NOT-FOR-US: Huawei
CVE-2021-39999 (There is a buffer overflow vulnerability in eSE620X vESS V100R001C10SP ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-39998 (There is Vulnerability of APIs being concurrently called for multiple ...)
NOT-FOR-US: Huawei
CVE-2021-39997 (There is a vulnerability of unstrict input parameter verification in t ...)
@@ -65217,7 +65215,7 @@ CVE-2021-38938
CVE-2021-38937 (IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authent ...)
NOT-FOR-US: IBM
CVE-2021-38936 (IBM QRadar SIEM 7.3, 7.4, and 7.5 could disclose highly sensitive info ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-38935 (IBM Maximo Asset Management 7.6.1.2 does not require that users should ...)
NOT-FOR-US: IBM
CVE-2021-38934
@@ -65353,7 +65351,7 @@ CVE-2021-38870 (IBM Aspera Cloud is vulnerable to stored cross-site scripting. T
CVE-2021-38869 (IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatic ...)
NOT-FOR-US: IBM
CVE-2021-38868 (IBM Engineering Requirements Quality Assistant On-Premises (All versio ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-38867
RESERVED
CVE-2021-38866
@@ -66845,7 +66843,7 @@ CVE-2021-38291 (FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1
CVE-2021-38290 (A host header attack vulnerability exists in FUEL CMS 1.5.0 through fu ...)
NOT-FOR-US: FUEL CMS
CVE-2021-38289 (An issue has been discovered in Novastar-VNNOX-iCare Novaicare 7.16.0 ...)
- TODO: check
+ NOT-FOR-US: Novastar-VNNOX-iCare
CVE-2021-38288
RESERVED
CVE-2021-38287
@@ -70514,7 +70512,7 @@ CVE-2021-36851 (Authenticated (editor or higher user role) Cross-Site Scripting
CVE-2021-36850 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress Media Fil ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36849 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36848 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36847
@@ -70940,7 +70938,7 @@ CVE-2021-36713
CVE-2021-36712
RESERVED
CVE-2021-36711 (WebInterface in OctoBot before 0.4.4 allows remote code execution beca ...)
- TODO: check
+ NOT-FOR-US: OctoBot
CVE-2021-36710 (ToaruOS 1.99.2 is affected by incorrect access control via the kernel. ...)
NOT-FOR-US: ToaruOS
CVE-2021-36709
@@ -71033,13 +71031,13 @@ CVE-2021-36670
CVE-2021-36669
RESERVED
CVE-2021-36668 (URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to for ...)
- TODO: check
+ NOT-FOR-US: Druva inSync
CVE-2021-36667 (Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allow ...)
- TODO: check
+ NOT-FOR-US: Druva inSync
CVE-2021-36666 (An issue was discovered in Druva 6.9.0 for MacOS, allows attackers to ...)
- TODO: check
+ NOT-FOR-US: Druva inSync
CVE-2021-36665 (An issue was discovered in Druva 6.9.0 for macOS, allows attackers to ...)
- TODO: check
+ NOT-FOR-US: Druva inSync
CVE-2021-36664
RESERVED
CVE-2021-36663
@@ -71452,7 +71450,7 @@ CVE-2021-36463
CVE-2021-36462
RESERVED
CVE-2021-36461 (An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that ...)
- TODO: check
+ NOT-FOR-US: microweber
CVE-2021-36460 (VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account's password ...)
NOT-FOR-US: VeryFitPro
CVE-2021-36459
@@ -72070,7 +72068,7 @@ CVE-2021-36202 (Server-Side Request Forgery (SSRF) vulnerability in Johnson Cont
CVE-2021-36201
RESERVED
CVE-2021-36200 (Under certain circumstances an unauthenticated user could access the t ...)
- TODO: check
+ NOT-FOR-US: Johnson Controls
CVE-2021-36199 (Running a vulnerability scanner against VideoEdge NVRs can cause some ...)
NOT-FOR-US: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls, Inc.
CVE-2021-36198 (Successful exploitation of this vulnerability could allow an unauthori ...)
@@ -74397,7 +74395,7 @@ CVE-2021-35285
CVE-2021-35284
RESERVED
CVE-2021-35283 (SQL Injection vulnerability in product_admin.php in atoms183 CMS 1.0, ...)
- TODO: check
+ NOT-FOR-US: atoms183 CMS
CVE-2021-35282
RESERVED
CVE-2021-35281
@@ -75068,9 +75066,9 @@ CVE-2021-34989
CVE-2021-34988
RESERVED
CVE-2021-34987 (This vulnerability allows local attackers to escalate privileges on af ...)
- TODO: check
+ NOT-FOR-US: Parallels
CVE-2021-34986 (This vulnerability allows local attackers to escalate privileges on af ...)
- TODO: check
+ NOT-FOR-US: Parallels
CVE-2021-34985 (This vulnerability allows remote attackers to disclose sensitive infor ...)
NOT-FOR-US: Bentley ContextCapture
CVE-2021-34984 (This vulnerability allows remote attackers to disclose sensitive infor ...)
@@ -82978,7 +82976,7 @@ CVE-2021-31860
CVE-2021-31859 (Incorrect privileges in the MU55 FlexiSpooler service in YSoft SafeQ 6 ...)
NOT-FOR-US: Ysoft SafeQ
CVE-2021-31858 (DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Script ...)
- TODO: check
+ NOT-FOR-US: DotNetNuke
CVE-2021-31857 (In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, att ...)
NOT-FOR-US: Zoho ManageEngine Password Manager Pro
CVE-2021-31856 (A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 ...)
@@ -88683,7 +88681,7 @@ CVE-2021-29757 (IBM QRadar User Behavior Analytics 4.1.1 is vulnerable to cross-
CVE-2021-29756 (IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site req ...)
NOT-FOR-US: IBM
CVE-2021-29755 (IBM QRadar SIEM 7.3, 7.4, and 7.5 does not preform proper certificate ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-29754 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
NOT-FOR-US: IBM
CVE-2021-29753 (IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Proc ...)
@@ -115266,7 +115264,7 @@ CVE-2020-35165
CVE-2020-35164 (Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSA ...)
NOT-FOR-US: Dell
CVE-2020-35163 (Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSA ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2020-35162
RESERVED
CVE-2020-35161
@@ -140283,9 +140281,9 @@ CVE-2020-21408
CVE-2020-21407
RESERVED
CVE-2020-21406 (An issue was discovered in RK Smart TV Box MAX and V88 SmartTV box tha ...)
- TODO: check
+ NOT-FOR-US: RK Smart TV Box MAX
CVE-2020-21405 (An issue was discovered in H96 Smart TV Box H96 Pro Plus allows attack ...)
- TODO: check
+ NOT-FOR-US: H96 Smart TV Box H96
CVE-2020-21404
RESERVED
CVE-2020-21403
@@ -157091,7 +157089,7 @@ CVE-2020-14128
CVE-2020-14127 (A denial of service vulnerability exists in some Xiaomi models of phon ...)
NOT-FOR-US: Xiaomi
CVE-2020-14126 (Information leakage vulnerability exists in the Mi Sound APP. This vul ...)
- TODO: check
+ NOT-FOR-US: Xiaomi
CVE-2020-14125 (A denial of service vulnerability exists in some Xiaomi models of phon ...)
NOT-FOR-US: Xiaomi
CVE-2020-14124 (There is a buffer overflow in librsa.so called by getwifipwdurl interf ...)
@@ -157115,7 +157113,7 @@ CVE-2020-14116 (An intent redirection vulnerability in the Mi Browser product. T
CVE-2020-14115 (A command injection vulnerability exists in the Xiaomi Router AX3600. ...)
NOT-FOR-US: Xiaomi
CVE-2020-14114 (information leakage vulnerability exists in the Xiaomi SmartHome APP. ...)
- TODO: check
+ NOT-FOR-US: Xiaomi
CVE-2020-14113
RESERVED
CVE-2020-14112 (Information Leak Vulnerability exists in the Xiaomi Router AX6000. The ...)
@@ -404229,7 +404227,7 @@ CVE-2015-3209 (Heap-based buffer overflow in the PCNET controller in QEMU allows
CVE-2015-3208 (XML external entity (XXE) vulnerability in the XPath selector componen ...)
NOT-FOR-US: HornetQ
CVE-2015-3207 (In Openshift Origin 3 the cookies being set in console have no 'secure ...)
- TODO: check
+ NOT-FOR-US: OpenShift
CVE-2015-3206 (The checkPassword function in python-kerberos does not authenticate th ...)
{DLA-265-2 DLA-265-1}
- pykerberos 1.1.5-1 (bug #796195)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7fd56165cdaf9fc6a270deab9a9f010b262ae5a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7fd56165cdaf9fc6a270deab9a9f010b262ae5a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220722/69ac9030/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list