[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jun 24 21:10:28 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
12729387 by security tracker role at 2022-06-24T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,59 @@
+CVE-2022-34485
+ RESERVED
+CVE-2022-34484
+ RESERVED
+CVE-2022-34483
+ RESERVED
+CVE-2022-34482
+ RESERVED
+CVE-2022-34481
+ RESERVED
+CVE-2022-34480
+ RESERVED
+CVE-2022-34479
+ RESERVED
+CVE-2022-34478
+ RESERVED
+CVE-2022-34477
+ RESERVED
+CVE-2022-34476
+ RESERVED
+CVE-2022-34475
+ RESERVED
+CVE-2022-34474
+ RESERVED
+CVE-2022-34473
+ RESERVED
+CVE-2022-34472
+ RESERVED
+CVE-2022-34471
+ RESERVED
+CVE-2022-34470
+ RESERVED
+CVE-2022-34469
+ RESERVED
+CVE-2022-34468
+ RESERVED
+CVE-2022-34467
+ RESERVED
+CVE-2022-34466
+ RESERVED
+CVE-2022-34465
+ RESERVED
+CVE-2022-34464
+ RESERVED
+CVE-2022-2198
+ RESERVED
+CVE-2022-2197
+ RESERVED
+CVE-2022-2196
+ RESERVED
+CVE-2022-2195
+ RESERVED
+CVE-2022-2194
+ RESERVED
+CVE-2019-25071
+ RESERVED
CVE-2022-34463
RESERVED
CVE-2022-34462
@@ -246,18 +302,18 @@ CVE-2022-2187
RESERVED
CVE-2022-2186
RESERVED
-CVE-2017-20097
- RESERVED
-CVE-2017-20096
- RESERVED
-CVE-2017-20095
- RESERVED
-CVE-2017-20094
- RESERVED
-CVE-2017-20093
- RESERVED
-CVE-2017-20092
- RESERVED
+CVE-2017-20097 (A vulnerability was found in WP-Filebase Download Manager Plugin 3.4.4 ...)
+ TODO: check
+CVE-2017-20096 (A vulnerability classified as problematic has been found in WP-SpamFre ...)
+ TODO: check
+CVE-2017-20095 (A vulnerability classified as critical was found in Simple Ads Manager ...)
+ TODO: check
+CVE-2017-20094 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2017-20093 (A vulnerability, which was classified as problematic, was found in Dow ...)
+ TODO: check
+CVE-2017-20092 (A vulnerability classified as problematic was found in Google Analytic ...)
+ TODO: check
CVE-2022-34343
RESERVED
CVE-2022-34342
@@ -1299,8 +1355,8 @@ CVE-2022-33955
RESERVED
CVE-2022-33954
RESERVED
-CVE-2022-33953
- RESERVED
+CVE-2022-33953 (IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user wi ...)
+ TODO: check
CVE-2022-33952
RESERVED
CVE-2022-33951
@@ -1371,12 +1427,12 @@ CVE-2022-2123
RESERVED
CVE-2022-2122
RESERVED
-CVE-2022-2121
- RESERVED
-CVE-2022-2120
- RESERVED
-CVE-2022-2119
- RESERVED
+CVE-2022-2121 (OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer derefer ...)
+ TODO: check
+CVE-2022-2120 (OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) i ...)
+ TODO: check
+CVE-2022-2119 (OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SC ...)
+ TODO: check
CVE-2022-2118
RESERVED
CVE-2014-125025 (A vulnerability classified as problematic has been found in FFmpeg 2.0 ...)
@@ -1523,8 +1579,8 @@ CVE-2022-33912 (A permission issue affects users that deployed the shipped versi
NOT-FOR-US: Check MK as packaged by upstream
CVE-2022-33911
RESERVED
-CVE-2022-33910
- RESERVED
+CVE-2022-33910 (An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers ...)
+ TODO: check
CVE-2022-33909
RESERVED
CVE-2022-33908
@@ -1599,14 +1655,14 @@ CVE-2022-2107
RESERVED
CVE-2022-2106
RESERVED
-CVE-2022-2105
- RESERVED
-CVE-2022-2104
- RESERVED
-CVE-2022-2103
- RESERVED
-CVE-2022-2102
- RESERVED
+CVE-2022-2105 (Client-side JavaScript controls may be bypassed to change user credent ...)
+ TODO: check
+CVE-2022-2104 (The www-data (Apache web server) account is configured to run sudo wit ...)
+ TODO: check
+CVE-2022-2103 (An attacker with weak credentials could access the TCP port via an ope ...)
+ TODO: check
+CVE-2022-2102 (Controls limiting uploads to certain file extensions may be bypassed. ...)
+ TODO: check
CVE-2022-2101
RESERVED
CVE-2022-33880
@@ -3454,8 +3510,8 @@ CVE-2022-32992 (Online Tours And Travels Management System v1.0 was discovered t
NOT-FOR-US: Online Tours And Travels Management System
CVE-2022-32991 (Web Based Quiz System v1.0 was discovered to contain a SQL injection v ...)
NOT-FOR-US: Web Based Quiz System
-CVE-2022-32990
- RESERVED
+CVE-2022-32990 (An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allow ...)
+ TODO: check
CVE-2022-32989
RESERVED
CVE-2022-32988
@@ -4600,8 +4656,8 @@ CVE-2022-2015 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/d
NOT-FOR-US: jgraph/drawio
CVE-2022-2014 (Code Injection in GitHub repository jgraph/drawio prior to 19.0.2. ...)
NOT-FOR-US: jgraph/drawio
-CVE-2022-32530
- RESERVED
+CVE-2022-32530 (A CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists th ...)
+ TODO: check
CVE-2022-32529
RESERVED
CVE-2022-32528
@@ -5489,8 +5545,8 @@ CVE-2022-32211
RESERVED
CVE-2022-32210
RESERVED
-CVE-2022-32209
- RESERVED
+CVE-2022-32209 (# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possi ...)
+ TODO: check
CVE-2022-32208
RESERVED
CVE-2022-32207
@@ -5558,8 +5614,8 @@ CVE-2022-1967
RESERVED
CVE-2022-1966
REJECTED
-CVE-2022-1965
- RESERVED
+CVE-2022-1965 (Multiple products of CODESYS implement a improper error handling. A lo ...)
+ TODO: check
CVE-2022-1964
RESERVED
CVE-2022-32202 (In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::Fe ...)
@@ -5696,22 +5752,22 @@ CVE-2022-32145 (A vulnerability has been identified in Teamcenter Active Workspa
NOT-FOR-US: Siemens
CVE-2022-32144
RESERVED
-CVE-2022-32143
- RESERVED
-CVE-2022-32142
- RESERVED
-CVE-2022-32141
- RESERVED
-CVE-2022-32140
- RESERVED
-CVE-2022-32139
- RESERVED
-CVE-2022-32138
- RESERVED
-CVE-2022-32137
- RESERVED
-CVE-2022-32136
- RESERVED
+CVE-2022-32143 (In multiple CODESYS products, file download and upload function allows ...)
+ TODO: check
+CVE-2022-32142 (Multiple CODESYS Products are prone to a out-of bounds read or write a ...)
+ TODO: check
+CVE-2022-32141 (Multiple CODESYS Products are prone to a buffer over read. A low privi ...)
+ TODO: check
+CVE-2022-32140 (Multiple CODESYS products are affected to a buffer overflow.A low priv ...)
+ TODO: check
+CVE-2022-32139 (In multiple CODESYS products, a low privileged remote attacker may cra ...)
+ TODO: check
+CVE-2022-32138 (In multiple CODESYS products, a remote attacker may craft a request wh ...)
+ TODO: check
+CVE-2022-32137 (In multiple CODESYS products, a low privileged remote attacker may cra ...)
+ TODO: check
+CVE-2022-32136 (In multiple CODESYS products, a low privileged remote attacker may cra ...)
+ TODO: check
CVE-2022-30997
RESERVED
CVE-2022-29519
@@ -6417,16 +6473,16 @@ CVE-2022-31808
RESERVED
CVE-2022-31807
RESERVED
-CVE-2022-31806
- RESERVED
-CVE-2022-31805
- RESERVED
-CVE-2022-31804
- RESERVED
-CVE-2022-31803
- RESERVED
-CVE-2022-31802
- RESERVED
+CVE-2022-31806 (In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2. ...)
+ TODO: check
+CVE-2022-31805 (In the CODESYS Development System multiple components in multiple vers ...)
+ TODO: check
+CVE-2022-31804 (The CODESYS Gateway Server V2 does not verifiy that the size of a requ ...)
+ TODO: check
+CVE-2022-31803 (In CODESYS Gateway Server V2 an insufficient check for the activity of ...)
+ TODO: check
+CVE-2022-31802 (In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a pa ...)
+ TODO: check
CVE-2022-31801 (An unauthenticated, remote attacker could upload malicious logic to th ...)
NOT-FOR-US: ProConOS/ProConOS eCLR SDK and MULTIPROG Engineering tool
CVE-2022-31800 (An unauthenticated, remote attacker could upload malicious logic to de ...)
@@ -6596,8 +6652,8 @@ CVE-2022-31769 (IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 could
NOT-FOR-US: IBM
CVE-2022-31768 (IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. ...)
NOT-FOR-US: IBM
-CVE-2022-31767
- RESERVED
+CVE-2022-31767 (IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker t ...)
+ TODO: check
CVE-2022-31766
RESERVED
CVE-2022-31765
@@ -8010,7 +8066,8 @@ CVE-2022-31291 (An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allow
NOTE: https://github.com/COVESA/dlt-daemon/commit/6a3bd901d825c7206797e36ea98e10a218f5aad2
CVE-2022-31290
RESERVED
-CVE-2022-31289 (** DISPUTED ** https://ossindex.sonatype.org/ Sonatype Nexus Repositor ...)
+CVE-2022-31289
+ REJECTED
NOT-FOR-US: Sonatype Nexus Repository Manager OSS
CVE-2022-31288
RESERVED
@@ -8992,24 +9049,24 @@ CVE-2022-1749 (The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site
NOT-FOR-US: WordPress plugin
CVE-2022-1748
RESERVED
-CVE-2022-1747
- RESERVED
-CVE-2022-1746
- RESERVED
-CVE-2022-1745
- RESERVED
-CVE-2022-1744
- RESERVED
-CVE-2022-1743
- RESERVED
-CVE-2022-1742
- RESERVED
-CVE-2022-1741
- RESERVED
-CVE-2022-1740
- RESERVED
-CVE-2022-1739
- RESERVED
+CVE-2022-1747 (The authentication mechanism used by voters to activate a voting sessi ...)
+ TODO: check
+CVE-2022-1746 (The authentication mechanism used by poll workers to administer voting ...)
+ TODO: check
+CVE-2022-1745 (The authentication mechanism used by technicians on the tested version ...)
+ TODO: check
+CVE-2022-1744 (Applications on the tested version of Dominion Voting Systems ImageCas ...)
+ TODO: check
+CVE-2022-1743 (The tested version of Dominion Voting System ImageCast X can be manipu ...)
+ TODO: check
+CVE-2022-1742 (The tested version of Dominion Voting Systems ImageCast X allows for r ...)
+ TODO: check
+CVE-2022-1741 (The tested version of Dominion Voting Systems ImageCast X has a Termin ...)
+ TODO: check
+CVE-2022-1740 (The tested version of Dominion Voting Systems ImageCast X’s on-s ...)
+ TODO: check
+CVE-2022-1739 (The tested version of Dominion Voting Systems ImageCast X does not val ...)
+ TODO: check
CVE-2022-1738
RESERVED
CVE-2022-1737
@@ -10184,12 +10241,12 @@ CVE-2022-1670 (When generating a user invitation code in Octopus Server, the val
NOT-FOR-US: Octopus Server
CVE-2022-1669 (A buffer overflow vulnerability has been detected in the firewall func ...)
NOT-FOR-US: Circutor
-CVE-2022-1668
- RESERVED
-CVE-2022-1667
- RESERVED
-CVE-2022-1666
- RESERVED
+CVE-2022-1668 (Weak default root user credentials allow remote attackers to easily ob ...)
+ TODO: check
+CVE-2022-1667 (Client-side JavaScript controls may be bypassed by directly running a ...)
+ TODO: check
+CVE-2022-1666 (The default password for the web application’s root user (the ve ...)
+ TODO: check
CVE-2022-1665 (A set of pre-production kernel packages of Red Hat Enterprise Linux fo ...)
NOT-FOR-US: pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture
CVE-2022-1664 (Dpkg::Source::Archive in dpkg, the Debian package management system, b ...)
@@ -11444,14 +11501,14 @@ CVE-2022-30122 [Denial of Service Vulnerability in Rack Multipart Parsing]
NOTE: https://github.com/advisories/GHSA-hxqx-xwvh-44m2
CVE-2022-30121
RESERVED
-CVE-2022-30120
- RESERVED
-CVE-2022-30119
- RESERVED
-CVE-2022-30118
- RESERVED
-CVE-2022-30117
- RESERVED
+CVE-2022-30120 (XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. Whe ...)
+ TODO: check
+CVE-2022-30119 (XSS in /dashboard/reports/logs/view - old browsers only. When using In ...)
+ TODO: check
+CVE-2022-30118 (Title for CVE: XSS in /dashboard/system/express/entities/forms/save_co ...)
+ TODO: check
+CVE-2022-30117 (Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow t ...)
+ TODO: check
CVE-2022-30116
RESERVED
CVE-2022-30115 (Using its HSTS support, curl can be instructed to use HTTPS directly i ...)
@@ -11653,8 +11710,8 @@ CVE-2022-30030
RESERVED
CVE-2022-30029
RESERVED
-CVE-2022-30028
- RESERVED
+CVE-2022-30028 (Dradis Professional Edition before 4.3.0 allows attackers to change an ...)
+ TODO: check
CVE-2022-30027
RESERVED
CVE-2022-30026
@@ -11882,7 +11939,7 @@ CVE-2022-29932 (The HTTP Server in PRIMEUR SPAZIO 2.5.1.954 (File Transfer) allo
NOT-FOR-US: PRIMEUR
CVE-2022-29931
RESERVED
-CVE-2022-29930 (SHA1 implementation in JetBrains Ktor Native before 2.0.1 was returnin ...)
+CVE-2022-29930 (SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the s ...)
NOT-FOR-US: JetBrains Ktor
CVE-2022-29929 (In JetBrains TeamCity before 2022.04 potential XSS via Referrer header ...)
NOT-FOR-US: JetBrains TeamCity
@@ -12110,25 +12167,25 @@ CVE-2022-26051
RESERVED
CVE-2022-1525
RESERVED
-CVE-2022-1524
- RESERVED
+CVE-2022-1524 (LRM version 2.4 and lower does not implement TLS encryption. A malicio ...)
+ TODO: check
CVE-2022-1523
RESERVED
CVE-2022-1522
RESERVED
-CVE-2022-1521
- RESERVED
+CVE-2022-1521 (LRM does not implement authentication or authorization by default. A m ...)
+ TODO: check
CVE-2022-1520
RESERVED
{DSA-5141-1 DLA-3020-1}
- thunderbird 1:91.9.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-1520
-CVE-2022-1519
- RESERVED
-CVE-2022-1518
- RESERVED
-CVE-2022-1517
- RESERVED
+CVE-2022-1519 (LRM does not restrict the types of files that can be uploaded to the a ...)
+ TODO: check
+CVE-2022-1518 (LRM contains a directory traversal vulnerability that can allow a mali ...)
+ TODO: check
+CVE-2022-1517 (LRM utilizes elevated privileges. An unauthenticated malicious actor c ...)
+ TODO: check
CVE-2022-1516 (A NULL pointer dereference flaw was found in the Linux kernel’s ...)
{DSA-5127-1}
- linux 5.17.3-1 (unimportant)
@@ -13091,8 +13148,8 @@ CVE-2022-29582 (In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/04/22/4
NOTE: https://git.kernel.org/linus/e677edbcabee849bfdd43f1602bccbecf736a646
-CVE-2022-29578
- RESERVED
+CVE-2022-29578 (Meridian Cooperative Utility Software versions 22.02 and 22.03 allows ...)
+ TODO: check
CVE-2022-29577 (OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE ...)
- libowasp-antisamy-java <not-affected> (Incomplete fix for CVE-2022-28367 not applied)
NOTE: https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0 (v1.6.7)
@@ -13771,8 +13828,8 @@ CVE-2022-29332 (D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. A
NOT-FOR-US: D-LINK
CVE-2022-29331
RESERVED
-CVE-2022-29330
- RESERVED
+CVE-2022-29330 (Missing access control in the backup system of Telesoft VitalPBX befor ...)
+ TODO: check
CVE-2022-29329 (D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a heap ...)
NOT-FOR-US: D-Link
CVE-2022-29328 (D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a stack ...)
@@ -14443,10 +14500,10 @@ CVE-2022-29099
RESERVED
CVE-2022-29098 (Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak ...)
NOT-FOR-US: Dell
-CVE-2022-29097
- RESERVED
-CVE-2022-29096
- RESERVED
+CVE-2022-29097 (Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in De ...)
+ TODO: check
+CVE-2022-29096 (Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross- ...)
+ TODO: check
CVE-2022-29095 (Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Del ...)
NOT-FOR-US: Dell SupportAssist
CVE-2022-29094 (Dell SupportAssist Client Consumer versions (3.10.4 and versions prior ...)
@@ -15816,10 +15873,10 @@ CVE-2022-28622
RESERVED
CVE-2022-28621
RESERVED
-CVE-2022-28620
- RESERVED
-CVE-2022-28619
- RESERVED
+CVE-2022-28620 (A remote authentication bypass vulnerability was discovered in HPE Cra ...)
+ TODO: check
+CVE-2022-28619 (A potential security vulnerability has been identified in the installe ...)
+ TODO: check
CVE-2022-28618 (A command injection security vulnerability has been identified in HPE ...)
NOT-FOR-US: HPE
CVE-2022-28617 (A remote bypass security restrictions vulnerability was discovered in ...)
@@ -19823,8 +19880,8 @@ CVE-2022-27239 (In cifs-utils through 6.14, a stack-based buffer overflow when p
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1197216
NOTE: https://github.com/piastry/cifs-utils/pull/7
NOTE: https://git.samba.org/cifs-utils.git/?p=cifs-utils.git;a=commit;h=007c07fd91b6d42f8bd45187cf78ebb06801139d (cifs-utils-6.15)
-CVE-2022-27238
- RESERVED
+CVE-2022-27238 (BigBlueButton version 2.4.7 (or earlier) is vulnerable to stored Cross ...)
+ TODO: check
CVE-2022-27237 (There is a cross-site scripting (XSS) vulnerability in an NI Web Serve ...)
NOT-FOR-US: NI
CVE-2022-27236
@@ -32852,8 +32909,8 @@ CVE-2022-23172
RESERVED
CVE-2022-23171 (AtlasVPN - Privilege Escalation Lack of proper security controls on na ...)
NOT-FOR-US: AtlasVPN
-CVE-2022-23170
- RESERVED
+CVE-2022-23170 (SysAid - Okta SSO integration - was found vulnerable to XML External E ...)
+ TODO: check
CVE-2022-23169 (attacker needs to craft a SQL payload. the vulnerable parameter is "ag ...)
NOT-FOR-US: Amodat
CVE-2022-23168 (The attacker could get access to the database. The SQL injection is in ...)
@@ -35363,8 +35420,8 @@ CVE-2022-22504
RESERVED
CVE-2022-22503
RESERVED
-CVE-2022-22502
- RESERVED
+CVE-2022-22502 (IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cros ...)
+ TODO: check
CVE-2022-22501
RESERVED
CVE-2022-22500
@@ -35587,10 +35644,10 @@ CVE-2022-22392 (IBM Planning Analytics Local 2.0 could allow an attacker to uplo
NOT-FOR-US: IBM
CVE-2022-22391 (IBM Aspera High-Speed Transfer 4.3.1 and earlier could allow an authen ...)
NOT-FOR-US: IBM
-CVE-2022-22390
- RESERVED
-CVE-2022-22389
- RESERVED
+CVE-2022-22390 (IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 ma ...)
+ TODO: check
+CVE-2022-22389 (IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is ...)
+ TODO: check
CVE-2022-22388
RESERVED
CVE-2022-22387
@@ -40547,8 +40604,8 @@ CVE-2022-21831 (A code injection vulnerability exists in the Active Storage >
NOTE: https://github.com/rails/rails/commit/94e2f00d2abedbea1ef62fc775d031ffda00662c (v5.2.6.3)
CVE-2022-21830 (A blind self XSS vulnerability exists in RocketChat LiveChat <v1.9 ...)
NOT-FOR-US: Rocket.Chat.Livechat
-CVE-2022-21829
- RESERVED
+CVE-2022-21829 (Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can down ...)
+ TODO: check
CVE-2022-21828 (A user with high privilege access to the Incapptic Connect web console ...)
NOT-FOR-US: Ivanti
CVE-2022-21827 (An improper privilege vulnerability has been discovered in Citrix Gate ...)
@@ -47115,10 +47172,10 @@ CVE-2022-20831
RESERVED
CVE-2022-20830
RESERVED
-CVE-2022-20829
- RESERVED
-CVE-2022-20828
- RESERVED
+CVE-2022-20829 (A vulnerability in the packaging of Cisco Adaptive Security Device Man ...)
+ TODO: check
+CVE-2022-20828 (A vulnerability in the CLI parser of Cisco FirePOWER Software for Adap ...)
+ TODO: check
CVE-2022-20827
RESERVED
CVE-2022-20826
@@ -51839,8 +51896,8 @@ CVE-2021-42058
RESERVED
CVE-2021-42057 (Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. The ev ...)
NOT-FOR-US: Obsidian Dataview
-CVE-2021-42056
- RESERVED
+CVE-2021-42056 (Thales Safenet Authentication Client (SAC) for Linux and Windows throu ...)
+ TODO: check
CVE-2021-42055 (ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203 has Insec ...)
NOT-FOR-US: ASUSTek ZenBook Pro Due 15 UX582 laptop firmware
CVE-2021-42054 (ACCEL-PPP 1.12.0 has an out-of-bounds read in triton_context_schedule ...)
@@ -52931,18 +52988,18 @@ CVE-2021-41641 (Deno <=1.14.0 file sandbox does not handle symbolic links cor
NOT-FOR-US: Deno
CVE-2021-41640
RESERVED
-CVE-2021-41639
- RESERVED
-CVE-2021-41638
- RESERVED
-CVE-2021-41637
- RESERVED
-CVE-2021-41636
- RESERVED
-CVE-2021-41635
- RESERVED
-CVE-2021-41634
- RESERVED
+CVE-2021-41639 (MELAG FTP Server 2.2.0.4 stores unencrpyted passwords of FTP users in ...)
+ TODO: check
+CVE-2021-41638 (The authentication checks of the MELAG FTP Server in version 2.2.0.4 a ...)
+ TODO: check
+CVE-2021-41637 (Weak access control permissions in MELAG FTP Server 2.2.0.4 allow the ...)
+ TODO: check
+CVE-2021-41636 (MELAG FTP Server 2.2.0.4 allows an attacker to use the CWD command to ...)
+ TODO: check
+CVE-2021-41635 (When installed as Windows service MELAG FTP Server 2.2.0.4 is run as S ...)
+ TODO: check
+CVE-2021-41634 (A user enumeration vulnerability in MELAG FTP Server 2.2.0.4 allows an ...)
+ TODO: check
CVE-2021-41633
RESERVED
CVE-2021-41632
@@ -54786,10 +54843,10 @@ CVE-2021-40895
RESERVED
CVE-2021-40894
RESERVED
-CVE-2021-40893
- RESERVED
-CVE-2021-40892
- RESERVED
+CVE-2021-40893 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...)
+ TODO: check
+CVE-2021-40892 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...)
+ TODO: check
CVE-2021-40891
RESERVED
CVE-2021-40890
@@ -58460,10 +58517,10 @@ CVE-2021-39411 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHP
NOT-FOR-US: PHPGurukul Hospital Management System
CVE-2021-39410
RESERVED
-CVE-2021-39409
- RESERVED
-CVE-2021-39408
- RESERVED
+CVE-2021-39409 (A vulnerability exists in Online Student Rate System v1.0 that allows ...)
+ TODO: check
+CVE-2021-39408 (Cross Site Scripting (XSS) vulnerability exists in Online Student Rate ...)
+ TODO: check
CVE-2021-39407
RESERVED
CVE-2021-39406
@@ -59484,8 +59541,8 @@ CVE-2021-39049 (IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable
NOT-FOR-US: IBM
CVE-2021-39048 (IBM Spectrum Protect Client 7.1 and 8.1 is vulnerable to a stack based ...)
NOT-FOR-US: IBM
-CVE-2021-39047
- RESERVED
+CVE-2021-39047 (IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, an ...)
+ TODO: check
CVE-2021-39046 (IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Bu ...)
NOT-FOR-US: IBM
CVE-2021-39045
@@ -59688,8 +59745,8 @@ CVE-2021-38947 (IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker
NOT-FOR-US: IBM
CVE-2021-38946 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross ...)
NOT-FOR-US: IBM
-CVE-2021-38945
- RESERVED
+CVE-2021-38945 (IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote a ...)
+ TODO: check
CVE-2021-38944 (IBM DataPower Gateway 10.0.2.0 through 1.0.3.0, 10.0.1.0 through 10.0. ...)
NOT-FOR-US: IBM
CVE-2021-38943
@@ -59820,8 +59877,8 @@ CVE-2021-38881
RESERVED
CVE-2021-38880
RESERVED
-CVE-2021-38879
- RESERVED
+CVE-2021-38879 (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow ...)
+ TODO: check
CVE-2021-38878 (IBM QRadar 7.3, 7.4, and 7.5 could allow a malicious actor to imperson ...)
NOT-FOR-US: IBM
CVE-2021-38877 (IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross ...)
@@ -59836,8 +59893,8 @@ CVE-2021-38873 (IBM Planning Analytics 2.0 is potentially vulnerable to CSV Inje
NOT-FOR-US: IBM
CVE-2021-38872 (IBM DataPower Gateway 10.0.2.0, 10.0.3.0, 10.0.1.0 through 10.0.1.4, a ...)
NOT-FOR-US: IBM
-CVE-2021-38871
- RESERVED
+CVE-2021-38871 (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerab ...)
+ TODO: check
CVE-2021-38870 (IBM Aspera Cloud is vulnerable to stored cross-site scripting. This vu ...)
NOT-FOR-US: IBM
CVE-2021-38869 (IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatic ...)
@@ -70411,7 +70468,7 @@ CVE-2021-34606 (A vulnerability exists in XINJE XD/E Series PLC Program Tool in
CVE-2021-34605 (A zip slip vulnerability in XINJE XD/E Series PLC Program Tool up to v ...)
NOT-FOR-US: XINJE PLC Program Tool
CVE-2021-34604
- RESERVED
+ REJECTED
CVE-2021-34603
RESERVED
CVE-2021-34602 (In Bender/ebee Charge Controllers in multiple versions are prone to Co ...)
@@ -80474,8 +80531,8 @@ CVE-2021-30653 (This issue was addressed with improved checks. This issue is fix
NOT-FOR-US: Apple
CVE-2021-30652 (A race condition was addressed with additional validation. This issue ...)
NOT-FOR-US: Apple
-CVE-2021-30651
- RESERVED
+CVE-2021-30651 (A malicious authenticated SMG administrator user can obtain passwords ...)
+ TODO: check
CVE-2021-30650 (A reflected cross-site scripting (XSS) vulnerability in the Symantec L ...)
NOT-FOR-US: Symantec
CVE-2021-30649
@@ -82938,8 +82995,8 @@ CVE-2021-29867 (IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authentica
NOT-FOR-US: IBM
CVE-2021-29866
RESERVED
-CVE-2021-29865
- RESERVED
+CVE-2021-29865 (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow ...)
+ TODO: check
CVE-2021-29864
RESERVED
CVE-2021-29863 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forge ...)
@@ -83132,8 +83189,8 @@ CVE-2021-29770 (IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1,
NOT-FOR-US: IBM
CVE-2021-29769 (IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4. ...)
NOT-FOR-US: IBM
-CVE-2021-29768
- RESERVED
+CVE-2021-29768 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low leve ...)
+ TODO: check
CVE-2021-29767 (IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 could allow ...)
NOT-FOR-US: IBM
CVE-2021-29766 (IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4. ...)
@@ -107212,8 +107269,8 @@ CVE-2021-20553
RESERVED
CVE-2021-20552 (IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote ...)
NOT-FOR-US: IBM
-CVE-2021-20551
- RESERVED
+CVE-2021-20551 (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web ...)
+ TODO: check
CVE-2021-20550 (IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. Th ...)
NOT-FOR-US: IBM
CVE-2021-20549 (IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. Th ...)
@@ -107226,10 +107283,10 @@ CVE-2021-20546 (IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 is vulnerab
NOT-FOR-US: IBM
CVE-2021-20545
RESERVED
-CVE-2021-20544
- RESERVED
-CVE-2021-20543
- RESERVED
+CVE-2021-20544 (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerab ...)
+ TODO: check
+CVE-2021-20543 (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerab ...)
+ TODO: check
CVE-2021-20542
RESERVED
CVE-2021-20541 (IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, ...)
@@ -107472,8 +107529,8 @@ CVE-2021-20423 (IBM Cloud Pak for Applications 4.3 could allow an authenticated
NOT-FOR-US: IBM
CVE-2021-20422 (IBM Cloud Pak for Applications 4.3 could disclose sensitive informatio ...)
NOT-FOR-US: IBM
-CVE-2021-20421
- RESERVED
+CVE-2021-20421 (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerab ...)
+ TODO: check
CVE-2021-20420 (IBM Security Guardium 11.2 could disclose sensitive information due to ...)
NOT-FOR-US: IBM
CVE-2021-20419 (IBM Security Guardium 11.2 uses weaker than expected cryptographic alg ...)
@@ -107604,8 +107661,8 @@ CVE-2021-20357 (IBM Jazz Foundation products is vulnerable to cross-site scripti
NOT-FOR-US: IBM
CVE-2021-20356
RESERVED
-CVE-2021-20355
- RESERVED
+CVE-2021-20355 (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow ...)
+ TODO: check
CVE-2021-20354 (IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remot ...)
NOT-FOR-US: IBM
CVE-2021-20353 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
@@ -135486,8 +135543,8 @@ CVE-2020-21048 (An issue in the dither.c component of libsixel prior to v1.8.4 a
NOTE: https://github.com/saitoha/libsixel/commit/26ac06f3623279348f0dce2d191a9b6ca0c80226 (v1.8.4)
CVE-2020-21047
RESERVED
-CVE-2020-21046
- RESERVED
+CVE-2020-21046 (A local privilege escalation vulnerability was identified within the " ...)
+ TODO: check
CVE-2020-21045
RESERVED
CVE-2020-21044
@@ -447941,8 +447998,7 @@ CVE-2013-1917 (Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, doe
{DSA-2662-1}
- xen 4.1.4-3
NOTE: http://lists.xen.org/archives/html/xen-announce/2013-04/msg00005.html
-CVE-2013-1916
- RESERVED
+CVE-2013-1916 (In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is ...)
NOT-FOR-US: WordPress plugin
CVE-2013-1915 (ModSecurity before 2.7.3 allows remote attackers to read arbitrary fil ...)
{DSA-2659-1}
@@ -448022,8 +448078,8 @@ CVE-2013-1892 (MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly val
[wheezy] - mongodb 1:2.0.6-1.1
[squeeze] - mongodb <no-dsa> (Minor isue, Spidermonkey in Lenny is EOLed)
NOTE: https://www.openwall.com/lists/oss-security/2013/03/25/7
-CVE-2013-1891
- RESERVED
+CVE-2013-1891 (In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filem ...)
+ TODO: check
CVE-2013-1890 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server ...)
- owncloud <not-affected> (only affecting 5.0 branch)
CVE-2013-1889 (mod_ruid2 before 0.9.8 improperly handles file descriptors which allow ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12729387497e0a9eb353f6b65eec2f718d4b047d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12729387497e0a9eb353f6b65eec2f718d4b047d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220624/6079d10b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list