[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 24 21:10:27 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ea1dc882 by security tracker role at 2022-05-24T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,125 @@
+CVE-2022-31618
+ RESERVED
+CVE-2022-31617
+ RESERVED
+CVE-2022-31616
+ RESERVED
+CVE-2022-31615
+ RESERVED
+CVE-2022-31614
+ RESERVED
+CVE-2022-31613
+ RESERVED
+CVE-2022-31612
+ RESERVED
+CVE-2022-31611
+ RESERVED
+CVE-2022-31610
+ RESERVED
+CVE-2022-31609
+ RESERVED
+CVE-2022-31608
+ RESERVED
+CVE-2022-31607
+ RESERVED
+CVE-2022-31606
+ RESERVED
+CVE-2022-31605
+ RESERVED
+CVE-2022-31604
+ RESERVED
+CVE-2022-31603
+ RESERVED
+CVE-2022-31602
+ RESERVED
+CVE-2022-31601
+ RESERVED
+CVE-2022-31600
+ RESERVED
+CVE-2022-31599
+ RESERVED
+CVE-2022-1876
+ RESERVED
+CVE-2022-1875
+ RESERVED
+CVE-2022-1874
+ RESERVED
+CVE-2022-1873
+ RESERVED
+CVE-2022-1872
+ RESERVED
+CVE-2022-1871
+ RESERVED
+CVE-2022-1870
+ RESERVED
+CVE-2022-1869
+ RESERVED
+CVE-2022-1868
+ RESERVED
+CVE-2022-1867
+ RESERVED
+CVE-2022-1866
+ RESERVED
+CVE-2022-1865
+ RESERVED
+CVE-2022-1864
+ RESERVED
+CVE-2022-1863
+ RESERVED
+CVE-2022-1862
+ RESERVED
+CVE-2022-1861
+ RESERVED
+CVE-2022-1860
+ RESERVED
+CVE-2022-1859
+ RESERVED
+CVE-2022-1858
+ RESERVED
+CVE-2022-1857
+ RESERVED
+CVE-2022-1856
+ RESERVED
+CVE-2022-1855
+ RESERVED
+CVE-2022-1854
+ RESERVED
+CVE-2022-1853
+ RESERVED
+CVE-2022-1852
+ RESERVED
+CVE-2022-1851
+ RESERVED
+CVE-2022-1850 (Path Traversal in GitHub repository filegator/filegator prior to 7.8.0 ...)
+ TODO: check
+CVE-2022-1849 (Session Fixation in GitHub repository filegator/filegator prior to 7.8 ...)
+ TODO: check
+CVE-2022-1848 (Business Logic Errors in GitHub repository erudika/para prior to 1.45. ...)
+ TODO: check
+CVE-2022-1847
+ RESERVED
+CVE-2022-1846
+ RESERVED
+CVE-2022-1845
+ RESERVED
+CVE-2022-1844
+ RESERVED
+CVE-2022-1843
+ RESERVED
+CVE-2022-1842
+ RESERVED
+CVE-2021-4230 (A vulnerability has been found in Airfield Online and classified as pr ...)
+ TODO: check
+CVE-2021-4229 (A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has b ...)
+ TODO: check
+CVE-2014-125001 (A vulnerability classified as critical has been found in Cardo Systems ...)
+ TODO: check
+CVE-2013-10004 (A vulnerability classified as critical was found in Telecommunication ...)
+ TODO: check
+CVE-2013-10003 (A vulnerability classified as critical has been found in Telecommunica ...)
+ TODO: check
+CVE-2013-10002 (A vulnerability was found in Telecommunication Software SAMwin Contact ...)
+ TODO: check
CVE-2022-31598
RESERVED
CVE-2022-31597
@@ -740,8 +862,8 @@ CVE-2022-31263 (app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e
TODO: check
CVE-2022-31262
RESERVED
-CVE-2022-31261
- RESERVED
+CVE-2022-31261 (An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x throu ...)
+ TODO: check
CVE-2022-1809 (Access of Uninitialized Pointer in GitHub repository radareorg/radare2 ...)
- radare2 <unfixed>
NOTE: https://huntr.dev/bounties/0730a95e-c485-4ff2-9a5d-bb3abfda0b17
@@ -1930,20 +2052,20 @@ CVE-2022-30845
RESERVED
CVE-2022-30844
RESERVED
-CVE-2022-30843
- RESERVED
-CVE-2022-30842
- RESERVED
+CVE-2022-30843 (Room-rent-portal-site v1.0 is vulnerable to SQL Injection via /rrps/cl ...)
+ TODO: check
+CVE-2022-30842 (Covid-19 Travel Pass Management System v1.0 is vulnerable to Cross Sit ...)
+ TODO: check
CVE-2022-30841
RESERVED
CVE-2022-30840
RESERVED
-CVE-2022-30839
- RESERVED
-CVE-2022-30838
- RESERVED
-CVE-2022-30837
- RESERVED
+CVE-2022-30839 (Room-rent-portal-site v1.0 is vulnerable to Cross Site Scripting (XSS) ...)
+ TODO: check
+CVE-2022-30838 (Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injec ...)
+ TODO: check
+CVE-2022-30837 (Toll-tax-management-system v1.0 is vulnerable to Cross Site Scripting ...)
+ TODO: check
CVE-2022-30836
RESERVED
CVE-2022-30835
@@ -2605,8 +2727,8 @@ CVE-2022-25976
RESERVED
CVE-2022-1670 (When generating a user invitation code in Octopus Server, the validity ...)
NOT-FOR-US: Octopus Server
-CVE-2022-1669
- RESERVED
+CVE-2022-1669 (A buffer overflow vulnerability has been detected in the firewall func ...)
+ TODO: check
CVE-2022-1668
RESERVED
CVE-2022-1667
@@ -2885,28 +3007,28 @@ CVE-2022-30466
RESERVED
CVE-2022-30465
RESERVED
-CVE-2022-30464
- RESERVED
-CVE-2022-30463
- RESERVED
-CVE-2022-30462
- RESERVED
-CVE-2022-30461
- RESERVED
-CVE-2022-30460
- RESERVED
-CVE-2022-30459
- RESERVED
-CVE-2022-30458
- RESERVED
+CVE-2022-30464 (ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to Cross Sit ...)
+ TODO: check
+CVE-2022-30463 (Automotive Shop Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2022-30462 (Water-billing-management-system v1.0 is affected by: Cross Site Script ...)
+ TODO: check
+CVE-2022-30461 (Water-billing-management-system v1.0 is vulnerable to SQL Injection vi ...)
+ TODO: check
+CVE-2022-30460 (Simple Social Networking Site v1.0 is vulnerable to Cross Site Scripti ...)
+ TODO: check
+CVE-2022-30459 (ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to SQL Injec ...)
+ TODO: check
+CVE-2022-30458 (Automotive Shop Management System v1.0 is vulnerable to Cross Site Scr ...)
+ TODO: check
CVE-2022-30457
- RESERVED
-CVE-2022-30456
- RESERVED
-CVE-2022-30455
- RESERVED
-CVE-2022-30454
- RESERVED
+ REJECTED
+CVE-2022-30456 (Badminton Center Management System 1.0 is vulnerable to Cross Site Scr ...)
+ TODO: check
+CVE-2022-30455 (Badminton Center Management System 1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2022-30454 (Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vlogg ...)
+ TODO: check
CVE-2022-30453 (ShopWind <= 3.4.2 has a RCE vulnerability in Database.php ...)
NOT-FOR-US: ShopWind
CVE-2022-30452 (ShopWind <= v3.4.2 has a Sql injection vulnerability in Database.ph ...)
@@ -5469,8 +5591,8 @@ CVE-2022-29569
RESERVED
CVE-2022-29568
RESERVED
-CVE-2022-29567
- RESERVED
+CVE-2022-29567 (The default configuration of a TreeGrid component uses Object::toStrin ...)
+ TODO: check
CVE-2022-29566 (The Bulletproofs 2017/1066 paper mishandles Fiat-Shamir generation bec ...)
NOT-FOR-US: Bulletproofs
CVE-2022-1427 (Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby ...)
@@ -6372,22 +6494,22 @@ CVE-2022-29251
RESERVED
CVE-2022-29250
RESERVED
-CVE-2022-29249
- RESERVED
+CVE-2022-29249 (JavaEZ is a library that adds new functions to make Java easier. A wea ...)
+ TODO: check
CVE-2022-29248
RESERVED
CVE-2022-29247
RESERVED
-CVE-2022-29246
- RESERVED
+CVE-2022-29246 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded st ...)
+ TODO: check
CVE-2022-29245
RESERVED
CVE-2022-29244
RESERVED
CVE-2022-29243
RESERVED
-CVE-2022-29242
- RESERVED
+CVE-2022-29242 (GOST engine is a reference implementation of the Russian GOST crypto a ...)
+ TODO: check
CVE-2022-29241
RESERVED
CVE-2022-29240
@@ -6396,8 +6518,8 @@ CVE-2022-29239
RESERVED
CVE-2022-29238
RESERVED
-CVE-2022-29237
- RESERVED
+CVE-2022-29237 (Opencast is a free and open source solution for automated video captur ...)
+ TODO: check
CVE-2022-29236
RESERVED
CVE-2022-29235
@@ -6424,23 +6546,23 @@ CVE-2022-29225
RESERVED
CVE-2022-29224
RESERVED
-CVE-2022-29223
- RESERVED
+CVE-2022-29223 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded st ...)
+ TODO: check
CVE-2022-29222 (Pion DTLS is a Go implementation of Datagram Transport Layer Security. ...)
- snowflake <unfixed> (bug #1011458)
NOTE: https://github.com/pion/dtls/security/advisories/GHSA-w45j-f832-hxvh
NOTE: https://github.com/pion/dtls/commit/d2f797183a9f044ce976e6df6f362662ca722412 (v2.1.5)
NOTE: https://github.com/pion/dtls/releases/tag/v2.1.5
-CVE-2022-29221
- RESERVED
+CVE-2022-29221 (Smarty is a template engine for PHP, facilitating the separation of pr ...)
+ TODO: check
CVE-2022-29220
RESERVED
-CVE-2022-29219
- RESERVED
+CVE-2022-29219 (Lodestar is a TypeScript implementation of the Ethereum Consensus spec ...)
+ TODO: check
CVE-2022-29218 (RubyGems is a package registry used to supply software for the Ruby la ...)
NOT-FOR-US: rubygems/rubygems.org
-CVE-2022-29217
- RESERVED
+CVE-2022-29217 (PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple ...)
+ TODO: check
CVE-2022-29216 (TensorFlow is an open source platform for machine learning. Prior to v ...)
- tensorflow <itp> (bug #804612)
CVE-2022-29215 (RegionProtect is a plugin that allows users to manage certain events i ...)
@@ -9959,7 +10081,7 @@ CVE-2022-28046
CVE-2022-28045
RESERVED
CVE-2022-28044 (Irzip v0.640 was discovered to contain a heap memory corruption via th ...)
- {DLA-3005-1}
+ {DSA-5145-1 DLA-3005-1}
- lrzip 0.650-1
NOTE: https://github.com/ckolivas/lrzip/issues/216
NOTE: Fixed by: https://github.com/ckolivas/lrzip/commit/5faf80cd53ecfd16b636d653483144cd12004f46 (v0.650)
@@ -14803,7 +14925,7 @@ CVE-2022-26293 (Online Project Time Management System v1.0 was discovered to con
CVE-2022-26292
RESERVED
CVE-2022-26291 (lrzip v0.641 was discovered to contain a multiple concurrency use-afte ...)
- {DLA-2981-1}
+ {DSA-5145-1 DLA-2981-1}
- lrzip 0.650-1
NOTE: https://github.com/ckolivas/lrzip/issues/206
NOTE: https://github.com/ckolivas/lrzip/commit/4b3942103b57c639c8e0f31d6d5fd7bac53bbdf4 (v0.650)
@@ -18988,6 +19110,7 @@ CVE-2022-24792 (PJSIP is a free and open source multimedia communication library
CVE-2022-24791 (Wasmtime is a standalone JIT-style runtime for WebAssembly, using Cran ...)
NOT-FOR-US: wasmtime
CVE-2022-24790 (Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for R ...)
+ {DSA-5146-1}
- puma <unfixed> (bug #1008723)
NOTE: https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9
NOTE: https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5 (5-6-stable)
@@ -23250,6 +23373,7 @@ CVE-2022-23636 (Wasmtime is an open source runtime for WebAssembly & WASI. P
CVE-2022-23635 (Istio is an open platform to connect, manage, and secure microservices ...)
NOT-FOR-US: Istio
CVE-2022-23634 (Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` ...)
+ {DSA-5146-1}
- puma <unfixed> (bug #1005391)
NOTE: https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h
NOTE: https://github.com/puma/puma/commit/b70f451fe8abc0cff192c065d549778452e155bb
@@ -25321,8 +25445,8 @@ CVE-2022-23052 (PeteReport Version 0.5 contains a Cross Site Request Forgery (CS
NOT-FOR-US: PeteReport
CVE-2022-23051 (PeteReport Version 0.5 allows an authenticated admin user to inject pe ...)
NOT-FOR-US: PeteReport
-CVE-2022-23050
- RESERVED
+CVE-2022-23050 (ManageEngine AppManager15 (Build No:15510) allows an authenticated adm ...)
+ TODO: check
CVE-2022-23049 (Exponent CMS 2.6.0patch2 allows an authenticated user to inject persis ...)
NOT-FOR-US: Exponent CMS
CVE-2022-23048 (Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload ...)
@@ -25515,8 +25639,8 @@ CVE-2022-22979
RESERVED
CVE-2022-22978 (In Spring Security versions 5.5.6 and 5.5.7 and older unsupported vers ...)
TODO: check
-CVE-2022-22977
- RESERVED
+CVE-2022-22977 (VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML Ex ...)
+ TODO: check
CVE-2022-22976 (Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, a ...)
TODO: check
CVE-2022-22975 (An issue was discovered in the Pinniped Supervisor with either LADPIde ...)
@@ -27473,8 +27597,8 @@ CVE-2022-22497
RESERVED
CVE-2022-22496
RESERVED
-CVE-2022-22495
- RESERVED
+CVE-2022-22495 (IBM i 7.3, 7.4, and 7.5 is vulnerable to SQL injection. A remote attac ...)
+ TODO: check
CVE-2022-22494
RESERVED
CVE-2022-22493
@@ -27513,7 +27637,7 @@ CVE-2022-22477
RESERVED
CVE-2022-22476
RESERVED
-CVE-2022-22475 (IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.5 and ...)
+CVE-2022-22475 (IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 thr ...)
NOT-FOR-US: IBM
CVE-2022-22474
RESERVED
@@ -27845,8 +27969,8 @@ CVE-2022-22311 (IBM Security Verify Access could allow a user, using man in the
NOT-FOR-US: IBM
CVE-2022-22310 (IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 c ...)
NOT-FOR-US: IBM
-CVE-2022-22309
- RESERVED
+CVE-2022-22309 (The POWER systems FSP is vulnerable to unauthenticated logins through ...)
+ TODO: check
CVE-2022-22308 (IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI ...)
NOT-FOR-US: IBM
CVE-2022-22307
@@ -27855,8 +27979,8 @@ CVE-2022-0087 (keystone is vulnerable to Improper Neutralization of Input During
NOT-FOR-US: KeystoneJS
CVE-2021-46130
RESERVED
-CVE-2022-22306
- RESERVED
+CVE-2022-22306 (An improper certificate validation vulnerability [CWE-295] in FortiOS ...)
+ TODO: check
CVE-2022-22305
RESERVED
CVE-2022-22304
@@ -28777,10 +28901,10 @@ CVE-2021-45917 (The server-request receiver function of Shockwall system has an
NOT-FOR-US: Shockwall system
CVE-2021-45916 (The programming function of Shockwall system has an improper input val ...)
NOT-FOR-US: Shockwall system
-CVE-2021-45915
- RESERVED
-CVE-2021-45914
- RESERVED
+CVE-2021-45915 (In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attack ...)
+ TODO: check
+CVE-2021-45914 (In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attack ...)
+ TODO: check
CVE-2021-4188 (mruby is vulnerable to NULL Pointer Dereference ...)
- mruby <not-affected> (Vulnerable code introduced later)
NOTE: https://huntr.dev/bounties/78533fb9-f3e0-47c2-86dc-d1f96d5bea28
@@ -32190,8 +32314,8 @@ CVE-2021-44977 (In iCMS <=8.0.0, a directory traversal vulnerability allows a
NOT-FOR-US: iCMS
CVE-2021-44976
RESERVED
-CVE-2021-44975
- RESERVED
+CVE-2021-44975 (radareorg radare2 5.5.2 is vulnerable to Buffer Overflow via /libr/cor ...)
+ TODO: check
CVE-2021-44974
RESERVED
CVE-2021-44973
@@ -41120,18 +41244,18 @@ CVE-2021-42661
RESERVED
CVE-2021-42660
RESERVED
-CVE-2021-42659
- RESERVED
+CVE-2021-42659 (There is a buffer overflow vulnerability in the Web server httpd of th ...)
+ TODO: check
CVE-2021-42658
RESERVED
CVE-2021-42657
RESERVED
-CVE-2021-42656
- RESERVED
-CVE-2021-42655
- RESERVED
-CVE-2021-42654
- RESERVED
+CVE-2021-42656 (SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vu ...)
+ TODO: check
+CVE-2021-42655 (SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability. ...)
+ TODO: check
+CVE-2021-42654 (SiteServer CMS < V5.1 is affected by an unrestricted upload of a fi ...)
+ TODO: check
CVE-2021-42653
RESERVED
CVE-2021-42652
@@ -41210,12 +41334,12 @@ CVE-2021-42616
RESERVED
CVE-2021-42615
RESERVED
-CVE-2021-42614
- RESERVED
-CVE-2021-42613
- RESERVED
-CVE-2021-42612
- RESERVED
+CVE-2021-42614 (A use after free in info_width_internal in bk_info.c in Halibut 1.2 al ...)
+ TODO: check
+CVE-2021-42613 (A double free in cleanup_index in index.c in Halibut 1.2 allows an att ...)
+ TODO: check
+CVE-2021-42612 (A use after free in cleanup_index in index.c in Halibut 1.2 allows an ...)
+ TODO: check
CVE-2021-42611
RESERVED
CVE-2021-42610
@@ -43362,8 +43486,8 @@ CVE-2021-42250 (Improper output neutralization for Logs. A specific Apache Super
NOT-FOR-US: Apache Superset
CVE-2021-42249
RESERVED
-CVE-2021-42248
- RESERVED
+CVE-2021-42248 (GJSON <= 1.9.2 allows attackers to cause a redos via crafted JSON i ...)
+ TODO: check
CVE-2021-42247
RESERVED
CVE-2021-42246
@@ -46159,6 +46283,7 @@ CVE-2021-41138 (Frontier is Substrate's Ethereum compatibility layer. In the new
CVE-2021-41137 (Minio is a Kubernetes native application for cloud storage. All users ...)
NOT-FOR-US: Minio
CVE-2021-41136 (Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to version ...)
+ {DSA-5146-1}
- puma 5.5.2-1
[stretch] - puma <no-dsa> (Minor issue)
NOTE: https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx
@@ -50797,8 +50922,7 @@ CVE-2021-39275 (ap_escape_quotes() may write beyond the end of a buffer when giv
NOTE: https://github.com/apache/httpd/commit/8f09caf9945f3c80563bc4a776b04fbba239ca71 (trunk)
NOTE: https://github.com/apache/httpd/commit/c69d4cc90c0e27703030b3ff09f91bf4dcbcfd51 (2.4.x)
NOTE: https://github.com/apache/httpd/commit/ac62c7e7436560cf4f7725ee586364ce95c07804 (2.4.x)
-CVE-2021-3717
- RESERVED
+CVE-2021-3717 (A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge l ...)
- wildfly <itp> (bug #752018)
CVE-2021-39274 (In XeroSecurity Sn1per 9.0 (free version), insecure directory permissi ...)
NOT-FOR-US: XeroSecurity Sn1per
@@ -59269,8 +59393,7 @@ CVE-2021-3630 (An out-of-bounds write vulnerability was found in DjVuLibre in DJ
- djvulibre 3.5.27.1-12
NOTE: https://sourceforge.net/p/djvu/bugs/302/
NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/7b0ef20690e08f1fe124aebbf42f6310e2f40f81/
-CVE-2021-3629
- RESERVED
+CVE-2021-3629 (A flaw was found in Undertow. A potential security issue in flow contr ...)
- undertow <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1977362
CVE-2021-3628 (OpenKM Community Edition in its 6.3.10 version is vulnerable to authen ...)
@@ -62177,8 +62300,7 @@ CVE-2021-3598 (There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionalit
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/566f5241edd87445373885d5f7a904dc81e866c1 (master)
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/e2667ae1a3ff8a9fce730e61129868b326abb3f5 (2.5)
NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/9f011ae9ce9b1ca03521ff76e7659d34ee830344 (v2.0.0)
-CVE-2021-3597
- RESERVED
+CVE-2021-3597 (A flaw was found in undertow. The HTTP2SourceChannel fails to write th ...)
- undertow <unfixed> (bug #989861)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1970930
CVE-2021-34674
@@ -66327,22 +66449,22 @@ CVE-2021-32971 (Null pointer dereference in SuiteLink server while processing co
NOT-FOR-US: Suitelink
CVE-2021-32970 (Data can be copied without validation in the built-in web server in Mo ...)
NOT-FOR-US: Moxa
-CVE-2021-32969
- RESERVED
+CVE-2021-32969 (Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to ...)
+ TODO: check
CVE-2021-32968 (Two buffer overflows in the built-in web server in Moxa NPort IAW5000A ...)
NOT-FOR-US: Moxa
CVE-2021-32967 (Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an atta ...)
NOT-FOR-US: Delta Electronics
CVE-2021-32966
RESERVED
-CVE-2021-32965
- RESERVED
-CVE-2021-32964
- RESERVED
+CVE-2021-32965 (Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to ...)
+ TODO: check
+CVE-2021-32964 (The AGG Software Web Server version 4.0.40.1014 and prior is vulnerabl ...)
+ TODO: check
CVE-2021-32963 (Null pointer dereference in SuiteLink server while processing commands ...)
NOT-FOR-US: Suitelink
-CVE-2021-32962
- RESERVED
+CVE-2021-32962 (The AGG Software Web Server version 4.0.40.1014 and prior is vulnerabl ...)
+ TODO: check
CVE-2021-32961 (A getfile function in MDT AutoSave versions prior to v6.02.06 enables ...)
NOT-FOR-US: Auvesy-MDT
CVE-2021-32960 (Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, i ...)
@@ -169135,8 +169257,8 @@ CVE-2020-4928 (IBM Cloud Pak System 2.3 could allow a local privileged attacker
NOT-FOR-US: IBM
CVE-2020-4927
RESERVED
-CVE-2020-4926
- RESERVED
+CVE-2020-4926 (A vulnerability in the Spectrum Scale 5.1 core component and IBM Elast ...)
+ TODO: check
CVE-2020-4925 (A security vulnerability in the Spectrum Scale 5.0 and 5.1 allows a no ...)
NOT-FOR-US: IBM
CVE-2020-4924
@@ -276683,7 +276805,7 @@ CVE-2018-5787 (An issue was discovered in Extreme Networks ExtremeWireless WiNG
CVE-2017-18044 (A Command Injection issue was discovered in ContentStore/Base/CVDataPi ...)
NOT-FOR-US: Commvault
CVE-2018-5786 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and app ...)
- {DLA-2981-1}
+ {DSA-5145-1 DLA-2981-1}
- lrzip 0.651-2 (bug #888506)
[jessie] - lrzip <no-dsa> (Minor issue)
[wheezy] - lrzip <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea1dc882ea08a3b8f631997f4351f412aa8fa1e1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea1dc882ea08a3b8f631997f4351f412aa8fa1e1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220524/4dd68c0f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list