[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 21 21:10:39 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e980287e by security tracker role at 2022-06-21T20:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2022-34169
+ RESERVED
+CVE-2022-34168
+ RESERVED
+CVE-2022-34151
+ RESERVED
+CVE-2022-33971
+ RESERVED
+CVE-2022-33208
+ RESERVED
+CVE-2022-2165
+ RESERVED
+CVE-2022-2164
+ RESERVED
+CVE-2022-2163
+ RESERVED
+CVE-2022-2162
+ RESERVED
+CVE-2022-2161
+ RESERVED
+CVE-2022-2160
+ RESERVED
+CVE-2022-2159
+ RESERVED
+CVE-2022-2158
+ RESERVED
+CVE-2022-2157
+ RESERVED
+CVE-2022-2156
+ RESERVED
+CVE-2022-2155
+ RESERVED
+CVE-2022-2154
+ RESERVED
+CVE-2022-2153
+ RESERVED
+CVE-2022-2152
+ RESERVED
+CVE-2022-2151
+ RESERVED
+CVE-2022-2150
+ RESERVED
+CVE-2022-2149
+ RESERVED
+CVE-2022-2148
+ RESERVED
+CVE-2022-2147
+ RESERVED
+CVE-2022-2146
+ RESERVED
+CVE-2022-2145
+ RESERVED
+CVE-2022-2144
+ RESERVED
CVE-2022-34167
RESERVED
CVE-2022-34166
@@ -327,8 +381,8 @@ CVE-2022-34010
RESERVED
CVE-2022-34009
RESERVED
-CVE-2022-34008
- RESERVED
+CVE-2022-34008 (Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privile ...)
+ TODO: check
CVE-2022-34007
RESERVED
CVE-2022-34006 (An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2 ...)
@@ -356,8 +410,8 @@ CVE-2022-33997
RESERVED
CVE-2022-33996
RESERVED
-CVE-2022-33995
- RESERVED
+CVE-2022-33995 (A path traversal issue in entry attachments in Devolutions Remote Desk ...)
+ TODO: check
CVE-2022-33994
RESERVED
CVE-2017-20091
@@ -2372,8 +2426,8 @@ CVE-2022-33147
RESERVED
CVE-2022-33140 (The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 an ...)
NOT-FOR-US: Apache NiFi
-CVE-2022-33139
- RESERVED
+CVE-2022-33139 (A vulnerability has been identified in SIMATIC WinCC OA V3.16 (All ver ...)
+ TODO: check
CVE-2022-33138
RESERVED
CVE-2022-33137
@@ -2412,8 +2466,8 @@ CVE-2022-33121
RESERVED
CVE-2022-33120
RESERVED
-CVE-2022-33119
- RESERVED
+CVE-2022-33119 (NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contai ...)
+ TODO: check
CVE-2022-33118
RESERVED
CVE-2022-33117
@@ -2538,10 +2592,10 @@ CVE-2022-33058
RESERVED
CVE-2022-33057
RESERVED
-CVE-2022-33056
- RESERVED
-CVE-2022-33055
- RESERVED
+CVE-2022-33056 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...)
+ TODO: check
+CVE-2022-33055 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...)
+ TODO: check
CVE-2022-33054
RESERVED
CVE-2022-33053
@@ -2552,10 +2606,10 @@ CVE-2022-33051
RESERVED
CVE-2022-33050
RESERVED
-CVE-2022-33049
- RESERVED
-CVE-2022-33048
- RESERVED
+CVE-2022-33049 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...)
+ TODO: check
+CVE-2022-33048 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...)
+ TODO: check
CVE-2022-33047
RESERVED
CVE-2022-33046
@@ -2708,8 +2762,7 @@ CVE-2022-2070
RESERVED
CVE-2022-2069
RESERVED
-CVE-2022-2068 [The c_rehash script allows command injection]
- RESERVED
+CVE-2022-2068 (In addition to the c_rehash shell command injection identified in CVE- ...)
- openssl <unfixed>
NOTE: https://github.com/openssl/openssl/commit/2c9c35870601b4a44d86ddbf512b38df38285cfa (openssl-3.0.4)
NOTE: https://github.com/openssl/openssl/commit/9639817dac8bbbaa64d09efad7464ccc405527c7 (OpenSSL_1_1_1p)
@@ -2799,10 +2852,10 @@ CVE-2022-32976
RESERVED
CVE-2022-32975
RESERVED
-CVE-2022-32974
- RESERVED
-CVE-2022-32973
- RESERVED
+CVE-2022-32974 (An authenticated attacker could read arbitrary files from the underlyi ...)
+ TODO: check
+CVE-2022-32973 (An authenticated attacker could create an audit file that bypasses Pow ...)
+ TODO: check
CVE-2022-32972
RESERVED
CVE-2022-32969
@@ -4127,8 +4180,8 @@ CVE-2022-32416
RESERVED
CVE-2022-32415
RESERVED
-CVE-2022-32414
- RESERVED
+CVE-2022-32414 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation in ...)
+ TODO: check
CVE-2022-32413
RESERVED
CVE-2022-32412
@@ -4547,7 +4600,7 @@ CVE-2022-32274
RESERVED
CVE-2022-32273 (As a result of an observable discrepancy in returned messages, OPSWAT ...)
NOT-FOR-US: OPSWAT MetaDefender Core
-CVE-2022-32272 (OPSWAT MetaDefender Core (MDCore) before 5.1.2 has incorrect access co ...)
+CVE-2022-32272 (OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1 ...)
NOT-FOR-US: OPSWAT MetaDefender Core
CVE-2022-32271 (In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code ...)
NOT-FOR-US: Real Player
@@ -5641,10 +5694,10 @@ CVE-2022-31803
RESERVED
CVE-2022-31802
RESERVED
-CVE-2022-31801
- RESERVED
-CVE-2022-31800
- RESERVED
+CVE-2022-31801 (An unauthenticated, remote attacker could upload malicious logic to th ...)
+ TODO: check
+CVE-2022-31800 (An unauthenticated, remote attacker could upload malicious logic to de ...)
+ TODO: check
CVE-2022-1945 (The Coming Soon & Maintenance Mode by Colorlib WordPress plugin be ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1944 (When the feature is configured, improper authorization in the Interact ...)
@@ -5766,8 +5819,8 @@ CVE-2022-31788 (IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/Class
NOT-FOR-US: IdeaLMS
CVE-2022-31787
RESERVED
-CVE-2022-31786
- RESERVED
+CVE-2022-31786 (IdeaLMS 2022 allows reflected Cross Site Scripting (XSS) via the IdeaL ...)
+ TODO: check
CVE-2022-31785
RESERVED
CVE-2022-31784 (A vulnerability in the management interface of MiVoice Business throug ...)
@@ -6846,8 +6899,8 @@ CVE-2022-31480 (An unauthenticated attacker could arbitrarily upload firmware fi
NOT-FOR-US: HID Mercury Intelligent Controllers
CVE-2022-31479 (An unauthenticated attacker can update the hostname with a specially c ...)
NOT-FOR-US: HID Mercury Intelligent Controllers
-CVE-2022-31478
- RESERVED
+CVE-2022-31478 (The UserTakeOver plugin before 4.0.1 for ILIAS allows an attacker to l ...)
+ TODO: check
CVE-2022-1841
RESERVED
CVE-2022-1840 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -7050,10 +7103,10 @@ CVE-2022-31376
RESERVED
CVE-2022-31375
RESERVED
-CVE-2022-31374
- RESERVED
-CVE-2022-31373
- RESERVED
+CVE-2022-31374 (An arbitrary file upload vulnerability /images/background/1.php in of ...)
+ TODO: check
+CVE-2022-31373 (SolarView Compact v6.0 was discovered to contain a cross-site scriptin ...)
+ TODO: check
CVE-2022-31372 (Wiris Mathtype v7.28.0 was discovered to contain a path traversal vuln ...)
NOT-FOR-US: Wiris Mathtype
CVE-2022-31371
@@ -7184,18 +7237,18 @@ CVE-2022-31309 (A vulnerability in live_check.shtml of WAVLINK AERIAL X 1200M M7
NOT-FOR-US: WAVLINK
CVE-2022-31308 (A vulnerability in live_mfg.shtml of WAVLINK AERIAL X 1200M M79X3.V503 ...)
NOT-FOR-US: WAVLINK
-CVE-2022-31307
- RESERVED
-CVE-2022-31306
- RESERVED
+CVE-2022-31307 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation in ...)
+ TODO: check
+CVE-2022-31306 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation in ...)
+ TODO: check
CVE-2022-31305
RESERVED
CVE-2022-31304
RESERVED
-CVE-2022-31303
- RESERVED
-CVE-2022-31302
- RESERVED
+CVE-2022-31303 (maccms10 was discovered to contain a stored cross-site scripting (XSS) ...)
+ TODO: check
+CVE-2022-31302 (maccms8 was discovered to contain a stored cross-site scripting (XSS) ...)
+ TODO: check
CVE-2022-31301 (Haraj v3.7 was discovered to contain a stored cross-site scripting (XS ...)
NOT-FOR-US: Haraj
CVE-2022-31300 (A cross-site scripting vulnerability in the DM Section component of Ha ...)
@@ -7281,8 +7334,7 @@ CVE-2022-1834
{DSA-5158-1 DLA-3041-1}
- thunderbird 1:91.10.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-1834
-CVE-2022-1833
- RESERVED
+CVE-2022-1833 (A flaw was found in AMQ Broker Operator 7.9.4 installed via UI using O ...)
NOT-FOR-US: Red Hat AMQ Broker
CVE-2022-1832 (The CaPa Protect WordPress plugin through 0.5.8.2 does not have CSRF c ...)
NOT-FOR-US: WordPress plugin
@@ -8536,8 +8588,8 @@ CVE-2022-30876
RESERVED
CVE-2022-30875 (Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Er ...)
- dolibarr <removed>
-CVE-2022-30874
- RESERVED
+CVE-2022-30874 (There is a Cross Site Scripting Stored (XSS) vulnerability in NukeViet ...)
+ TODO: check
CVE-2022-30873
RESERVED
CVE-2022-30872
@@ -8709,14 +8761,14 @@ CVE-2022-30790 (Das U-Boot 2022.01 has a Buffer Overflow, a different issue than
NOTE: https://research.nccgroup.com/2022/06/03/technical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-30552/
NOTE: Fixed by: https://source.denx.de/u-boot/u-boot/-/commit/b85d130ea0cac152c21ec38ac9417b31d41b5552 (v2022.07-rc4~4)
CVE-2022-30789 (A crafted NTFS image can cause a heap-based buffer overflow in ntfs_ch ...)
- {DSA-5160-1}
+ {DSA-5160-1 DLA-3055-1}
- ntfs-3g 1:2022.5.17-1 (bug #1011770)
NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/1
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x
NOTE: Patches: https://github.com/tuxera/ntfs-3g/compare/2021.8.22...2022.5.17
NOTE: https://github.com/tuxera/ntfs-3g/commit/6efc1305c1951c1d72181f449f2fab68fa25fae8 (2022.5.17)
CVE-2022-30788 (A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mf ...)
- {DSA-5160-1}
+ {DSA-5160-1 DLA-3055-1}
- ntfs-3g 1:2022.5.17-1 (bug #1011770)
NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/1
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x
@@ -8724,7 +8776,7 @@ CVE-2022-30788 (A crafted NTFS image can cause a heap-based buffer overflow in n
NOTE: https://github.com/tuxera/ntfs-3g/commit/a8818cf779d3a32f2f52337c6f258c16719625a3 (2022.5.17)
NOTE: https://github.com/tuxera/ntfs-3g/commit/bce5734a757fd59d70a52f4d4fe9abe260629b3a (2022.5.17)
CVE-2022-30787 (An integer underflow in fuse_lib_readdir enables arbitrary memory read ...)
- {DSA-5160-1}
+ {DSA-5160-1 DLA-3055-1}
- ntfs-3g 1:2022.5.17-1 (bug #1011770)
NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/2
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58
@@ -8734,7 +8786,7 @@ CVE-2022-30787 (An integer underflow in fuse_lib_readdir enables arbitrary memor
NOTE: https://unparalleled.eu/publications/2022/advisory-unpar-2022-0.txt
NOTE: https://unparalleled.eu/blog/2022/20220607-help-to-heap-suid-privilege-escalation/
CVE-2022-30786 (A crafted NTFS image can cause a heap-based buffer overflow in ntfs_na ...)
- {DSA-5160-1}
+ {DSA-5160-1 DLA-3055-1}
- ntfs-3g 1:2022.5.17-1 (bug #1011770)
NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/1
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x
@@ -8742,7 +8794,7 @@ CVE-2022-30786 (A crafted NTFS image can cause a heap-based buffer overflow in n
NOTE: https://github.com/tuxera/ntfs-3g/commit/838b6e35b43062353998853eab50cd0675201ed7 (2022.5.17)
NOTE: https://github.com/tuxera/ntfs-3g/commit/5ce8941bf47291cd6ffe7cdb1797253f1cc3a86f (2022.5.17)
CVE-2022-30785 (A file handle created in fuse_lib_opendir, and later used in fuse_lib_ ...)
- {DSA-5160-1}
+ {DSA-5160-1 DLA-3055-1}
- ntfs-3g 1:2022.5.17-1 (bug #1011770)
NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/2
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58
@@ -8752,14 +8804,14 @@ CVE-2022-30785 (A file handle created in fuse_lib_opendir, and later used in fus
NOTE: https://unparalleled.eu/publications/2022/advisory-unpar-2022-0.txt
NOTE: https://unparalleled.eu/blog/2022/20220607-help-to-heap-suid-privilege-escalation/
CVE-2022-30784 (A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_v ...)
- {DSA-5160-1}
+ {DSA-5160-1 DLA-3055-1}
- ntfs-3g 1:2022.5.17-1 (bug #1011770)
NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/1
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x
NOTE: Patches: https://github.com/tuxera/ntfs-3g/compare/2021.8.22...2022.5.17
NOTE: https://github.com/tuxera/ntfs-3g/commit/60717a846deaaea47e50ce58872869f7bd1103b5 (2022.5.17)
CVE-2022-30783 (An invalid return code in fuse_kern_mount enables intercepting of libf ...)
- {DSA-5160-1}
+ {DSA-5160-1 DLA-3055-1}
- ntfs-3g 1:2022.5.17-1 (bug #1011770)
NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/2
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58
@@ -9396,8 +9448,8 @@ CVE-2022-1667
RESERVED
CVE-2022-1666
RESERVED
-CVE-2022-1665
- RESERVED
+CVE-2022-1665 (A set of pre-production kernel packages of Red Hat Enterprise Linux fo ...)
+ TODO: check
CVE-2022-1664 (Dpkg::Source::Archive in dpkg, the Debian package management system, b ...)
{DSA-5147-1 DLA-3022-1}
- dpkg 1.21.8
@@ -10135,8 +10187,8 @@ CVE-2022-1598 (The WPQA Builder WordPress plugin before 5.4 which is a companion
NOT-FOR-US: WordPress plugin
CVE-2022-1597 (The WPQA Builder WordPress plugin before 5.4, used as a companion for ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1596
- RESERVED
+CVE-2022-1596 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
+ TODO: check
CVE-2022-1595 (The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secr ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1594 (The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have ...)
@@ -11795,10 +11847,10 @@ CVE-2022-29777 (Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 an
NOT-FOR-US: Onlyoffice Document Server
CVE-2022-29776 (Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and belo ...)
NOT-FOR-US: Onlyoffice Document Server
-CVE-2022-29775
- RESERVED
-CVE-2022-29774
- RESERVED
+CVE-2022-29775 (iSpyConnect iSpy v7.2.2.0 allows attackers to bypass authentication vi ...)
+ TODO: check
+CVE-2022-29774 (iSpyConnect iSpy v7.2.2.0 is vulnerable to path traversal. ...)
+ TODO: check
CVE-2022-29773 (An access control issue in aleksis/core/util/auth_helpers.py: ClientPr ...)
NOT-FOR-US: AlekSIS
CVE-2022-29772
@@ -17273,18 +17325,18 @@ CVE-2022-27881 (engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has
NOT-FOR-US: slaacd from OpenBSD
CVE-2022-27873
RESERVED
-CVE-2022-27872
- RESERVED
-CVE-2022-27871
- RESERVED
-CVE-2022-27870
- RESERVED
-CVE-2022-27869
- RESERVED
-CVE-2022-27868
- RESERVED
-CVE-2022-27867
- RESERVED
+CVE-2022-27872 (A maliciously crafted PDF file may be used to dereference a pointer fo ...)
+ TODO: check
+CVE-2022-27871 (Autodesk AutoCAD product suite, Revit, Design Review and Navisworks re ...)
+ TODO: check
+CVE-2022-27870 (A maliciously crafted TGA file in Autodesk AutoCAD 2023 may be used to ...)
+ TODO: check
+CVE-2022-27869 (A maliciously crafted TIFF file in Autodesk AutoCAD 2023 can be forced ...)
+ TODO: check
+CVE-2022-27868 (A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be used to ...)
+ TODO: check
+CVE-2022-27867 (A maliciously crafted JT file in Autodesk AutoCAD 2022, 2021, 2020, 20 ...)
+ TODO: check
CVE-2022-27866
RESERVED
CVE-2022-27865
@@ -22270,8 +22322,8 @@ CVE-2022-26149 (MODX Revolution through 2.8.3-pl allows remote authenticated adm
NOT-FOR-US: MODX Revolution
CVE-2022-26148 (An issue was discovered in Grafana through 7.3.4, when integrated with ...)
- grafana <removed>
-CVE-2022-26147
- RESERVED
+CVE-2022-26147 (The Quectel RG502Q-EA modem before 2022-02-23 allow OS Command Injecti ...)
+ TODO: check
CVE-2022-26146 (Tricentis qTest before 10.4 allows stored XSS by an authenticated atta ...)
NOT-FOR-US: Tricentis qTest
CVE-2022-26145
@@ -23684,8 +23736,8 @@ CVE-2022-25587
RESERVED
CVE-2022-25586
RESERVED
-CVE-2022-25585
- RESERVED
+CVE-2022-25585 (Unioncms v1.0.13 was discovered to contain a stored cross-site scripti ...)
+ TODO: check
CVE-2022-25584 (Seyeon Tech Co., Ltd FlexWATCH FW3170-PS-E Network Video System 4.23-3 ...)
NOT-FOR-US: FlexWATCH FW3170-PS-E
CVE-2022-25583
@@ -31089,8 +31141,8 @@ CVE-2022-23344
RESERVED
CVE-2022-23343
RESERVED
-CVE-2022-23342
- RESERVED
+CVE-2022-23342 (The Hyland Onbase Application Server releases prior to 20.3.58.1000 an ...)
+ TODO: check
CVE-2022-23341
RESERVED
CVE-2022-23340 (Joplin 2.6.10 allows remote attackers to execute system commands throu ...)
@@ -32020,8 +32072,8 @@ CVE-2022-23173
RESERVED
CVE-2022-23172
RESERVED
-CVE-2022-23171
- RESERVED
+CVE-2022-23171 (AtlasVPN - Privilege Escalation Lack of proper security controls on na ...)
+ TODO: check
CVE-2022-23170
RESERVED
CVE-2022-23169 (attacker needs to craft a SQL payload. the vulnerable parameter is "ag ...)
@@ -32341,12 +32393,12 @@ CVE-2022-23076
RESERVED
CVE-2022-23075
RESERVED
-CVE-2022-23074
- RESERVED
-CVE-2022-23073
- RESERVED
-CVE-2022-23072
- RESERVED
+CVE-2022-23074 (In Recipes, versions 0.17.0 through 1.2.5 are vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2022-23073 (In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2022-23072 (In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cros ...)
+ TODO: check
CVE-2022-23071 (In Recipes, versions 0.9.1 through 1.2.5 are vulnerable to Server Side ...)
NOT-FOR-US: Recipes
CVE-2022-23070
@@ -32579,8 +32631,8 @@ CVE-2022-22981
RESERVED
CVE-2022-22980
RESERVED
-CVE-2022-22979
- RESERVED
+CVE-2022-22979 (In Spring Cloud Function versions prior to 3.2.6, it is possible for a ...)
+ TODO: check
CVE-2022-22978 (In Spring Security versions 5.5.6 and 5.6.3 and older unsupported vers ...)
- libspring-security-2.0-java <removed>
CVE-2022-22977 (VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML Ex ...)
@@ -51362,8 +51414,8 @@ CVE-2021-41926
RESERVED
CVE-2021-41925
RESERVED
-CVE-2021-41924
- RESERVED
+CVE-2021-41924 (Webkul krayin crm before 1.2.2 is vulnerable to Cross Site Scripting ( ...)
+ TODO: check
CVE-2021-41923
RESERVED
CVE-2021-41922
@@ -54980,10 +55032,10 @@ CVE-2021-40513
RESERVED
CVE-2021-40512
RESERVED
-CVE-2021-40511
- RESERVED
-CVE-2021-40510
- RESERVED
+CVE-2021-40511 (OBDA systems’ Mastro 1.0 is vulnerable to XML Entity Expansion ( ...)
+ TODO: check
+CVE-2021-40510 (XML eXternal Entity (XXE) in OBDA systems’ Mastro 1.0 allows rem ...)
+ TODO: check
CVE-2021-40509 (ViewCommon.java in JForum2 2.7.0 allows XSS via a user signature. ...)
NOT-FOR-US: JForum2
CVE-2021-3768 (bookstack is vulnerable to Improper Neutralization of Input During Web ...)
@@ -58733,8 +58785,8 @@ CVE-2021-39008
RESERVED
CVE-2021-39007
RESERVED
-CVE-2021-39006
- RESERVED
+CVE-2021-39006 (IBM QRadar WinCollect Agent 10.0 and 10.0.1 could allow an attacker to ...)
+ TODO: check
CVE-2021-39005
RESERVED
CVE-2021-39004
@@ -64426,8 +64478,8 @@ CVE-2021-36763 (In CODESYS V3 web server before 3.5.17.10, files or directories
NOT-FOR-US: CODESYS V3 web server
CVE-2021-36762 (An issue was discovered in HCC Embedded InterNiche NicheStack through ...)
NOT-FOR-US: HCC Embedded InterNiche NicheStack
-CVE-2021-36761
- RESERVED
+CVE-2021-36761 (The GeoAnalytics feature in Qlik Sense April 2020 patch 4 allows SSRF. ...)
+ TODO: check
CVE-2021-36760 (In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server ...)
NOT-FOR-US: WSO2
CVE-2021-36759
@@ -220736,7 +220788,7 @@ CVE-2019-9203 (Authorization bypass in Nagios IM (component of Nagios XI) before
NOT-FOR-US: Nagios XI
CVE-2019-9202 (Nagios IM (component of Nagios XI) before 2.2.7 allows authenticated u ...)
NOT-FOR-US: Nagios XI
-CVE-2019-9201 (Phoenix Contact ILC 131 ETH, ILC 131 ETH/XC, ILC 151 ETH, ILC 151 ETH/ ...)
+CVE-2019-9201 (Multiple Phoenix Contact devices allow remote attackers to establish T ...)
NOT-FOR-US: Phoenix Contact ILC
CVE-2019-9200 (A heap-based buffer underwrite exists in ImageStream::getLine() locate ...)
{DLA-2287-1 DLA-1706-1}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e980287e1f285be82fdd810add480e8152aadf5d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e980287e1f285be82fdd810add480e8152aadf5d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220621/002fce73/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list