[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 11 21:10:29 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ebdc2075 by security tracker role at 2022-05-11T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2022-30556
+ RESERVED
+CVE-2022-30555
+ RESERVED
+CVE-2022-30554
+ RESERVED
+CVE-2022-30553
+ RESERVED
+CVE-2022-30552
+ RESERVED
+CVE-2022-30551
+ RESERVED
+CVE-2022-30550
+ RESERVED
+CVE-2022-1677
+ RESERVED
+CVE-2022-1676
+ RESERVED
+CVE-2022-1675
+ RESERVED
+CVE-2022-1674
+ RESERVED
+CVE-2022-1673
+ RESERVED
+CVE-2022-1672
+ RESERVED
+CVE-2022-1671
+ RESERVED
CVE-2022-30548
RESERVED
CVE-2022-30339
@@ -322,18 +350,18 @@ CVE-2022-30455
RESERVED
CVE-2022-30454
RESERVED
-CVE-2022-30453
- RESERVED
-CVE-2022-30452
- RESERVED
-CVE-2022-30451
- RESERVED
-CVE-2022-30450
- RESERVED
-CVE-2022-30449
- RESERVED
-CVE-2022-30448
- RESERVED
+CVE-2022-30453 (ShopWind <= 3.4.2 has a RCE vulnerability in Database.php ...)
+ TODO: check
+CVE-2022-30452 (ShopWind <= v3.4.2 has a Sql injection vulnerability in Database.ph ...)
+ TODO: check
+CVE-2022-30451 (An authenticated user could execute code via a SQLi vulnerability in w ...)
+ TODO: check
+CVE-2022-30450 (A Remote Code Execution (RCE) vulnerability exists in waimairen 9.1 vi ...)
+ TODO: check
+CVE-2022-30449 (Hospital Management System in PHP with Source Code (HMS) 1.0 was disco ...)
+ TODO: check
+CVE-2022-30448 (Hospital Management System in PHP with Source Code (HMS) 1.0 was disco ...)
+ TODO: check
CVE-2022-30447
RESERVED
CVE-2022-30446
@@ -556,10 +584,10 @@ CVE-2022-30335 (Bonanza Wealth Management System (BWM) 7.3.2 allows SQL injectio
NOT-FOR-US: Bonanza Wealth Management System
CVE-2022-26041
RESERVED
-CVE-2022-1623
- RESERVED
-CVE-2022-1622
- RESERVED
+CVE-2022-1623 (LibTIFF master branch has an out-of-bounds read in LZWDecode in libtif ...)
+ TODO: check
+CVE-2022-1622 (LibTIFF master branch has an out-of-bounds read in LZWDecode in libtif ...)
+ TODO: check
CVE-2022-1621 (Heap buffer overflow in vim_strncpy find_word in GitHub repository vim ...)
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
@@ -1347,20 +1375,20 @@ CVE-2022-30065
RESERVED
CVE-2022-30064
RESERVED
-CVE-2022-30063
- RESERVED
-CVE-2022-30062
- RESERVED
-CVE-2022-30061
- RESERVED
-CVE-2022-30060
- RESERVED
-CVE-2022-30059
- RESERVED
-CVE-2022-30058
- RESERVED
-CVE-2022-30057
- RESERVED
+CVE-2022-30063 (ftcms <=2.1 was discovered to be vulnerable to code execution attac ...)
+ TODO: check
+CVE-2022-30062 (ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Read ...)
+ TODO: check
+CVE-2022-30061 (ftcms <=2.1 was discovered to be vulnerable to directory traversal ...)
+ TODO: check
+CVE-2022-30060 (ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Write ...)
+ TODO: check
+CVE-2022-30059 (Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Delete ...)
+ TODO: check
+CVE-2022-30058 (Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Downlo ...)
+ TODO: check
+CVE-2022-30057 (Shopwind <=v3.4.2 was discovered to contain a stored cross-site scr ...)
+ TODO: check
CVE-2022-30056
RESERVED
CVE-2022-30055
@@ -1377,10 +1405,10 @@ CVE-2022-30050
RESERVED
CVE-2022-30049
RESERVED
-CVE-2022-30048
- RESERVED
-CVE-2022-30047
- RESERVED
+CVE-2022-30048 (Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection vulnerab ...)
+ TODO: check
+CVE-2022-30047 (Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnera ...)
+ TODO: check
CVE-2022-30046
RESERVED
CVE-2022-30045
@@ -1393,8 +1421,8 @@ CVE-2022-30042
RESERVED
CVE-2022-30041
RESERVED
-CVE-2022-30040
- RESERVED
+CVE-2022-30040 (Tenda AX1803 v1.0.0.1_2890 is vulnerable to Buffer Overflow. The vulne ...)
+ TODO: check
CVE-2022-30039
RESERVED
CVE-2022-30038
@@ -1517,14 +1545,14 @@ CVE-2022-29980
RESERVED
CVE-2022-29979
RESERVED
-CVE-2022-29978
- RESERVED
-CVE-2022-29977
- RESERVED
-CVE-2022-29976
- RESERVED
-CVE-2022-29975
- RESERVED
+CVE-2022-29978 (There is a floating point exception error in sixel_encoder_do_resize, ...)
+ TODO: check
+CVE-2022-29977 (There is an assertion failure error in stbi__jpeg_huff_decode, stb_ima ...)
+ TODO: check
+CVE-2022-29976 (An Authenticated Reflected Cross-site scripting at BCC Parameter was d ...)
+ TODO: check
+CVE-2022-29975 (An Authenticated Reflected Cross-site scripting at CC Parameter was di ...)
+ TODO: check
CVE-2022-29974
RESERVED
CVE-2022-29973 (relan exFAT 1.3.0 allows local users to obtain sensitive information ( ...)
@@ -1548,8 +1576,8 @@ CVE-2022-29968 (An issue was discovered in the Linux kernel through 5.17.5. io_r
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/32452a3eb8b64e01e2be717f518c0be046975b9d (5.18-rc5)
-CVE-2022-1545
- RESERVED
+CVE-2022-1545 (It was possible to disclose details of confidential notes created via ...)
+ TODO: check
CVE-2021-46790 (ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow i ...)
- ntfs-3g <unfixed>
NOTE: https://github.com/tuxera/ntfs-3g/issues/16
@@ -1628,8 +1656,8 @@ CVE-2022-29934 (USU Oracle Optimization before 5.17.5 lacks Polkit authenticatio
NOT-FOR-US: USU Oracle Optimization
CVE-2022-29933 (Craft CMS through 3.7.36 allows a remote unauthenticated attacker, who ...)
NOT-FOR-US: Craft CMS
-CVE-2022-29932
- RESERVED
+CVE-2022-29932 (The HTTP Server in PRIMEUR SPAZIO 2.5.1.954 (File Transfer) allows an ...)
+ TODO: check
CVE-2022-29931
RESERVED
CVE-2022-29930
@@ -1780,10 +1808,10 @@ CVE-2022-29900
RESERVED
CVE-2022-29899
RESERVED
-CVE-2022-29898
- RESERVED
-CVE-2022-29897
- RESERVED
+CVE-2022-29898 (On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user c ...)
+ TODO: check
+CVE-2022-29897 (On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user c ...)
+ TODO: check
CVE-2022-29892
RESERVED
CVE-2022-29885
@@ -1881,8 +1909,8 @@ CVE-2022-1512
RESERVED
CVE-2022-1511 (Improper Access Control in GitHub repository snipe/snipe-it prior to 5 ...)
- snipe-it <itp> (bug #1005172)
-CVE-2022-1510
- RESERVED
+CVE-2022-1510 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
CVE-2022-1509 (Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp pri ...)
NOT-FOR-US: Hestia Control Panel
CVE-2022-29868 (1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a ...)
@@ -1925,14 +1953,14 @@ CVE-2022-29850
RESERVED
CVE-2022-29849 (In Progress OpenEdge before 11.7.14 and 12.x before 12.2.9, certain SU ...)
NOT-FOR-US: Progress OpenEdge
-CVE-2022-29848
- RESERVED
-CVE-2022-29847
- RESERVED
-CVE-2022-29846
- RESERVED
-CVE-2022-29845
- RESERVED
+CVE-2022-29848 (In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, i ...)
+ TODO: check
+CVE-2022-29847 (In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, i ...)
+ TODO: check
+CVE-2022-29846 (In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it ...)
+ TODO: check
+CVE-2022-29845 (In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, i ...)
+ TODO: check
CVE-2022-29844
RESERVED
CVE-2022-29843
@@ -2276,8 +2304,8 @@ CVE-2022-1462
RESERVED
CVE-2022-1461 (Non Privilege User can Enable or Disable Registered in GitHub reposito ...)
NOT-FOR-US: OpenEMR
-CVE-2022-1460
- RESERVED
+CVE-2022-1460 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
CVE-2022-1459 (Non-Privilege User Can View Patient’s Disclosures in GitHub repo ...)
NOT-FOR-US: OpenEMR
CVE-2022-1458 (Stored XSS Leads To Session Hijacking in GitHub repository openemr/ope ...)
@@ -2416,10 +2444,10 @@ CVE-2022-29730
RESERVED
CVE-2022-29729
RESERVED
-CVE-2022-29728
- RESERVED
-CVE-2022-29727
- RESERVED
+CVE-2022-29728 (Survey Sparrow Enterprise Survey Software 2022 has a Reflected cross-s ...)
+ TODO: check
+CVE-2022-29727 (Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site ...)
+ TODO: check
CVE-2022-29726
RESERVED
CVE-2022-29725
@@ -2560,10 +2588,10 @@ CVE-2022-29658
RESERVED
CVE-2022-29657
RESERVED
-CVE-2022-29656
- RESERVED
-CVE-2022-29655
- RESERVED
+CVE-2022-29656 (Wedding Management System v1.0 was discovered to contain a SQL injecti ...)
+ TODO: check
+CVE-2022-29655 (An arbitrary file upload vulnerability in the Upload Photos module of ...)
+ TODO: check
CVE-2022-29654
RESERVED
CVE-2022-29653
@@ -2640,20 +2668,20 @@ CVE-2022-29618
RESERVED
CVE-2022-29617
RESERVED
-CVE-2022-29616
- RESERVED
+CVE-2022-29616 (SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to l ...)
+ TODO: check
CVE-2022-29615
RESERVED
CVE-2022-29614
RESERVED
-CVE-2022-29613
- RESERVED
+CVE-2022-29613 (Due to insufficient input validation, SAP Employee Self Service allows ...)
+ TODO: check
CVE-2022-29612
RESERVED
-CVE-2022-29611
- RESERVED
-CVE-2022-29610
- RESERVED
+CVE-2022-29611 (SAP NetWeaver Application Server for ABAP and ABAP Platform do not per ...)
+ TODO: check
+CVE-2022-29610 (SAP NetWeaver Application Server ABAP allows an authenticated attacker ...)
+ TODO: check
CVE-2022-29609
RESERVED
CVE-2022-29608
@@ -2719,8 +2747,8 @@ CVE-2022-29598
RESERVED
CVE-2022-29597
RESERVED
-CVE-2022-29596
- RESERVED
+CVE-2022-29596 (MicroStrategy Enterprise Manager 2022 allows authentication bypass by ...)
+ TODO: check
CVE-2022-29595
RESERVED
CVE-2022-29594
@@ -2777,8 +2805,8 @@ CVE-2022-1434 (The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorre
- openssl <not-affected> (Only affects OpenSSL 3.0)
NOTE: https://www.openssl.org/news/secadv/20220503.txt
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7d56a74a96828985db7354a55227a511615f732b (openssl-3.0.3)
-CVE-2022-1433
- RESERVED
+CVE-2022-1433 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
CVE-2022-1432
RESERVED
CVE-2022-1431 (An issue has been discovered in GitLab affecting all versions starting ...)
@@ -2787,8 +2815,8 @@ CVE-2022-1430
RESERVED
CVE-2022-1429 (SQL injection in GridHelperService.php in GitHub repository pimcore/pi ...)
NOT-FOR-US: pimcore
-CVE-2022-1428
- RESERVED
+CVE-2022-1428 (An issue has been discovered in GitLab affecting all versions before 1 ...)
+ TODO: check
CVE-2022-29582 (In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free ...)
{DSA-5127-1}
- linux 5.17.3-1
@@ -2842,8 +2870,8 @@ CVE-2022-29561
RESERVED
CVE-2022-29560
RESERVED
-CVE-2022-1426
- RESERVED
+CVE-2022-1426 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
CVE-2022-1425
RESERVED
CVE-2022-1424
@@ -2989,8 +3017,8 @@ CVE-2022-26424
RESERVED
CVE-2022-25899
RESERVED
-CVE-2022-1406
- RESERVED
+CVE-2022-1406 (Improper input validation in GitLab CE/EE affecting all versions from ...)
+ TODO: check
CVE-2022-29504
RESERVED
CVE-2022-29503
@@ -3472,12 +3500,12 @@ CVE-2022-29320
RESERVED
CVE-2022-29319
RESERVED
-CVE-2022-29318
- RESERVED
-CVE-2022-29317
- RESERVED
-CVE-2022-29316
- RESERVED
+CVE-2022-29318 (An arbitrary file upload vulnerability in the New Entry module of Car ...)
+ TODO: check
+CVE-2022-29317 (Simple Bus Ticket Booking System v1.0 was discovered to contain multip ...)
+ TODO: check
+CVE-2022-29316 (Complete Online Job Search System v1.0 was discovered to contain a SQL ...)
+ TODO: check
CVE-2022-29315 (Invicti Acunetix before 14 allows CSV injection via the Description fi ...)
NOT-FOR-US: Invicti Acunetix
CVE-2022-29314
@@ -3653,8 +3681,8 @@ CVE-2022-1353 (A vulnerability was found in the pfkey_register function in net/k
{DSA-5127-1}
- linux 5.17.3-1
NOTE: https://git.kernel.org/linus/9a564bccb78a76740ea9d75a259942df8143d02c (5.17)
-CVE-2022-1352
- RESERVED
+CVE-2022-1352 (Due to an insecure direct object reference vulnerability in Gitlab EE/ ...)
+ TODO: check
CVE-2022-1351 (Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10 ...)
NOT-FOR-US: pimcore
CVE-2022-29264 (An issue was discovered in coreboot 4.13 through 4.16. On APs, arbitra ...)
@@ -4390,14 +4418,14 @@ CVE-2022-29011
RESERVED
CVE-2022-29010
RESERVED
-CVE-2022-29009
- RESERVED
-CVE-2022-29008
- RESERVED
-CVE-2022-29007
- RESERVED
-CVE-2022-29006
- RESERVED
+CVE-2022-29009 (Multiple SQL injection vulnerabilities via the username and password p ...)
+ TODO: check
+CVE-2022-29008 (An insecure direct object reference (IDOR) vulnerability in the viewid ...)
+ TODO: check
+CVE-2022-29007 (Multiple SQL injection vulnerabilities via the username and password p ...)
+ TODO: check
+CVE-2022-29006 (Multiple SQL injection vulnerabilities via the username and password p ...)
+ TODO: check
CVE-2022-29005
RESERVED
CVE-2022-29004
@@ -4756,10 +4784,10 @@ CVE-2022-28840
RESERVED
CVE-2022-28839
RESERVED
-CVE-2022-28838
- RESERVED
-CVE-2022-28837
- RESERVED
+CVE-2022-28838 (Acrobat Acrobat Pro DC version 22.001.2011x (and earlier), 20.005.3033 ...)
+ TODO: check
+CVE-2022-28837 (Acrobat Pro DC version 22.001.2011x (and earlier), 20.005.3033x (and e ...)
+ TODO: check
CVE-2022-28836
RESERVED
CVE-2022-28835
@@ -4890,8 +4918,8 @@ CVE-2022-28776 (Improper access control vulnerability in Galaxy Store prior to v
NOT-FOR-US: Samsung
CVE-2022-28775 (Improper access control vulnerability in Samsung Flow prior to version ...)
NOT-FOR-US: Samsung
-CVE-2022-28774
- RESERVED
+CVE-2022-28774 (Under certain conditions, the SAP Host Agent logfile shows information ...)
+ TODO: check
CVE-2022-28773 (Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Interne ...)
NOT-FOR-US: SAP
CVE-2022-28772 (By overlong input values an attacker may force overwrite of the intern ...)
@@ -6362,8 +6390,8 @@ CVE-2021-46746
RESERVED
CVE-2021-46745
RESERVED
-CVE-2021-46744
- RESERVED
+CVE-2021-46744 (An attacker with access to a malicious hypervisor may be able to infer ...)
+ TODO: check
CVE-2022-28280
RESERVED
CVE-2022-28279 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) ...)
@@ -6386,86 +6414,86 @@ CVE-2022-28271 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and ear
NOT-FOR-US: Adobe
CVE-2022-28270 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...)
NOT-FOR-US: Adobe
-CVE-2022-28269
- RESERVED
-CVE-2022-28268
- RESERVED
-CVE-2022-28267
- RESERVED
-CVE-2022-28266
- RESERVED
-CVE-2022-28265
- RESERVED
-CVE-2022-28264
- RESERVED
-CVE-2022-28263
- RESERVED
-CVE-2022-28262
- RESERVED
-CVE-2022-28261
- RESERVED
-CVE-2022-28260
- RESERVED
-CVE-2022-28259
- RESERVED
-CVE-2022-28258
- RESERVED
-CVE-2022-28257
- RESERVED
-CVE-2022-28256
- RESERVED
-CVE-2022-28255
- RESERVED
-CVE-2022-28254
- RESERVED
-CVE-2022-28253
- RESERVED
-CVE-2022-28252
- RESERVED
-CVE-2022-28251
- RESERVED
-CVE-2022-28250
- RESERVED
-CVE-2022-28249
- RESERVED
-CVE-2022-28248
- RESERVED
-CVE-2022-28247
- RESERVED
-CVE-2022-28246
- RESERVED
-CVE-2022-28245
- RESERVED
-CVE-2022-28244
- RESERVED
-CVE-2022-28243
- RESERVED
-CVE-2022-28242
- RESERVED
-CVE-2022-28241
- RESERVED
-CVE-2022-28240
- RESERVED
-CVE-2022-28239
- RESERVED
-CVE-2022-28238
- RESERVED
-CVE-2022-28237
- RESERVED
-CVE-2022-28236
- RESERVED
-CVE-2022-28235
- RESERVED
-CVE-2022-28234
- RESERVED
-CVE-2022-28233
- RESERVED
-CVE-2022-28232
- RESERVED
-CVE-2022-28231
- RESERVED
-CVE-2022-28230
- RESERVED
+CVE-2022-28269 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...)
+ TODO: check
+CVE-2022-28268 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...)
+ TODO: check
+CVE-2022-28267 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...)
+ TODO: check
+CVE-2022-28266 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...)
+ TODO: check
+CVE-2022-28265 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...)
+ TODO: check
+CVE-2022-28264 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...)
+ TODO: check
+CVE-2022-28263 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...)
+ TODO: check
+CVE-2022-28262 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...)
+ TODO: check
+CVE-2022-28261 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...)
+ TODO: check
+CVE-2022-28260 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...)
+ TODO: check
+CVE-2022-28259 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...)
+ TODO: check
+CVE-2022-28258 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...)
+ TODO: check
+CVE-2022-28257 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...)
+ TODO: check
+CVE-2022-28256 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...)
+ TODO: check
+CVE-2022-28255 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...)
+ TODO: check
+CVE-2022-28254 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...)
+ TODO: check
+CVE-2022-28253 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...)
+ TODO: check
+CVE-2022-28252 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...)
+ TODO: check
+CVE-2022-28251 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...)
+ TODO: check
+CVE-2022-28250 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...)
+ TODO: check
+CVE-2022-28249 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...)
+ TODO: check
+CVE-2022-28248 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...)
+ TODO: check
+CVE-2022-28247 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...)
+ TODO: check
+CVE-2022-28246 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...)
+ TODO: check
+CVE-2022-28245 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...)
+ TODO: check
+CVE-2022-28244 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...)
+ TODO: check
+CVE-2022-28243 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...)
+ TODO: check
+CVE-2022-28242 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...)
+ TODO: check
+CVE-2022-28241 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...)
+ TODO: check
+CVE-2022-28240 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...)
+ TODO: check
+CVE-2022-28239 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...)
+ TODO: check
+CVE-2022-28238 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...)
+ TODO: check
+CVE-2022-28237 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...)
+ TODO: check
+CVE-2022-28236 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...)
+ TODO: check
+CVE-2022-28235 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...)
+ TODO: check
+CVE-2022-28234 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...)
+ TODO: check
+CVE-2022-28233 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...)
+ TODO: check
+CVE-2022-28232 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...)
+ TODO: check
+CVE-2022-28231 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...)
+ TODO: check
+CVE-2022-28230 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...)
+ TODO: check
CVE-2022-28229
RESERVED
CVE-2022-28228
@@ -6559,8 +6587,8 @@ CVE-2022-28216 (SAP BusinessObjects Business Intelligence Platform (BI Workspace
NOT-FOR-US: SAP
CVE-2022-28215 (SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, ...)
NOT-FOR-US: SAP
-CVE-2022-28214
- RESERVED
+CVE-2022-28214 (During an update of SAP BusinessObjects Enterprise, Central Management ...)
+ TODO: check
CVE-2022-28213 (When a user access SOAP Web services in SAP BusinessObjects Business I ...)
NOT-FOR-US: SAP
CVE-2022-28212
@@ -6928,8 +6956,8 @@ CVE-2022-1125
- chromium 100.0.4896.60-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1124
- RESERVED
+CVE-2022-1124 (An improper authorization issue has been discovered in GitLab CE/EE af ...)
+ TODO: check
CVE-2022-1123
RESERVED
CVE-2021-46743 (In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., ...)
@@ -7082,10 +7110,10 @@ CVE-2022-28080 (Royal Event Management System v1.0 was discovered to contain a S
NOT-FOR-US: Royal Event Management System
CVE-2022-28079 (College Management System v1.0 was discovered to contain a SQL injecti ...)
NOT-FOR-US: College Management System
-CVE-2022-28078
- RESERVED
-CVE-2022-28077
- RESERVED
+CVE-2022-28078 (Home Owners Collection Management v1 was discovered to contain a refle ...)
+ TODO: check
+CVE-2022-28077 (Home Owners Collection Management v1 was discovered to contain a refle ...)
+ TODO: check
CVE-2022-28076 (Seacms v11.6 was discovered to contain a remote command execution (RCE ...)
NOT-FOR-US: Seacms
CVE-2022-28075
@@ -7798,42 +7826,42 @@ CVE-2022-27810
RESERVED
CVE-2022-27809
RESERVED
-CVE-2022-27802
- RESERVED
-CVE-2022-27801
- RESERVED
-CVE-2022-27800
- RESERVED
-CVE-2022-27799
- RESERVED
-CVE-2022-27798
- RESERVED
-CVE-2022-27797
- RESERVED
-CVE-2022-27796
- RESERVED
-CVE-2022-27795
- RESERVED
-CVE-2022-27794
- RESERVED
-CVE-2022-27793
- RESERVED
-CVE-2022-27792
- RESERVED
-CVE-2022-27791
- RESERVED
-CVE-2022-27790
- RESERVED
-CVE-2022-27789
- RESERVED
-CVE-2022-27788
- RESERVED
-CVE-2022-27787
- RESERVED
-CVE-2022-27786
- RESERVED
-CVE-2022-27785
- RESERVED
+CVE-2022-27802 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...)
+ TODO: check
+CVE-2022-27801 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...)
+ TODO: check
+CVE-2022-27800 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...)
+ TODO: check
+CVE-2022-27799 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...)
+ TODO: check
+CVE-2022-27798 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...)
+ TODO: check
+CVE-2022-27797 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...)
+ TODO: check
+CVE-2022-27796 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...)
+ TODO: check
+CVE-2022-27795 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...)
+ TODO: check
+CVE-2022-27794 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...)
+ TODO: check
+CVE-2022-27793 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...)
+ TODO: check
+CVE-2022-27792 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...)
+ TODO: check
+CVE-2022-27791 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...)
+ TODO: check
+CVE-2022-27790 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...)
+ TODO: check
+CVE-2022-27789 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...)
+ TODO: check
+CVE-2022-27788 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...)
+ TODO: check
+CVE-2022-27787 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...)
+ TODO: check
+CVE-2022-27786 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...)
+ TODO: check
+CVE-2022-27785 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...)
+ TODO: check
CVE-2022-27784 (Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 (and earl ...)
NOT-FOR-US: Adobe
CVE-2022-27783 (Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 (and earl ...)
@@ -8153,8 +8181,8 @@ CVE-2022-27658 (Under certain conditions, SAP Innovation management - version 2.
NOT-FOR-US: SAP
CVE-2022-27657 (A highly privileged remote attacker, can gain unauthorized access to d ...)
NOT-FOR-US: SAP
-CVE-2022-27656
- RESERVED
+CVE-2022-27656 (The Web administration UI of SAP Web Dispatcher and the Internet Commu ...)
+ TODO: check
CVE-2022-27655 (When a user opens a manipulated Universal 3D (.u3d, 3difr.x3d) receive ...)
NOT-FOR-US: SAP
CVE-2022-27654 (When a user opens a manipulated Photoshop Document (.psd, 2d.x3d) rece ...)
@@ -12553,8 +12581,8 @@ CVE-2022-26118
RESERVED
CVE-2022-26117
RESERVED
-CVE-2022-26116
- RESERVED
+CVE-2022-26116 (Multiple improper neutralization of special elements used in SQL comma ...)
+ TODO: check
CVE-2022-26115
RESERVED
CVE-2022-26114
@@ -16919,8 +16947,8 @@ CVE-2022-24586 (A stored cross-site scripting (XSS) vulnerability in the compone
CVE-2022-24585 (A stored cross-site scripting (XSS) vulnerability in the component /co ...)
- pluxml <unfixed> (bug #1008264)
NOTE: https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24585/CVE-2022-24585.pdf
-CVE-2022-24584
- RESERVED
+CVE-2022-24584 (Incorrect access control in Yubico OTP functionality of the YubiKey ha ...)
+ TODO: check
CVE-2022-24583
RESERVED
CVE-2022-24582 (Accounting Journal Management 1.0 is vulnerable to XSS-PHPSESSID-Hijac ...)
@@ -17949,8 +17977,8 @@ CVE-2022-24274
RESERVED
CVE-2022-24273
RESERVED
-CVE-2022-24272
- REJECTED
+CVE-2022-24272 (An authenticated user may trigger an invariant assertion during comman ...)
+ TODO: check
CVE-2022-23400 (A stack-based buffer overflow vulnerability exists in the IGXMPXMLPars ...)
NOT-FOR-US: Accusoft ImageGear
CVE-2022-0435 (A stack overflow flaw was found in the Linux kernel's TIPC protocol fu ...)
@@ -18476,14 +18504,14 @@ CVE-2022-24106
RESERVED
CVE-2022-24105 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) ...)
NOT-FOR-US: Adobe
-CVE-2022-24104
- RESERVED
-CVE-2022-24103
- RESERVED
-CVE-2022-24102
- RESERVED
-CVE-2022-24101
- RESERVED
+CVE-2022-24104 (Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (a ...)
+ TODO: check
+CVE-2022-24103 (Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (a ...)
+ TODO: check
+CVE-2022-24102 (Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (a ...)
+ TODO: check
+CVE-2022-24101 (Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (a ...)
+ TODO: check
CVE-2022-24100
RESERVED
CVE-2022-24099 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) ...)
@@ -20176,8 +20204,8 @@ CVE-2022-23745
RESERVED
CVE-2022-23744
RESERVED
-CVE-2022-23743
- RESERVED
+CVE-2022-23743 (Check Point ZoneAlarm before version 15.8.200.19118 allows a local act ...)
+ TODO: check
CVE-2022-23742
RESERVED
CVE-2022-23741
@@ -22157,7 +22185,7 @@ CVE-2022-23163 (Dell PowerScale OneFS, 8.2,x, 9.1.0.x, 9.2.1.x, and 9.3.0.x cont
NOT-FOR-US: Dell PowerScale OneFS
CVE-2022-23162
RESERVED
-CVE-2022-23161 (Dell PowerScale OneFS versions 8.2.x - 9.3.0.x contains a denial-of-se ...)
+CVE-2022-23161 (Dell PowerScale OneFS versions 8.2.x - 9.3.0.x contain a denial-of-ser ...)
NOT-FOR-US: Dell PowerScale OneFS
CVE-2022-23160 (Dell PowerScale OneFS, versions 8.2.0-9.3.0, contains an Improper Hand ...)
NOT-FOR-US: Dell PowerScale OneFS
@@ -22205,8 +22233,8 @@ CVE-2022-23139
RESERVED
CVE-2022-23138
RESERVED
-CVE-2022-23137
- RESERVED
+CVE-2022-23137 (ZTE's ZXCDN product has a reflective XSS vulnerability. The attacker c ...)
+ TODO: check
CVE-2022-23136 (There is a stored XSS vulnerability in ZTE home gateway product. An at ...)
NOT-FOR-US: ZTE
CVE-2022-23135 (There is a directory traversal vulnerability in some home gateway prod ...)
@@ -22676,8 +22704,8 @@ CVE-2022-22977
RESERVED
CVE-2022-22976
RESERVED
-CVE-2022-22975
- RESERVED
+CVE-2022-22975 (An issue was discovered in the Pinniped Supervisor with either LADPIde ...)
+ TODO: check
CVE-2022-22974
RESERVED
CVE-2022-22973
@@ -24968,8 +24996,8 @@ CVE-2022-22322 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-si
NOT-FOR-US: IBM
CVE-2022-22321 (IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with ...)
NOT-FOR-US: IBM
-CVE-2022-22320
- RESERVED
+CVE-2022-22320 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. Thi ...)
+ TODO: check
CVE-2022-22319 (IBM Robotic Process Automation 21.0.1 could allow a register user on t ...)
NOT-FOR-US: IBM
CVE-2022-22318
@@ -25870,14 +25898,14 @@ CVE-2022-0029
RESERVED
CVE-2022-0028
RESERVED
-CVE-2022-0027
- RESERVED
-CVE-2022-0026
- RESERVED
-CVE-2022-0025
- RESERVED
-CVE-2022-0024
- RESERVED
+CVE-2022-0027 (An improper authorization vulnerability in Palo Alto Network Cortex XS ...)
+ TODO: check
+CVE-2022-0026 (A local privilege escalation (PE) vulnerability exists in Palo Alto Ne ...)
+ TODO: check
+CVE-2022-0025 (A local privilege escalation (PE) vulnerability exists in Palo Alto Ne ...)
+ TODO: check
+CVE-2022-0024 (A vulnerability exists in Palo Alto Networks PAN-OS software that enab ...)
+ TODO: check
CVE-2022-0023 (An improper handling of exceptional conditions vulnerability exists in ...)
NOT-FOR-US: Palo Alto Networks
CVE-2022-0022 (Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS s ...)
@@ -31896,8 +31924,8 @@ CVE-2021-44169 (A improper initialization in Fortinet FortiClient (Windows) vers
NOT-FOR-US: Fortinet FortiClient
CVE-2021-44168 (A download of code without integrity check vulnerability in the "execu ...)
NOT-FOR-US: FortiGuard
-CVE-2021-44167
- RESERVED
+CVE-2021-44167 (An incorrect permission assignment for critical resource vulnerability ...)
+ TODO: check
CVE-2021-44166 (An improper access control vulnerability [CWE-284 ] in FortiToken Mobi ...)
NOT-FOR-US: FortiGuard
CVE-2021-44165 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...)
@@ -37124,8 +37152,8 @@ CVE-2020-36505 (The Delete All Comments Easily WordPress plugin through 1.3 is l
NOT-FOR-US: WordPress plugin
CVE-2020-36504 (The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-43081
- RESERVED
+CVE-2021-43081 (An improper neutralization of input during web page generation vulnera ...)
+ TODO: check
CVE-2021-43080
RESERVED
CVE-2021-43079
@@ -37154,8 +37182,8 @@ CVE-2021-43068 (A improper authentication in Fortinet FortiAuthenticator version
NOT-FOR-US: FortiGuard
CVE-2021-43067 (A exposure of sensitive information to an unauthorized actor in Fortin ...)
NOT-FOR-US: FortiGuard
-CVE-2021-43066
- RESERVED
+CVE-2021-43066 (A external control of file name or path in Fortinet FortiClientWindows ...)
+ TODO: check
CVE-2021-43065 (A incorrect permission assignment for critical resource in Fortinet Fo ...)
NOT-FOR-US: FortiGuard
CVE-2021-43064 (A url redirection to untrusted site ('open redirect') in Fortinet Fort ...)
@@ -38220,18 +38248,18 @@ CVE-2021-42653
RESERVED
CVE-2021-42652
RESERVED
-CVE-2021-42651
- RESERVED
+CVE-2021-42651 (A Server Side Template Injection (SSTI) vulnerability in Pentest-Colla ...)
+ TODO: check
CVE-2021-42650 (Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9 ...)
NOT-FOR-US: Portainer
CVE-2021-42649
RESERVED
-CVE-2021-42648
- RESERVED
+CVE-2021-42648 (Cross-site scripting (XSS) vulnerability exists in Coder Code-Server b ...)
+ TODO: check
CVE-2021-42647
RESERVED
-CVE-2021-42646
- RESERVED
+CVE-2021-42646 (XML External Entity (XXE) vulnerability in the file based service prov ...)
+ TODO: check
CVE-2021-42645 (CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnera ...)
NOT-FOR-US: CMSimple
CVE-2021-42644
@@ -48482,8 +48510,8 @@ CVE-2021-39061
RESERVED
CVE-2021-39060
RESERVED
-CVE-2021-39059
- RESERVED
+CVE-2021-39059 (IBM Jazz Foundation (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, ...)
+ TODO: check
CVE-2021-39058 (IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than ...)
NOT-FOR-US: IBM
CVE-2021-39057 (IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to s ...)
@@ -48662,8 +48690,8 @@ CVE-2021-38971 (IBM Data Virtualization on Cloud Pak for Data 1.3.0, 1.4.1, 1.5.
NOT-FOR-US: IBM
CVE-2021-38970
RESERVED
-CVE-2021-38969
- RESERVED
+CVE-2021-38969 (IBM Spectrum Virtualize 8.2, 8.3, and 8.4 could allow an attacker to a ...)
+ TODO: check
CVE-2021-38968
RESERVED
CVE-2021-38967 (IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged use ...)
@@ -51631,8 +51659,8 @@ CVE-2021-37853
REJECTED
CVE-2021-37852 (ESET products for Windows allows untrusted process to impersonate the ...)
NOT-FOR-US: ESET
-CVE-2021-37851
- RESERVED
+CVE-2021-37851 (Local privilege escalation in Windows products of ESET allows user who ...)
+ TODO: check
CVE-2021-37850 (ESET was made aware of a vulnerability in its consumer and business pr ...)
NOT-FOR-US: ESET
CVE-2021-37849
@@ -54616,10 +54644,10 @@ CVE-2021-36616
RESERVED
CVE-2021-36615
RESERVED
-CVE-2021-36614
- RESERVED
-CVE-2021-36613
- RESERVED
+CVE-2021-36614 (Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruptio ...)
+ TODO: check
+CVE-2021-36613 (Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruptio ...)
+ TODO: check
CVE-2021-36612
RESERVED
CVE-2021-36611
@@ -55352,7 +55380,7 @@ CVE-2021-36280 (Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an inco
NOT-FOR-US: EMC
CVE-2021-36279 (Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect ...)
NOT-FOR-US: EMC
-CVE-2021-36278 (Dell EMC PowerScale OneFS versions 8.2.x and 9.1.0.x contain an insert ...)
+CVE-2021-36278 (Dell EMC PowerScale OneFS versions 8.2.x, 9.1.0.x, and 9.1.1.1 contain ...)
NOT-FOR-US: EMC
CVE-2021-36277 (Dell Command Update, Dell Update, and Alienware Update versions prior ...)
NOT-FOR-US: Dell
@@ -58352,8 +58380,7 @@ CVE-2018-25016 (Greenbone Security Assistant (GSA) before 7.0.3 and Greenbone OS
NOT-FOR-US: Greenbone Security Assistant
CVE-2021-35054 (Minecraft before 1.17.1, when online-mode=false is configured, allows ...)
NOT-FOR-US: Minecraft
-CVE-2021-3611 [QEMU: intel-hda: segmentation fault due to stack overflow]
- RESERVED
+CVE-2021-3611 (A stack overflow vulnerability was found in the Intel HD Audio device ...)
- qemu 1:7.0+dfsg-1 (bug #990562)
[bullseye] - qemu <no-dsa> (Minor issue)
[buster] - qemu <not-affected> (Vulnerable code introduced later)
@@ -59377,10 +59404,10 @@ CVE-2021-34608
RESERVED
CVE-2021-34607
RESERVED
-CVE-2021-34606
- RESERVED
-CVE-2021-34605
- RESERVED
+CVE-2021-34606 (A vulnerability exists in XINJE XD/E Series PLC Program Tool in versio ...)
+ TODO: check
+CVE-2021-34605 (A zip slip vulnerability in XINJE XD/E Series PLC Program Tool up to v ...)
+ TODO: check
CVE-2021-34604
RESERVED
CVE-2021-34603
@@ -60583,8 +60610,8 @@ CVE-2021-34087 (In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3
NOT-FOR-US: Ultimaker
CVE-2021-34086 (In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D pr ...)
NOT-FOR-US: Ultimaker
-CVE-2021-34085
- RESERVED
+CVE-2021-34085 (Read access violation in the III_dequantize_sample function in mpglibD ...)
+ TODO: check
CVE-2021-34084
RESERVED
CVE-2021-34083
@@ -62493,12 +62520,12 @@ CVE-2021-33319
RESERVED
CVE-2021-33318
RESERVED
-CVE-2021-33317
- RESERVED
-CVE-2021-33316
- RESERVED
-CVE-2021-33315
- RESERVED
+CVE-2021-33317 (The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suf ...)
+ TODO: check
+CVE-2021-33316 (The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suf ...)
+ TODO: check
+CVE-2021-33315 (The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suf ...)
+ TODO: check
CVE-2021-33314
RESERVED
CVE-2021-33313
@@ -67850,8 +67877,8 @@ CVE-2021-31332
RESERVED
CVE-2021-31331
RESERVED
-CVE-2021-31330
- RESERVED
+CVE-2021-31330 (A Cross-Site Scripting (XSS) vulnerability exists within Review Board ...)
+ TODO: check
CVE-2021-31329 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Chat" and "P ...)
NOT-FOR-US: Remote Clinic
CVE-2021-31328
@@ -70546,8 +70573,8 @@ CVE-2021-30363
RESERVED
CVE-2021-30362
RESERVED
-CVE-2021-30361
- RESERVED
+CVE-2021-30361 (The Check Point Gaia Portal's GUI Clients allowed authenticated admini ...)
+ TODO: check
CVE-2021-30360 (Users have access to the directory where the installation repair occur ...)
NOT-FOR-US: Check Point
CVE-2021-30359 (The Harmony Browse and the SandBlast Agent for Browsers installers mus ...)
@@ -75779,8 +75806,8 @@ CVE-2021-28292
RESERVED
CVE-2021-28291
RESERVED
-CVE-2021-28290
- RESERVED
+CVE-2021-28290 (A cross-site scripting (XSS) vulnerability in Skoruba IdentityServer4. ...)
+ TODO: check
CVE-2021-28289
RESERVED
CVE-2021-28288
@@ -80413,8 +80440,8 @@ CVE-2021-26401 (LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2
NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1036
NOTE: https://xenbits.xen.org/xsa/advisory-398.html
TODO: check if we need to track mitigations in src:linux
-CVE-2021-26400
- RESERVED
+CVE-2021-26400 (AMD processors may speculatively re-order load instructions which can ...)
+ TODO: check
CVE-2021-26399
RESERVED
CVE-2021-26398
@@ -80437,8 +80464,8 @@ CVE-2021-26390 (A malicious or compromised UApp or ABL may coerce the bootloader
TODO: check
CVE-2021-26389
RESERVED
-CVE-2021-26388
- RESERVED
+CVE-2021-26388 (Improper validation of the BIOS directory may allow for searches to re ...)
+ TODO: check
CVE-2021-26387
RESERVED
CVE-2021-26386
@@ -80457,20 +80484,20 @@ CVE-2021-26380
RESERVED
CVE-2021-26379
RESERVED
-CVE-2021-26378
- RESERVED
+CVE-2021-26378 (Insufficient bound checks in the System Management Unit (SMU) may resu ...)
+ TODO: check
CVE-2021-26377
RESERVED
-CVE-2021-26376
- RESERVED
-CVE-2021-26375
- RESERVED
+CVE-2021-26376 (Insufficient checks in System Management Unit (SMU) FeatureConfig may ...)
+ TODO: check
+CVE-2021-26375 (Insufficient General Purpose IO (GPIO) bounds check in System Manageme ...)
+ TODO: check
CVE-2021-26374
RESERVED
-CVE-2021-26373
- RESERVED
-CVE-2021-26372
- RESERVED
+CVE-2021-26373 (Insufficient bound checks in the System Management Unit (SMU) may resu ...)
+ TODO: check
+CVE-2021-26372 (Insufficient bound checks related to PCIE in the System Management Uni ...)
+ TODO: check
CVE-2021-26371
RESERVED
CVE-2021-26370 (Improper validation of destination address in SVC_LOAD_FW_IMAGE_BY_INS ...)
@@ -80485,8 +80512,8 @@ CVE-2021-26366
RESERVED
CVE-2021-26365
RESERVED
-CVE-2021-26364
- RESERVED
+CVE-2021-26364 (Insufficient bounds checking in an SMU mailbox register could allow an ...)
+ TODO: check
CVE-2021-26363
RESERVED
CVE-2021-26362
@@ -80513,14 +80540,14 @@ CVE-2021-26352 (Insufficient bound checks in System Management Unit (SMU) PCIe H
TODO: check
CVE-2021-26351
RESERVED
-CVE-2021-26350
- RESERVED
-CVE-2021-26349
- RESERVED
-CVE-2021-26348
- RESERVED
-CVE-2021-26347
- RESERVED
+CVE-2021-26350 (A TOCTOU race condition in SMU may allow for the caller to obtain and ...)
+ TODO: check
+CVE-2021-26349 (Failure to assign a new report ID to an imported guest may potentially ...)
+ TODO: check
+CVE-2021-26348 (Failure to flush the Translation Lookaside Buffer (TLB) of the I/O mem ...)
+ TODO: check
+CVE-2021-26347 (TOCTOU (time-of-check to time-of-use) issue in the System Management U ...)
+ TODO: check
CVE-2021-26346
RESERVED
CVE-2021-26345
@@ -80529,8 +80556,8 @@ CVE-2021-26344
RESERVED
CVE-2021-26343
RESERVED
-CVE-2021-26342
- RESERVED
+CVE-2021-26342 (In SEV guest VMs, the CPU may fail to flush the Translation Lookaside ...)
+ TODO: check
CVE-2021-26341 (Some AMD CPUs may transiently execute beyond unconditional direct bran ...)
NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1026
NOTE: https://grsecurity.net/amd_branch_mispredictor_part_2_where_no_cpu_has_gone_before
@@ -80538,8 +80565,8 @@ CVE-2021-26341 (Some AMD CPUs may transiently execute beyond unconditional direc
TODO: check if we need to track mitigations in src:linux
CVE-2021-26340 (A malicious hypervisor in conjunction with an unprivileged attacker pr ...)
NOT-FOR-US: AMD
-CVE-2021-26339
- RESERVED
+CVE-2021-26339 (A bug in AMD CPU’s core logic may allow for an attacker, using s ...)
+ TODO: check
CVE-2021-26338 (Improper access controls in System Management Unit (SMU) may allow for ...)
NOT-FOR-US: AMD
CVE-2021-26337 (Insufficient DRAM address validation in System Management Unit (SMU) m ...)
@@ -80599,7 +80626,7 @@ CVE-2021-26313 (Potential speculative code store bypass in all supported CPU pro
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-375.html
NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003
-CVE-2021-26312 (PSP protection against improperly configured side channels may lead to ...)
+CVE-2021-26312 (Failure to flush the Translation Lookaside Buffer (TLB) of the I/O mem ...)
NOT-FOR-US: AMD
CVE-2021-26311 (In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest a ...)
NOT-FOR-US: AMD
@@ -81868,8 +81895,8 @@ CVE-2021-3256 (KuaiFanCMS V5.x contains an arbitrary file read vulnerability in
NOT-FOR-US: KuaiFanCMS
CVE-2021-3255
RESERVED
-CVE-2021-3254
- RESERVED
+CVE-2021-3254 (Asus DSL-N14U-B1 1.1.2.3_805 allows remote attackers to cause a Denial ...)
+ TODO: check
CVE-2021-3253
RESERVED
CVE-2021-3252 (KACO New Energy XP100U Up to XP-JAVA 2.0 is affected by incorrect acce ...)
@@ -128276,8 +128303,8 @@ CVE-2020-19230
RESERVED
CVE-2020-19229 (Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016 ...)
NOT-FOR-US: Jeesite
-CVE-2020-19228
- RESERVED
+CVE-2020-19228 (An issue was found in bludit v3.13.0, unsafe implementation of the bac ...)
+ TODO: check
CVE-2020-19227
RESERVED
CVE-2020-19226
@@ -143636,7 +143663,7 @@ CVE-2020-12946 (Insufficient input validation in PSP firmware for discrete TPM c
NOT-FOR-US: AMD
CVE-2020-12945
REJECTED
-CVE-2020-12944 (Insufficient validation of BIOS image length by PSP Firmware could lea ...)
+CVE-2020-12944 (Insufficient validation of BIOS image length by ASP Firmware could lea ...)
NOT-FOR-US: AMD
CVE-2020-12943
REJECTED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebdc20750f199f054cee50aece792df08a76b371
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebdc20750f199f054cee50aece792df08a76b371
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220511/49213464/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list