[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jun 1 09:10:23 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
319de1ca by security tracker role at 2022-06-01T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,95 @@
+CVE-2022-32202 (In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::Fe ...)
+ TODO: check
+CVE-2022-32201 (In libjpeg 1.63, there is a NULL pointer dereference in Component::Sub ...)
+ TODO: check
+CVE-2022-32200 (libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_strin ...)
+ TODO: check
+CVE-2022-32199
+ RESERVED
+CVE-2022-32198
+ RESERVED
+CVE-2022-32197
+ RESERVED
+CVE-2022-32196
+ RESERVED
+CVE-2022-32195
+ RESERVED
+CVE-2022-32194
+ RESERVED
+CVE-2022-32193
+ RESERVED
+CVE-2022-32192
+ RESERVED
+CVE-2022-32191
+ RESERVED
+CVE-2022-32190
+ RESERVED
+CVE-2022-32189
+ RESERVED
+CVE-2022-32188
+ RESERVED
+CVE-2022-32187
+ RESERVED
+CVE-2022-32186
+ RESERVED
+CVE-2022-32185
+ RESERVED
+CVE-2022-32184
+ RESERVED
+CVE-2022-32183
+ RESERVED
+CVE-2022-32182
+ RESERVED
+CVE-2022-32181
+ RESERVED
+CVE-2022-32180
+ RESERVED
+CVE-2022-32179
+ RESERVED
+CVE-2022-32178
+ RESERVED
+CVE-2022-32177
+ RESERVED
+CVE-2022-32176
+ RESERVED
+CVE-2022-32175
+ RESERVED
+CVE-2022-32174
+ RESERVED
+CVE-2022-32173
+ RESERVED
+CVE-2022-32172
+ RESERVED
+CVE-2022-32171
+ RESERVED
+CVE-2022-32170
+ RESERVED
+CVE-2022-32169
+ RESERVED
+CVE-2022-32168
+ RESERVED
+CVE-2022-32167
+ RESERVED
+CVE-2022-32166
+ RESERVED
+CVE-2022-32165
+ RESERVED
+CVE-2022-32164
+ RESERVED
+CVE-2022-32163
+ RESERVED
+CVE-2022-32162
+ RESERVED
+CVE-2022-32161
+ RESERVED
+CVE-2022-32160
+ RESERVED
+CVE-2022-32159
+ RESERVED
+CVE-2022-1963
+ RESERVED
+CVE-2021-4233
+ RESERVED
CVE-2022-32158
RESERVED
CVE-2022-32157
@@ -722,8 +814,8 @@ CVE-2022-31814
RESERVED
CVE-2022-1948
RESERVED
-CVE-2022-1947
- RESERVED
+CVE-2022-1947 (Use of Incorrect Operator in GitHub repository polonel/trudesk prior t ...)
+ TODO: check
CVE-2022-1946
RESERVED
CVE-2022-31813
@@ -1402,8 +1494,8 @@ CVE-2022-31620 (In libjpeg before 1.64, BitStream<false>::Get in bitstream
NOTE: https://github.com/thorfdbg/libjpeg/commit/ef4a29a62ab48b8dc235f4af52cfd6319eda9a6a
CVE-2022-30533
RESERVED
-CVE-2022-1893
- RESERVED
+CVE-2022-1893 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
+ TODO: check
CVE-2022-1892
RESERVED
CVE-2022-1891
@@ -2436,8 +2528,8 @@ CVE-2022-31259 (The route lookup process in beego through 1.12.4 and 2.x through
NOT-FOR-US: Beego
CVE-2022-31258 (In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1. ...)
- check-mk <removed>
-CVE-2022-1808
- RESERVED
+CVE-2022-1808 (Execution with Unnecessary Privileges in GitHub repository polonel/tru ...)
+ TODO: check
CVE-2022-31257
RESERVED
CVE-2022-31256
@@ -2583,8 +2675,8 @@ CVE-2022-31200
RESERVED
CVE-2022-31199
RESERVED
-CVE-2022-1797
- RESERVED
+CVE-2022-1797 (A malformed Class 3 common industrial protocol message with a cached c ...)
+ TODO: check
CVE-2022-31198
RESERVED
CVE-2022-31197
@@ -2951,36 +3043,36 @@ CVE-2022-31017
RESERVED
CVE-2022-31016
RESERVED
-CVE-2022-31015
- RESERVED
+CVE-2022-31015 (Waitress is a Web Server Gateway Interface server for Python 2 and 3. ...)
+ TODO: check
CVE-2022-31014
RESERVED
-CVE-2022-31013
- RESERVED
+CVE-2022-31013 (Chat Server is the chat server for Vartalap, an open-source messaging ...)
+ TODO: check
CVE-2022-31012
RESERVED
-CVE-2022-31011
- RESERVED
+CVE-2022-31011 (TiDB is an open-source NewSQL database that supports Hybrid Transactio ...)
+ TODO: check
CVE-2022-31010
RESERVED
CVE-2022-31009
RESERVED
CVE-2022-31008
RESERVED
-CVE-2022-31007
- RESERVED
+CVE-2022-31007 (eLabFTW is an electronic lab notebook manager for research teams. Prio ...)
+ TODO: check
CVE-2022-31006
RESERVED
-CVE-2022-31005
- RESERVED
+CVE-2022-31005 (Vapor is an HTTP web framework for Swift. Users of Vapor prior to vers ...)
+ TODO: check
CVE-2022-31004 (CVEProject/cve-services is an open source project used to operate the ...)
NOT-FOR-US: CVEProject/cve-services
-CVE-2022-31003
- RESERVED
+CVE-2022-31003 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...)
+ TODO: check
CVE-2022-31002 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...)
TODO: check
-CVE-2022-31001
- RESERVED
+CVE-2022-31001 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...)
+ TODO: check
CVE-2022-31000
RESERVED
CVE-2022-30999 (FriendsofFlarum (FoF) Upload is an extension that handles file uploads ...)
@@ -3047,16 +3139,14 @@ CVE-2022-1791
RESERVED
CVE-2022-1790
RESERVED
-CVE-2022-1789 [KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID]
- RESERVED
+CVE-2022-1789 (With shadow paging enabled, the INVPCID instruction results in a call ...)
- linux 5.17.11-1
NOTE: https://git.kernel.org/linus/9f46c187e2e680ecd9de7983e4d081c3391acc76
CVE-2022-1788
RESERVED
CVE-2022-1787
RESERVED
-CVE-2022-1786 [io_uring: always use original task when preparing req identity]
- RESERVED
+CVE-2022-1786 (A use-after-free flaw was found in the Linux kernel’s io_uring s ...)
- linux 5.14.6-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -4352,10 +4442,10 @@ CVE-2022-30527
CVE-2022-1662
RESERVED
NOT-FOR-US: Red Hat convert2rhel
-CVE-2022-1661
- RESERVED
-CVE-2022-1660
- RESERVED
+CVE-2022-1661 (The affected products are vulnerable to directory traversal, which may ...)
+ TODO: check
+CVE-2022-1660 (The affected products are vulnerable of untrusted data due to deserial ...)
+ TODO: check
CVE-2022-1659
RESERVED
CVE-2022-1658
@@ -4556,8 +4646,8 @@ CVE-2022-30492
RESERVED
CVE-2022-30491
RESERVED
-CVE-2022-30490
- RESERVED
+CVE-2022-30490 (Badminton Center Management System V1.0 is vulnerable to SQL Injection ...)
+ TODO: check
CVE-2022-30489 (WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS ...)
NOT-FOR-US: WAVLINK
CVE-2022-30488
@@ -4572,16 +4662,16 @@ CVE-2022-30484
RESERVED
CVE-2022-30483
RESERVED
-CVE-2022-30482
- RESERVED
-CVE-2022-30481
- RESERVED
+CVE-2022-30482 (Ecommerce-project-with-php-and-mysqli-Fruits-Bazar- 1.0 is vulnerable ...)
+ TODO: check
+CVE-2022-30481 (Food-order-and-table-reservation-system- 1.0 is vulnerable to SQL Inje ...)
+ TODO: check
CVE-2022-30480
RESERVED
CVE-2022-30479
RESERVED
-CVE-2022-30478
- RESERVED
+CVE-2022-30478 (Ecommerce-project-with-php-and-mysqli-Fruits-Bazar 1.0 is vulnerable t ...)
+ TODO: check
CVE-2022-30477 (Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to conta ...)
NOT-FOR-US: Tenda
CVE-2022-30476 (Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to conta ...)
@@ -5043,10 +5133,12 @@ CVE-2022-30295 (uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predict
NOTE: https://mailman.openadk.org/mailman3/hyperkitty/list/devel@uclibc-ng.org/thread/6JWRW3P4VN54J5FHUDK7IQOU4V35HHDZ/
NOTE: src:uclibc switched to the uClibc-ng source codebase with the 1.0.20-1 upload.
CVE-2022-30294 (In WebKitGTK through 2.36.0 (and WPE WebKit), there is a use-after-fre ...)
+ {DSA-5155-1 DSA-5154-1}
- webkit2gtk 2.36.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.36.1-1
CVE-2022-30293 (In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based bu ...)
+ {DSA-5155-1 DSA-5154-1}
- webkit2gtk 2.36.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.36.1-1
@@ -6947,8 +7039,8 @@ CVE-2022-29655 (An arbitrary file upload vulnerability in the Upload Photos modu
NOT-FOR-US: Wedding Management System
CVE-2022-29654
RESERVED
-CVE-2022-29653
- RESERVED
+CVE-2022-29653 (OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vu ...)
+ TODO: check
CVE-2022-29652 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...)
NOT-FOR-US: Sourcecodester Online Sports Complex Booking System
CVE-2022-29651 (An arbitrary file upload vulnerability in the Select Image function of ...)
@@ -6957,10 +7049,10 @@ CVE-2022-29650 (Online Food Ordering System v1.0 was discovered to contain a SQL
NOT-FOR-US: Online Food Ordering System
CVE-2022-29649
RESERVED
-CVE-2022-29648
- RESERVED
-CVE-2022-29647
- RESERVED
+CVE-2022-29648 (A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows ...)
+ TODO: check
+CVE-2022-29647 (An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability t ...)
+ TODO: check
CVE-2022-29646 (An access control issue in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and ...)
NOT-FOR-US: TOTOLINK
CVE-2022-29645 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...)
@@ -7005,8 +7097,8 @@ CVE-2022-29626
RESERVED
CVE-2022-29625
RESERVED
-CVE-2022-29624
- RESERVED
+CVE-2022-29624 (An arbitrary file upload vulnerability in the Add File function of TPC ...)
+ TODO: check
CVE-2022-29623 (An arbitrary file upload vulnerability in the file upload module of Co ...)
NOT-FOR-US: expressjs/connect-multiparty
CVE-2022-29622 (An arbitrary file upload vulnerability in formidable v3.1.4 allows att ...)
@@ -7294,8 +7386,8 @@ CVE-2022-29542
RESERVED
CVE-2022-29541
RESERVED
-CVE-2022-29540
- RESERVED
+CVE-2022-29540 (resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issu ...)
+ TODO: check
CVE-2022-29539 (resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Inject ...)
NOT-FOR-US: RESI Gemini-Net
CVE-2022-29538 (RESI Gemini-Net Web 4.2 is affected by Improper Access Control in auth ...)
@@ -9003,8 +9095,8 @@ CVE-2022-28947
RESERVED
CVE-2022-28946 (An issue in the component ast/parser.go of Open Policy Agent v0.39.0 c ...)
NOT-FOR-US: Open Policy Agent
-CVE-2022-28945
- RESERVED
+CVE-2022-28945 (An issue in Webbank WeCube v3.2.2 allows attackers to execute a direct ...)
+ TODO: check
CVE-2022-28944 (Certain EMCO Software products are affected by: CWE-494: Download of C ...)
NOT-FOR-US: EMCO
CVE-2022-28943
@@ -9205,8 +9297,8 @@ CVE-2022-28861
RESERVED
CVE-2022-28860
RESERVED
-CVE-2022-1285
- RESERVED
+CVE-2022-1285 (Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prio ...)
+ TODO: check
CVE-2022-28857
RESERVED
CVE-2022-28856
@@ -9923,8 +10015,7 @@ CVE-2022-1217 (The Custom TinyMCE Shortcode Button WordPress plugin through 1.1
NOT-FOR-US: WordPress plugin
CVE-2022-1216 (The Advanced Image Sitemap WordPress plugin through 1.2 does not sanit ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1215
- RESERVED
+CVE-2022-1215 (A format string vulnerability was found in libinput ...)
- libinput 1.20.1-1
[bullseye] - libinput <no-dsa> (Minor issue)
[buster] - libinput <no-dsa> (Minor issue)
@@ -9943,8 +10034,8 @@ CVE-2022-28607
RESERVED
CVE-2022-28606 (An arbitrary file upload vulnerability exists in Wenzhou Huoyin Inform ...)
NOT-FOR-US: BossCMS
-CVE-2022-28605
- RESERVED
+CVE-2022-28605 (LinkPlay Sound Bar v1.0 allows attackers to escalate privileges via a ...)
+ TODO: check
CVE-2022-28604
RESERVED
CVE-2022-28603
@@ -13121,7 +13212,7 @@ CVE-2022-27183 (The Monitoring Console app configured in Distributed mode allows
NOT-FOR-US: Splunk
CVE-2022-27180
RESERVED
-CVE-2022-26889 (The lack of sanitization in a relative url path in a search parameter ...)
+CVE-2022-26889 (In Splunk Enterprise versions before 8.1.2, the uri path to load a rel ...)
NOT-FOR-US: Splunk
CVE-2022-26888
RESERVED
@@ -15416,6 +15507,7 @@ CVE-2022-26720 (An out-of-bounds write issue was addressed with improved bounds
NOT-FOR-US: Apple
CVE-2022-26719
RESERVED
+ {DSA-5155-1 DSA-5154-1}
- webkit2gtk 2.36.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.36.3-1
@@ -15424,12 +15516,14 @@ CVE-2022-26718 (An out-of-bounds read issue was addressed with improved input va
NOT-FOR-US: Apple
CVE-2022-26717
RESERVED
+ {DSA-5155-1 DSA-5154-1}
- webkit2gtk 2.36.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.36.3-1
NOTE: https://webkitgtk.org/security/WSA-2022-0005.html
CVE-2022-26716
RESERVED
+ {DSA-5155-1 DSA-5154-1}
- webkit2gtk 2.36.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.36.3-1
@@ -15448,6 +15542,7 @@ CVE-2022-26710
RESERVED
CVE-2022-26709
RESERVED
+ {DSA-5155-1 DSA-5154-1}
- webkit2gtk 2.36.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.36.3-1
@@ -15470,6 +15565,7 @@ CVE-2022-26701 (A race condition was addressed with improved locking. This issue
NOT-FOR-US: Apple
CVE-2022-26700
RESERVED
+ {DSA-5155-1 DSA-5154-1}
- webkit2gtk 2.36.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.36.3-1
@@ -21163,12 +21259,12 @@ CVE-2022-0557 (OS Command Injection in Packagist microweber/microweber prior to
NOT-FOR-US: microweber
CVE-2022-24703
RESERVED
-CVE-2022-24702
- RESERVED
-CVE-2022-24701
- RESERVED
-CVE-2022-24700
- RESERVED
+CVE-2022-24702 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in WinAPRS 2.9 ...)
+ TODO: check
+CVE-2022-24701 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in WinAPRS 2.9 ...)
+ TODO: check
+CVE-2022-24700 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in WinAPRS 2.9 ...)
+ TODO: check
CVE-2022-0556 (A local privilege escalation vulnerability caused by incorrect permiss ...)
NOT-FOR-US: Zyxel
CVE-2022-0555
@@ -36872,14 +36968,14 @@ CVE-2021-44100
RESERVED
CVE-2021-44099
RESERVED
-CVE-2021-44098
- RESERVED
-CVE-2021-44097
- RESERVED
-CVE-2021-44096
- RESERVED
-CVE-2021-44095
- RESERVED
+CVE-2021-44098 (EGavilan Media Expense-Management-System 1.0 is vulnerable to SQL Inje ...)
+ TODO: check
+CVE-2021-44097 (EGavilan Media Contact-Form-With-Messages-Entry-Management 1.0 is vuln ...)
+ TODO: check
+CVE-2021-44096 (EGavilan Media User-Registration-and-Login-System-With-Admin-Panel 1.0 ...)
+ TODO: check
+CVE-2021-44095 (Project Worlds Official Hospital Management System in php 1.0 is vulne ...)
+ TODO: check
CVE-2021-44094 (ZrLog 2.2.2 has a remote command execution vulnerability at plugin dow ...)
NOT-FOR-US: zrlog
CVE-2021-44093 (A Remote Command Execution vulnerability on the background in zrlog 2. ...)
@@ -36908,8 +37004,8 @@ CVE-2021-44082 (textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) vi
NOT-FOR-US: Textpattern CMS
CVE-2021-44081 (A buffer overflow vulnerability exists in the AMF of open5gs 2.1.4. Wh ...)
NOT-FOR-US: Open5GS
-CVE-2021-44080
- RESERVED
+CVE-2021-44080 (A Command Injection vulnerability in httpd web server (setup.cgi) in S ...)
+ TODO: check
CVE-2021-4001 (A race condition was found in the Linux kernel's ebpf verifier between ...)
- linux 5.15.5-1
[bullseye] - linux 5.10.84-1
@@ -39798,8 +39894,8 @@ CVE-2021-43514
RESERVED
CVE-2021-43513
RESERVED
-CVE-2021-43512
- RESERVED
+CVE-2021-43512 (An issue was discovered in FlightRadar24 v8.9.0, v8.10.0, v8.10.2, v8. ...)
+ TODO: check
CVE-2021-43511
RESERVED
CVE-2021-43510 (SQL Injection vulnerability exists in Sourcecodester Simple Client Man ...)
@@ -42410,8 +42506,8 @@ CVE-2021-42874
RESERVED
CVE-2021-42873
RESERVED
-CVE-2021-42872
- RESERVED
+CVE-2021-42872 (TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vuln ...)
+ TODO: check
CVE-2021-42871
RESERVED
CVE-2021-42870 (ACCEL-PPP 1.12.0 has an out-of-bounds read in post_msg when processing ...)
@@ -43146,7 +43242,7 @@ CVE-2021-42583 (A Broken or Risky Cryptographic Algorithm exists in Max Mazurov
NOT-FOR-US: Max Mazurov Maddy
CVE-2021-42582
RESERVED
-CVE-2021-42581 (Prototype poisoning in function mapObjIndexed in Ramda 0.27.0 and earl ...)
+CVE-2021-42581 (** DISPUTED ** Prototype poisoning in function mapObjIndexed in Ramda ...)
NOTE: Disputed issue against Node ramda
NOTE: https://github.com/ramda/ramda/pull/3192
NOTE: https://jsfiddle.net/3pomzw5g/2/
@@ -45326,14 +45422,14 @@ CVE-2021-42206
RESERVED
CVE-2021-42205
RESERVED
-CVE-2021-42204
- RESERVED
-CVE-2021-42203
- RESERVED
-CVE-2021-42202
- RESERVED
-CVE-2021-42201
- RESERVED
+CVE-2021-42204 (An issue was discovered in swftools through 20201222. A heap-buffer-ov ...)
+ TODO: check
+CVE-2021-42203 (An issue was discovered in swftools through 20201222. A heap-use-after ...)
+ TODO: check
+CVE-2021-42202 (An issue was discovered in swftools through 20201222. A NULL pointer d ...)
+ TODO: check
+CVE-2021-42201 (An issue was discovered in swftools through 20201222. A heap-buffer-ov ...)
+ TODO: check
CVE-2021-42200 (An issue was discovered in swftools through 20201222. A NULL pointer d ...)
TODO: check
CVE-2021-42199 (An issue was discovered in swftools through 20201222. A heap buffer ov ...)
@@ -50446,8 +50542,8 @@ CVE-2021-40188 (PHPFusion 9.03.110 is affected by an arbitrary file upload vulne
NOT-FOR-US: PHP-Fusion
CVE-2021-40187
RESERVED
-CVE-2021-40186
- RESERVED
+CVE-2021-40186 (The AppCheck research team identified a Server-Side Request Forgery (S ...)
+ TODO: check
CVE-2021-40185
RESERVED
CVE-2021-40184
@@ -58726,8 +58822,8 @@ CVE-2021-36892
RESERVED
CVE-2021-36891
RESERVED
-CVE-2021-36890
- RESERVED
+CVE-2021-36890 (Cross-Site Request Forgery (CSRF) vulnerability in Social Share Button ...)
+ TODO: check
CVE-2021-36889 (Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabiliti ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36888 (Unauthenticated Arbitrary Options Update vulnerability leading to full ...)
@@ -58774,8 +58870,8 @@ CVE-2021-36868
RESERVED
CVE-2021-36867 (Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-36866
- RESERVED
+CVE-2021-36866 (Authenticated (author or higher role) Stored Cross-Site Scripting (XSS ...)
+ TODO: check
CVE-2021-36865
RESERVED
CVE-2021-36864
@@ -66882,8 +66978,8 @@ CVE-2021-33506 (jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensu
NOT-FOR-US: jitsi-meet-prosody
CVE-2021-33505 (A local malicious user can circumvent the Falco detection engine throu ...)
- falco <itp> (bug #842306)
-CVE-2021-33504
- RESERVED
+CVE-2021-33504 (Couchbase Server before 7.1.0 has Incorrect Access Control. ...)
+ TODO: check
CVE-2021-33503 (An issue was discovered in urllib3 before 1.26.5. When provided with a ...)
- python-urllib3 1.26.5-1~exp1 (bug #989848)
[buster] - python-urllib3 <no-dsa> (Minor issue)
@@ -69386,8 +69482,8 @@ CVE-2021-32548 (It was discovered that read_file() in apport/hookutils.py would
NOT-FOR-US: Apport
CVE-2021-32547 (It was discovered that read_file() in apport/hookutils.py would follow ...)
NOT-FOR-US: Apport
-CVE-2021-32546
- RESERVED
+CVE-2021-32546 (Missing input validation in internal/db/repo_editor.go in Gogs before ...)
+ TODO: check
CVE-2021-32545 (Pexip Infinity before 26 allows remote denial of service because of mi ...)
NOT-FOR-US: Pexip Infinity
CVE-2021-32544 (Special characters of IGT search function in igt+ are not filtered in ...)
@@ -81964,8 +82060,8 @@ CVE-2021-27780 (The software may be vulnerable to both Un-Auth XML interaction a
TODO: check
CVE-2021-27779 (VersionVault Express exposes sensitive information that an attacker ca ...)
NOT-FOR-US: HCL
-CVE-2021-27778
- RESERVED
+CVE-2021-27778 (HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by i ...)
+ TODO: check
CVE-2021-27777 (XML External Entity (XXE) injection vulnerabilities occur when poorly ...)
NOT-FOR-US: HCL
CVE-2021-27776
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/319de1caf6b84b2c71fc6396c987139109a99ce4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/319de1caf6b84b2c71fc6396c987139109a99ce4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220601/0b8b8ef5/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list