[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 4 21:10:27 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
20cdd540 by security tracker role at 2022-05-04T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,141 @@
+CVE-2022-30259
+ RESERVED
+CVE-2022-30258
+ RESERVED
+CVE-2022-30257
+ RESERVED
+CVE-2022-30256
+ RESERVED
+CVE-2022-30255
+ RESERVED
+CVE-2022-30254
+ RESERVED
+CVE-2022-30253
+ RESERVED
+CVE-2022-30252
+ RESERVED
+CVE-2022-30251
+ RESERVED
+CVE-2022-30250
+ RESERVED
+CVE-2022-30249
+ RESERVED
+CVE-2022-30248
+ RESERVED
+CVE-2022-30247
+ RESERVED
+CVE-2022-30246
+ RESERVED
+CVE-2022-30245
+ RESERVED
+CVE-2022-30244
+ RESERVED
+CVE-2022-30243
+ RESERVED
+CVE-2022-30242
+ RESERVED
+CVE-2022-30241 (The jquery.json-viewer library through 1.4.0 for Node.js does not prop ...)
+ TODO: check
+CVE-2022-30240
+ RESERVED
+CVE-2022-30239
+ RESERVED
+CVE-2022-30238
+ RESERVED
+CVE-2022-30237
+ RESERVED
+CVE-2022-30236
+ RESERVED
+CVE-2022-30235
+ RESERVED
+CVE-2022-30234
+ RESERVED
+CVE-2022-30233
+ RESERVED
+CVE-2022-30232
+ RESERVED
+CVE-2022-30231
+ RESERVED
+CVE-2022-30230
+ RESERVED
+CVE-2022-30229
+ RESERVED
+CVE-2022-30228
+ RESERVED
+CVE-2022-1584 (Reflected XSS in GitHub repository microweber/microweber prior to 1.2. ...)
+ TODO: check
+CVE-2022-1583
+ RESERVED
+CVE-2022-1582
+ RESERVED
+CVE-2022-1581
+ RESERVED
+CVE-2022-1580
+ RESERVED
+CVE-2022-1579
+ RESERVED
+CVE-2022-1578
+ RESERVED
+CVE-2022-1577
+ RESERVED
+CVE-2022-1576
+ RESERVED
+CVE-2022-1575
+ RESERVED
+CVE-2022-1574
+ RESERVED
+CVE-2022-1573
+ RESERVED
+CVE-2022-1572
+ RESERVED
+CVE-2022-1571 (Cross-site scripting - Reflected in Create Subaccount in GitHub reposi ...)
+ TODO: check
+CVE-2022-1570
+ RESERVED
+CVE-2022-1569
+ RESERVED
+CVE-2022-1568
+ RESERVED
+CVE-2021-46810
+ RESERVED
+CVE-2021-46809
+ RESERVED
+CVE-2021-46808
+ RESERVED
+CVE-2021-46807
+ RESERVED
+CVE-2021-46806
+ RESERVED
+CVE-2021-46805
+ RESERVED
+CVE-2021-46804
+ RESERVED
+CVE-2021-46803
+ RESERVED
+CVE-2021-46802
+ RESERVED
+CVE-2021-46801
+ RESERVED
+CVE-2021-46800
+ RESERVED
+CVE-2021-46799
+ RESERVED
+CVE-2021-46798
+ RESERVED
+CVE-2021-46797
+ RESERVED
+CVE-2021-46796
+ RESERVED
+CVE-2021-46795
+ RESERVED
+CVE-2021-46794
+ RESERVED
+CVE-2021-46793
+ RESERVED
+CVE-2021-46792
+ RESERVED
+CVE-2021-46791
+ RESERVED
CVE-2022-30227
RESERVED
CVE-2022-30226
@@ -224,8 +362,8 @@ CVE-2022-1557
RESERVED
CVE-2022-1556
RESERVED
-CVE-2022-1555
- RESERVED
+CVE-2022-1555 (DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/micro ...)
+ TODO: check
CVE-2022-1554 (Path Traversal due to `send_file` call in GitHub repository clinical-g ...)
TODO: check
CVE-2022-30126
@@ -613,8 +751,8 @@ CVE-2022-29952
RESERVED
CVE-2022-29951
RESERVED
-CVE-2022-29950
- RESERVED
+CVE-2022-29950 (Experian Hunter 1.16 allows remote authenticated users to modify assum ...)
+ TODO: check
CVE-2022-29949
RESERVED
CVE-2022-29948
@@ -627,10 +765,10 @@ CVE-2022-29945 (DJI drone devices sold in 2017 through 2022 broadcast unencrypte
NOT-FOR-US: DJI drone devices
CVE-2022-29944
RESERVED
-CVE-2022-29943
- RESERVED
-CVE-2022-29942
- RESERVED
+CVE-2022-29943 (Talend Administration Center has a vulnerability that allows an authen ...)
+ TODO: check
+CVE-2022-29942 (Talend Administration Center has a vulnerability that allows an authen ...)
+ TODO: check
CVE-2022-29941
RESERVED
CVE-2022-29940
@@ -669,12 +807,14 @@ CVE-2022-29918
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29918
CVE-2022-29917
RESERVED
+ {DSA-5129-1}
- firefox 100.0-1
- firefox-esr 91.9.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29917
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-17/#CVE-2022-29917
CVE-2022-29916
RESERVED
+ {DSA-5129-1}
- firefox 100.0-1
- firefox-esr 91.9.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29916
@@ -685,6 +825,7 @@ CVE-2022-29915
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29915
CVE-2022-29914
RESERVED
+ {DSA-5129-1}
- firefox 100.0-1
- firefox-esr 91.9.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29914
@@ -693,12 +834,14 @@ CVE-2022-29913
RESERVED
CVE-2022-29912
RESERVED
+ {DSA-5129-1}
- firefox 100.0-1
- firefox-esr 91.9.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29912
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-17/#CVE-2022-29912
CVE-2022-29911
RESERVED
+ {DSA-5129-1}
- firefox 100.0-1
- firefox-esr 91.9.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29911
@@ -709,6 +852,7 @@ CVE-2022-29910
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29910
CVE-2022-29909
RESERVED
+ {DSA-5129-1}
- firefox 100.0-1
- firefox-esr 91.9.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29909
@@ -2392,8 +2536,8 @@ CVE-2022-29349
RESERVED
CVE-2022-29348
RESERVED
-CVE-2022-29347
- RESERVED
+CVE-2022-29347 (An arbitrary file upload vulnerability in Web at rchiv 1.0 allows attacke ...)
+ TODO: check
CVE-2022-29346
RESERVED
CVE-2022-29345
@@ -2917,8 +3061,8 @@ CVE-2022-29156 (drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel befor
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixedy by: https://git.kernel.org/linus/8700af2cc18c919b2a83e74e0479038fd113c15d (5.17-rc6)
-CVE-2022-29155
- RESERVED
+CVE-2022-29155 (In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection ...)
+ TODO: check
CVE-2022-29154
RESERVED
CVE-2022-29153 (HashiCorp Consul and Consul Enterprise through 2022-04-12 allow SSRF. ...)
@@ -3497,8 +3641,8 @@ CVE-2022-28942
RESERVED
CVE-2022-28941
RESERVED
-CVE-2022-28940
- RESERVED
+CVE-2022-28940 (In H3C MagicR100 <=V100R005, the / Ajax / ajaxget interface can be ...)
+ TODO: check
CVE-2022-28939
RESERVED
CVE-2022-28938
@@ -3787,8 +3931,8 @@ CVE-2022-28808
RESERVED
CVE-2022-28807
RESERVED
-CVE-2022-28806
- RESERVED
+CVE-2022-28806 (An issue was discovered on certain Fujitsu LIEFBOOK devices (A3510, U9 ...)
+ TODO: check
CVE-2022-28805 (singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2a ...)
- lua5.4 5.4.4-2 (bug #1010265)
[bullseye] - lua5.4 <no-dsa> (Minor issue)
@@ -4490,8 +4634,8 @@ CVE-2022-28570
RESERVED
CVE-2022-28569
RESERVED
-CVE-2022-28568
- RESERVED
+CVE-2022-28568 (Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File U ...)
+ TODO: check
CVE-2022-28567
RESERVED
CVE-2022-28566
@@ -4512,18 +4656,18 @@ CVE-2022-28559
RESERVED
CVE-2022-28558
RESERVED
-CVE-2022-28557
- RESERVED
-CVE-2022-28556
- RESERVED
+CVE-2022-28557 (There is a command injection vulnerability at the /goform/setsambacfg ...)
+ TODO: check
+CVE-2022-28556 (Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin is vulnerable to ...)
+ TODO: check
CVE-2022-28555
RESERVED
CVE-2022-28554
RESERVED
CVE-2022-28553
RESERVED
-CVE-2022-28552
- RESERVED
+CVE-2022-28552 (Cscms 4.1 is vulnerable to SQL Injection. Log into the background, ope ...)
+ TODO: check
CVE-2022-28551
RESERVED
CVE-2022-28550
@@ -4602,16 +4746,16 @@ CVE-2022-28514
RESERVED
CVE-2022-28513
RESERVED
-CVE-2022-28512
- RESERVED
+CVE-2022-28512 (A SQL injection vulnerability exists in Sourcecodester Fantastic Blog ...)
+ TODO: check
CVE-2022-28511
RESERVED
CVE-2022-28510
RESERVED
CVE-2022-28509
RESERVED
-CVE-2022-28508
- RESERVED
+CVE-2022-28508 (An XSS issue was discovered in browser_search_plugin.php in MantisBT b ...)
+ TODO: check
CVE-2022-28507
RESERVED
CVE-2022-28506 (There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RG ...)
@@ -4654,10 +4798,10 @@ CVE-2022-28490
RESERVED
CVE-2022-28489
RESERVED
-CVE-2022-28488
- RESERVED
-CVE-2022-28487
- RESERVED
+CVE-2022-28488 (The function wav_format_write in libwav.c in libwav through 2017-04-20 ...)
+ TODO: check
+CVE-2022-28487 (Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_che ...)
+ TODO: check
CVE-2022-28486
RESERVED
CVE-2022-28485
@@ -4879,7 +5023,8 @@ CVE-2022-28383
RESERVED
CVE-2022-28382
RESERVED
-CVE-2022-1214 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
+CVE-2022-1214
+ REJECTED
NOTE: https://huntr.dev/bounties/ef7b4ab6-a3f6-4268-a21a-e7104d344607/
TODO: check, the CVE is assigned to axios, but should be in follow-redirects module?
CVE-2022-1213 (SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/li ...)
@@ -5975,8 +6120,8 @@ CVE-2022-28113 (An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.
NOT-FOR-US: FANTEC GmbH MWiD25-DS Firmware
CVE-2022-28112
RESERVED
-CVE-2022-28111
- RESERVED
+CVE-2022-28111 (MyBatis PageHelper v1.x.x-v5.x.x was discovered to contain a time-blin ...)
+ TODO: check
CVE-2022-28110
RESERVED
CVE-2022-28109 (Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in ...)
@@ -5999,14 +6144,14 @@ CVE-2022-28101 (Turtlapp Turtle Note v0.7.2.6 does not filter the <meta> t
NOT-FOR-US: Turtlapp Turtle Note
CVE-2022-28100
RESERVED
-CVE-2022-28099
- RESERVED
+CVE-2022-28099 (Poultry Farm Management System v1.0 was discovered to contain a SQL in ...)
+ TODO: check
CVE-2022-28098
RESERVED
CVE-2022-28097
RESERVED
-CVE-2022-28096
- RESERVED
+CVE-2022-28096 (Skycaiji v2.4 was discovered to contain a remote code execution (RCE) ...)
+ TODO: check
CVE-2022-28095
RESERVED
CVE-2022-28094 (SCBS Online Sports Venue Reservation System v1.0 was discovered to con ...)
@@ -6017,8 +6162,8 @@ CVE-2022-28092
RESERVED
CVE-2022-28091
RESERVED
-CVE-2022-28090
- RESERVED
+CVE-2022-28090 (Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forg ...)
+ TODO: check
CVE-2022-28089
RESERVED
CVE-2022-28088
@@ -6036,10 +6181,10 @@ CVE-2022-28084
RESERVED
CVE-2022-28083
RESERVED
-CVE-2022-28082
- RESERVED
-CVE-2022-28081
- RESERVED
+CVE-2022-28082 (Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2022-28081 (A reflected cross-site scripting (XSS) vulnerability in the component ...)
+ TODO: check
CVE-2022-28080
RESERVED
CVE-2022-28079
@@ -6048,8 +6193,8 @@ CVE-2022-28078
RESERVED
CVE-2022-28077
RESERVED
-CVE-2022-28076
- RESERVED
+CVE-2022-28076 (Seacms v11.6 was discovered to contain a remote command execution (RCE ...)
+ TODO: check
CVE-2022-28075
RESERVED
CVE-2022-28074 (Halo-1.5.0 was discovered to contain a stored cross-site scripting (XS ...)
@@ -6066,10 +6211,10 @@ CVE-2022-28069
RESERVED
CVE-2022-28068
RESERVED
-CVE-2022-28067
- RESERVED
-CVE-2022-28066
- RESERVED
+CVE-2022-28067 (An incorrect access control issue in Sandboxie Classic v5.55.13 allows ...)
+ TODO: check
+CVE-2022-28066 (Libarchive v3.6.0 was discovered to contain a read memory access vulne ...)
+ TODO: check
CVE-2022-28065
RESERVED
CVE-2022-28064
@@ -6446,8 +6591,8 @@ CVE-2022-27905 (In ControlUp Real-Time Agent before 8.6, an unquoted path can re
NOT-FOR-US: ControlUp Real-Time Agent
CVE-2022-27904
RESERVED
-CVE-2022-27903
- RESERVED
+CVE-2022-27903 (An OS Command Injection vulnerability in the configuration parser of E ...)
+ TODO: check
CVE-2022-27902
REJECTED
CVE-2022-27901
@@ -6673,7 +6818,7 @@ CVE-2022-1061 (Heap Buffer Overflow in parseDragons in GitHub repository radareo
NOTE: https://huntr.dev/bounties/a7546dae-01c5-4fb0-8a8e-c04ea4e9bac7
NOTE: https://github.com/radareorg/radare2/commit/d4ce40b516ffd70cf2e9e36832d8de139117d522
CVE-2018-25032 (zlib before 1.2.12 allows memory corruption when deflating (i.e., when ...)
- {DSA-5111-1 DLA-2968-1}
+ {DSA-5111-1 DLA-2993-1 DLA-2968-1}
- zlib 1:1.2.11.dfsg-4 (bug #1008265)
- libz-mingw-w64 1.2.11+dfsg-5
[bullseye] - libz-mingw-w64 <no-dsa> (Minor issue)
@@ -7544,8 +7689,8 @@ CVE-2022-27463 (Open redirect vulnerability in objects/login.json.php in WWBN AV
NOT-FOR-US: WWBN AVideo
CVE-2022-27462 (Cross Site Scripting (XSS) vulnerability in objects/function.php in fu ...)
NOT-FOR-US: WWBN AVideo
-CVE-2022-27461
- RESERVED
+CVE-2022-27461 (In nopCommerce 4.50.1, an open redirect vulnerability can be triggered ...)
+ TODO: check
CVE-2022-27460
RESERVED
CVE-2022-27459
@@ -12240,26 +12385,26 @@ CVE-2022-25789 (A maliciously crafted DWF, 3DS and DWFX files in Autodesk AutoCA
NOT-FOR-US: Autodesk
CVE-2022-25788 (A maliciously crafted JT file in Autodesk AutoCAD 2022 may be used to ...)
NOT-FOR-US: Autodesk
-CVE-2022-25787
- RESERVED
-CVE-2022-25786
- RESERVED
-CVE-2022-25785
- RESERVED
-CVE-2022-25784
- RESERVED
-CVE-2022-25783
- RESERVED
-CVE-2022-25782
- RESERVED
-CVE-2022-25781
- RESERVED
-CVE-2022-25780
- RESERVED
-CVE-2022-25779
- RESERVED
-CVE-2022-25778
- RESERVED
+CVE-2022-25787 (Information Exposure Through Query Strings in GET Request vulnerabilit ...)
+ TODO: check
+CVE-2022-25786 (Unprotected Alternate Channel vulnerability in debug console of GateMa ...)
+ TODO: check
+CVE-2022-25785 (Stack-based Buffer Overflow vulnerability in SiteManager allows logged ...)
+ TODO: check
+CVE-2022-25784 (Cross-site Scripting (XSS) vulnerability in Web GUI of SiteManager all ...)
+ TODO: check
+CVE-2022-25783 (Insufficient Logging vulnerability in web server of Secomea GateManage ...)
+ TODO: check
+CVE-2022-25782 (Improper Handling of Insufficient Privileges vulnerability in Web UI o ...)
+ TODO: check
+CVE-2022-25781 (Cross-site Scripting (XSS) vulnerability in Web UI of Secomea GateMana ...)
+ TODO: check
+CVE-2022-25780 (Information Exposure vulnerability in web UI of Secomea GateManager al ...)
+ TODO: check
+CVE-2022-25779 (Logging of Excessive Data vulnerability in audit log of Secomea GateMa ...)
+ TODO: check
+CVE-2022-25778 (Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea G ...)
+ TODO: check
CVE-2022-25777
RESERVED
CVE-2022-25776
@@ -19098,8 +19243,8 @@ CVE-2022-23726
RESERVED
CVE-2022-23725
RESERVED
-CVE-2022-23724
- RESERVED
+CVE-2022-23724 (Use of static encryption key material allows forging an authentication ...)
+ TODO: check
CVE-2022-23723 (An MFA bypass vulnerability exists in the PingFederate PingOne MFA Int ...)
NOT-FOR-US: pingidentity
CVE-2022-23722 (When a password reset mechanism is configured to use the Authenticatio ...)
@@ -19735,8 +19880,8 @@ CVE-2022-23445
RESERVED
CVE-2022-23444
RESERVED
-CVE-2022-23443
- RESERVED
+CVE-2022-23443 (An improper access control in Fortinet FortiSOAR before 7.2.0 allows u ...)
+ TODO: check
CVE-2022-23442
RESERVED
CVE-2022-23441 (A use of hard-coded cryptographic key vulnerability [CWE-321] in Forti ...)
@@ -35202,22 +35347,22 @@ CVE-2022-20803
RESERVED
CVE-2022-20802
RESERVED
-CVE-2022-20801
- RESERVED
+CVE-2022-20801 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
CVE-2022-20800
RESERVED
-CVE-2022-20799
- RESERVED
+CVE-2022-20799 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
CVE-2022-20798
RESERVED
CVE-2022-20797
RESERVED
-CVE-2022-20796
- RESERVED
+CVE-2022-20796 (On May 4, 2022, the following vulnerability in the ClamAV scanning lib ...)
+ TODO: check
CVE-2022-20795 (A vulnerability in the implementation of the Datagram TLS (DTLS) proto ...)
NOT-FOR-US: Cisco
-CVE-2022-20794
- RESERVED
+CVE-2022-20794 (Multiple vulnerabilities in the web engine of Cisco TelePresence Colla ...)
+ TODO: check
CVE-2022-20793
RESERVED
CVE-2022-20792
@@ -35234,8 +35379,8 @@ CVE-2022-20787 (A vulnerability in the web-based management interface of Cisco U
NOT-FOR-US: Cisco
CVE-2022-20786 (A vulnerability in the web-based management interface of Cisco Unified ...)
NOT-FOR-US: Cisco
-CVE-2022-20785
- RESERVED
+CVE-2022-20785 (On April 20, 2022, the following vulnerability in the ClamAV scanning ...)
+ TODO: check
CVE-2022-20784 (A vulnerability in the Web-Based Reputation Score (WBRS) engine of Cis ...)
NOT-FOR-US: Cisco
CVE-2022-20783 (A vulnerability in the packet processing functionality of Cisco TelePr ...)
@@ -35244,14 +35389,14 @@ CVE-2022-20782 (A vulnerability in the web-based management interface of Cisco I
NOT-FOR-US: Cisco
CVE-2022-20781 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
NOT-FOR-US: Cisco
-CVE-2022-20780
- RESERVED
-CVE-2022-20779
- RESERVED
+CVE-2022-20780 (Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Softwa ...)
+ TODO: check
+CVE-2022-20779 (Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Softwa ...)
+ TODO: check
CVE-2022-20778 (A vulnerability in the authentication component of Cisco Webex Meeting ...)
NOT-FOR-US: Cisco
-CVE-2022-20777
- RESERVED
+CVE-2022-20777 (Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Softwa ...)
+ TODO: check
CVE-2022-20776
RESERVED
CVE-2022-20775
@@ -35262,10 +35407,10 @@ CVE-2022-20773 (A vulnerability in the key-based SSH authentication mechanism of
NOT-FOR-US: Cisco
CVE-2022-20772
RESERVED
-CVE-2022-20771
- RESERVED
-CVE-2022-20770
- RESERVED
+CVE-2022-20771 (On April 20, 2022, the following vulnerability in the ClamAV scanning ...)
+ TODO: check
+CVE-2022-20770 (On April 20, 2022, the following vulnerability in the ClamAV scanning ...)
+ TODO: check
CVE-2022-20769
RESERVED
CVE-2022-20768
@@ -35276,8 +35421,8 @@ CVE-2022-20766
RESERVED
CVE-2022-20765
RESERVED
-CVE-2022-20764
- RESERVED
+CVE-2022-20764 (Multiple vulnerabilities in the web engine of Cisco TelePresence Colla ...)
+ TODO: check
CVE-2022-20763 (A vulnerability in the login authorization components of Cisco Webex M ...)
NOT-FOR-US: Cisco
CVE-2022-20762 (A vulnerability in the Common Execution Environment (CEE) ConfD CLI of ...)
@@ -35298,8 +35443,8 @@ CVE-2022-20755 (Multiple vulnerabilities in the API and web-based management int
NOT-FOR-US: Cisco
CVE-2022-20754 (Multiple vulnerabilities in the API and web-based management interface ...)
NOT-FOR-US: Cisco
-CVE-2022-20753
- RESERVED
+CVE-2022-20753 (A vulnerability in web-based management interface of Cisco Small Busin ...)
+ TODO: check
CVE-2022-20752
RESERVED
CVE-2022-20751 (A vulnerability in the Snort detection engine integration for Cisco Fi ...)
@@ -35336,8 +35481,8 @@ CVE-2022-20736
RESERVED
CVE-2022-20735 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
NOT-FOR-US: Cisco
-CVE-2022-20734
- RESERVED
+CVE-2022-20734 (A vulnerability in Cisco SD-WAN vManage Software could allow an authen ...)
+ TODO: check
CVE-2022-20733
RESERVED
CVE-2022-20732 (A vulnerability in the configuration file protections of Cisco Virtual ...)
@@ -35667,8 +35812,8 @@ CVE-2021-43208 (3D Viewer Remote Code Execution Vulnerability This CVE ID is uni
NOT-FOR-US: Microsoft
CVE-2021-43207 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
NOT-FOR-US: Microsoft
-CVE-2021-43206
- RESERVED
+CVE-2021-43206 (A server-generated error message containing sensitive information in F ...)
+ TODO: check
CVE-2021-43205 (An exposure of sensitive information to an unauthorized actor vulnerab ...)
NOT-FOR-US: Fortiguard FortiClient
CVE-2021-43204 (A improper control of a resource through its lifetime in Fortinet Fort ...)
@@ -39316,8 +39461,8 @@ CVE-2021-42237 (Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is v
NOT-FOR-US: Sitecore
CVE-2021-42236
RESERVED
-CVE-2021-42235
- RESERVED
+CVE-2021-42235 (SQL injection in osTicket before 1.14.8 and 1.15.4 login and password ...)
+ TODO: check
CVE-2021-42234
RESERVED
CVE-2021-42233
@@ -39402,8 +39547,8 @@ CVE-2021-42194 (The wechat_return function in /controller/Index.php of EyouCms V
NOT-FOR-US: Eyoucms
CVE-2021-42193
RESERVED
-CVE-2021-42192
- RESERVED
+CVE-2021-42192 (Konga v0.14.9 is affected by an incorrect access control vulnerability ...)
+ TODO: check
CVE-2021-42191
RESERVED
CVE-2021-42190
@@ -39416,8 +39561,8 @@ CVE-2021-42187
RESERVED
CVE-2021-42186
REJECTED
-CVE-2021-42185
- RESERVED
+CVE-2021-42185 (wdja v2.1 is affected by a SQL injection vulnerability in the foregrou ...)
+ TODO: check
CVE-2021-42184
RESERVED
CVE-2021-42183
@@ -42370,8 +42515,8 @@ CVE-2021-41034 (The build of some language stacks of Eclipse Che version 6 inclu
NOT-FOR-US: Eclipse Che
CVE-2021-41033 (In all released versions of Eclipse Equinox, at least until version 4. ...)
NOT-FOR-US: Eclipse Equinox
-CVE-2021-41032
- RESERVED
+CVE-2021-41032 (An improper access control vulnerability [CWE-284] in FortiOS versions ...)
+ TODO: check
CVE-2021-41031
RESERVED
CVE-2021-41030 (An authentication bypass by capture-replay vulnerability [CWE-294] in ...)
@@ -42394,8 +42539,8 @@ CVE-2021-41022 (A improper privilege management in Fortinet FortiSIEM Windows Ag
NOT-FOR-US: Fortiguard
CVE-2021-41021 (A privilege escalation vulnerability in FortiNAC versions 8.8.8 and be ...)
NOT-FOR-US: FortiGuard
-CVE-2021-41020
- RESERVED
+CVE-2021-41020 (An improper access control vulnerability [CWE-284] in FortiIsolator ve ...)
+ TODO: check
CVE-2021-41019 (An improper validation of certificate with host mismatch [CWE-297] vul ...)
NOT-FOR-US: Fortiguard
CVE-2021-41018 (A improper neutralization of special elements used in an os command (' ...)
@@ -64723,8 +64868,8 @@ CVE-2021-3530 (A flaw was discovered in GNU libiberty within demangle_path() in
NOTE: binutils not covered by security support
CVE-2021-32011
RESERVED
-CVE-2021-32010
- RESERVED
+CVE-2021-32010 (Inadequate Encryption Strength vulnerability in TLS stack of Secomea S ...)
+ TODO: check
CVE-2021-32009 (Cross-site Scripting (XSS) vulnerability in firmware section of Secome ...)
NOT-FOR-US: Secomea GateManager
CVE-2021-32008 (This issue affects: Secomea GateManager Version 9.6.621421014 and all ...)
@@ -96589,8 +96734,8 @@ CVE-2021-20053
RESERVED
CVE-2021-20052
RESERVED
-CVE-2021-20051
- RESERVED
+CVE-2021-20051 (SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) ...)
+ TODO: check
CVE-2021-20050 (An Improper Access Control Vulnerability in the SMA100 series leads to ...)
NOT-FOR-US: SonicWall
CVE-2021-20049 (A vulnerability in SonicWall SMA100 password change API allows a remot ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20cdd54062566a0380f2ba362c4cdd07075be7d0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20cdd54062566a0380f2ba362c4cdd07075be7d0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220504/a6e64566/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list