[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Nov 1 08:10:44 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6a3e1470 by security tracker role at 2022-11-01T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2022-44563
+ RESERVED
+CVE-2022-44562
+ RESERVED
+CVE-2022-44561
+ RESERVED
+CVE-2022-44560
+ RESERVED
+CVE-2022-44559
+ RESERVED
+CVE-2022-44558
+ RESERVED
+CVE-2022-44557
+ RESERVED
+CVE-2022-44556
+ RESERVED
+CVE-2022-44555
+ RESERVED
+CVE-2022-44554
+ RESERVED
+CVE-2022-44553
+ RESERVED
+CVE-2022-44552
+ RESERVED
+CVE-2022-44551
+ RESERVED
+CVE-2022-44550
+ RESERVED
+CVE-2022-44549
+ RESERVED
+CVE-2022-44548
+ RESERVED
+CVE-2022-44547
+ RESERVED
+CVE-2022-44546
+ RESERVED
+CVE-2022-44545
+ RESERVED
+CVE-2022-44544
+ RESERVED
+CVE-2022-44543
+ RESERVED
+CVE-2022-44542 (lesspipe before 2.06 allows attackers to execute code via Perl Storabl ...)
+ TODO: check
+CVE-2022-44541
+ RESERVED
+CVE-2022-44540
+ RESERVED
+CVE-2022-44539
+ RESERVED
+CVE-2022-44538
+ RESERVED
+CVE-2022-44537
+ RESERVED
+CVE-2022-44536
+ RESERVED
+CVE-2022-44535
+ RESERVED
+CVE-2022-44534
+ RESERVED
+CVE-2022-44533
+ RESERVED
+CVE-2022-44532
+ RESERVED
+CVE-2022-3785 (A vulnerability, which was classified as critical, has been found in A ...)
+ TODO: check
+CVE-2022-3784 (A vulnerability classified as critical was found in Axiomatic Bento4 5 ...)
+ TODO: check
+CVE-2022-3783 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2022-3782
+ RESERVED
+CVE-2022-3781
+ RESERVED
+CVE-2021-46852
+ RESERVED
+CVE-2021-46851
+ RESERVED
CVE-2022-44531
RESERVED
CVE-2022-44530
@@ -3504,8 +3582,8 @@ CVE-2022-43754
RESERVED
CVE-2022-43753
RESERVED
-CVE-2022-43752
- RESERVED
+CVE-2022-43752 (** UNSUPPORTED WHEN ASSIGNED ** Oracle Solaris version 10 1/13, when u ...)
+ TODO: check
CVE-2022-43751
RESERVED
CVE-2022-43750 (drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 ...)
@@ -4687,12 +4765,12 @@ CVE-2022-43357
RESERVED
CVE-2022-43356
RESERVED
-CVE-2022-43355
- RESERVED
-CVE-2022-43354
- RESERVED
-CVE-2022-43353
- RESERVED
+CVE-2022-43355 (Sanitization Management System v1.0 was discovered to contain a SQL in ...)
+ TODO: check
+CVE-2022-43354 (Sanitization Management System v1.0 was discovered to contain a SQL in ...)
+ TODO: check
+CVE-2022-43353 (Sanitization Management System v1.0 was discovered to contain a SQL in ...)
+ TODO: check
CVE-2022-43352
RESERVED
CVE-2022-43351
@@ -5764,12 +5842,12 @@ CVE-2022-42927
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-46/#CVE-2022-42927
CVE-2022-42926
RESERVED
-CVE-2022-42925
- RESERVED
-CVE-2022-42924
- RESERVED
-CVE-2022-42923
- RESERVED
+CVE-2022-42925 (There is a vulnerability on Forma LMS version 3.1.0 and earlier that c ...)
+ TODO: check
+CVE-2022-42924 (Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL inje ...)
+ TODO: check
+CVE-2022-42923 (Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL inje ...)
+ TODO: check
CVE-2022-42922
RESERVED
CVE-2022-42921
@@ -5868,8 +5946,8 @@ CVE-2022-42909
RESERVED
CVE-2022-42908
RESERVED
-CVE-2022-3499
- RESERVED
+CVE-2022-3499 (An authenticated attacker could utilize the identical agent and cluste ...)
+ TODO: check
CVE-2022-3498
RESERVED
CVE-2022-3497 (A vulnerability was found in SourceCodester Human Resource Management ...)
@@ -8346,8 +8424,7 @@ CVE-2022-3375
RESERVED
CVE-2022-3374 (The Ocean Extra WordPress plugin before 2.0.5 unserialises the content ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3373
- RESERVED
+CVE-2022-3373 (Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allo ...)
{DSA-5245-1}
- chromium 106.0.5249.91-1
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -8355,8 +8432,7 @@ CVE-2022-3372
RESERVED
CVE-2022-3371 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...)
- rdiffweb <itp> (bug #969974)
-CVE-2022-3370
- RESERVED
+CVE-2022-3370 (Use after free in Custom Elements in Google Chrome prior to 106.0.5249 ...)
{DSA-5245-1}
- chromium 106.0.5249.91-1
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -8465,28 +8541,28 @@ CVE-2022-41810
RESERVED
CVE-2022-41809
RESERVED
-CVE-2022-41779
- RESERVED
+CVE-2022-41779 (Delta Electronics InfraSuite Device Master versions 00.00.01a and prio ...)
+ TODO: check
CVE-2022-41778
RESERVED
-CVE-2022-41776
- RESERVED
+CVE-2022-41776 (Delta Electronics InfraSuite Device Master versions 00.00.01a and prio ...)
+ TODO: check
CVE-2022-41773 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...)
NOT-FOR-US: DIAEnergie
-CVE-2022-41772
- RESERVED
+CVE-2022-41772 (Delta Electronics InfraSuite Device Master Versions 00.00.01a and prio ...)
+ TODO: check
CVE-2022-41702 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...)
NOT-FOR-US: DIAEnergie
CVE-2022-41701 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...)
NOT-FOR-US: DIAEnergie
CVE-2022-41697
RESERVED
-CVE-2022-41688
- RESERVED
+CVE-2022-41688 (Delta Electronics InfraSuite Device Master versions 00.00.01a and prio ...)
+ TODO: check
CVE-2022-41683
RESERVED
-CVE-2022-41657
- RESERVED
+CVE-2022-41657 (Delta Electronics InfraSuite Device Master Versions 00.00.01a and prio ...)
+ TODO: check
CVE-2022-41654
RESERVED
CVE-2022-41653
@@ -8495,12 +8571,12 @@ CVE-2022-41651 (The affected product DIAEnergie (versions prior to v1.9.01.002)
NOT-FOR-US: DIAEnergie
CVE-2022-41648 (The HEIDENHAIN Controller TNC 640, version 340590 07 SP5, running HERO ...)
NOT-FOR-US: HEIDENHAIN Controller TNC 640
-CVE-2022-41644
- RESERVED
+CVE-2022-41644 (Delta Electronics InfraSuite Device Master versions 00.00.01a and prio ...)
+ TODO: check
CVE-2022-41636 (Communication traffic involving "Ethernet Q Commands" service of Haas ...)
NOT-FOR-US: Haas Controller
-CVE-2022-41629
- RESERVED
+CVE-2022-41629 (Delta Electronics InfraSuite Device Master versions 00.00.01a and prio ...)
+ TODO: check
CVE-2022-41627 (The physical IoT device of the AliveCor's KardiaMobile, a smartphone-b ...)
TODO: check
CVE-2022-41613
@@ -8521,12 +8597,12 @@ CVE-2022-40703 (CWE-302 Authentication Bypass by Assumed-Immutable Data in Alive
NOT-FOR-US: AliveCor Kardia App
CVE-2022-40204
RESERVED
-CVE-2022-40202
- RESERVED
+CVE-2022-40202 (The database backup function in Delta Electronics InfraSuite Device Ma ...)
+ TODO: check
CVE-2022-40201
RESERVED
-CVE-2022-40190
- RESERVED
+CVE-2022-40190 (SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflec ...)
+ TODO: check
CVE-2022-38355
RESERVED
CVE-2022-38142 (Delta Electronics InfraSuite Device Master versions 00.00.01a and prio ...)
@@ -8734,12 +8810,12 @@ CVE-2022-41689
RESERVED
CVE-2022-41682
RESERVED
-CVE-2022-41681
- RESERVED
-CVE-2022-41680
- RESERVED
-CVE-2022-41679
- RESERVED
+CVE-2022-41681 (There is a vulnerability on Forma LMS version 3.1.0 and earlier that c ...)
+ TODO: check
+CVE-2022-41680 (Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL inje ...)
+ TODO: check
+CVE-2022-41679 (Forma LMS version 3.1.0 and earlier are affected by an Cross-Site scri ...)
+ TODO: check
CVE-2022-41678
RESERVED
CVE-2022-41677
@@ -9043,8 +9119,8 @@ CVE-2021-46840 (The HW_KEYMASTER module has an out-of-bounds access vulnerabilit
NOT-FOR-US: Huawei
CVE-2021-46839 (The HW_KEYMASTER module has a vulnerability of missing bounds check on ...)
NOT-FOR-US: Huawei
-CVE-2020-36605
- RESERVED
+CVE-2020-36605 (Incorrect Default Permissions vulnerability in Hitachi Infrastructure ...)
+ TODO: check
CVE-2022-41568
RESERVED
CVE-2022-41567
@@ -9205,10 +9281,10 @@ CVE-2022-3301 (Improper Cleanup on Thrown Exception in GitHub repository ikus060
- rdiffweb <itp> (bug #969974)
CVE-2022-3300 (The Form Maker by 10Web WordPress plugin before 1.15.6 does not proper ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-41553
- RESERVED
-CVE-2022-41552
- RESERVED
+CVE-2022-41553 (Insertion of Sensitive Information into Temporary File vulnerability i ...)
+ TODO: check
+CVE-2022-41552 (Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastruc ...)
+ TODO: check
CVE-2022-41551
RESERVED
CVE-2022-41550 (GNU oSIP v5.3.0 was discovered to contain an integer overflow via the ...)
@@ -11508,8 +11584,8 @@ CVE-2022-40607
RESERVED
CVE-2022-3192
RESERVED
-CVE-2022-3191
- RESERVED
+CVE-2022-3191 (Insertion of Sensitive Information into Log File vulnerability in Hita ...)
+ TODO: check
CVE-2022-3190 (Infinite loop in the F5 Ethernet Trailer protocol dissector in Wiresha ...)
- wireshark 3.6.8-1
[bullseye] - wireshark <no-dsa> (Minor issue)
@@ -12210,26 +12286,26 @@ CVE-2022-40298 (Crestron AirMedia for Windows before 5.5.1.84 has insecure inher
NOT-FOR-US: Crestron
CVE-2022-40297 (** DISPUTED ** UBports Ubuntu Touch 16.04 allows the screen-unlock pas ...)
NOT-FOR-US: UBports Ubuntu Touch
-CVE-2022-40296
- RESERVED
-CVE-2022-40295
- RESERVED
-CVE-2022-40294
- RESERVED
-CVE-2022-40293
- RESERVED
-CVE-2022-40292
- RESERVED
-CVE-2022-40291
- RESERVED
-CVE-2022-40290
- RESERVED
-CVE-2022-40289
- RESERVED
-CVE-2022-40288
- RESERVED
-CVE-2022-40287
- RESERVED
+CVE-2022-40296 (The application was vulnerable to a Server-Side Request Forgery attack ...)
+ TODO: check
+CVE-2022-40295 (The application was vulnerable to an authenticated information disclos ...)
+ TODO: check
+CVE-2022-40294 (The application was identified to have an CSV injection in data export ...)
+ TODO: check
+CVE-2022-40293 (The application was vulnerable to a session fixation that could be use ...)
+ TODO: check
+CVE-2022-40292 (The application allowed for Unauthenticated User Enumeration by intera ...)
+ TODO: check
+CVE-2022-40291 (The application was vulnerable to Cross-Site Request Forgery (CSRF) at ...)
+ TODO: check
+CVE-2022-40290 (The application was vulnerable to an unauthenticated Reflected Cross-S ...)
+ TODO: check
+CVE-2022-40289 (The application was vulnerable to an authenticated Stored Cross-Site S ...)
+ TODO: check
+CVE-2022-40288 (The application was vulnerable to an authenticated Stored Cross-Site S ...)
+ TODO: check
+CVE-2022-40287 (The application was found to be vulnerable to an authenticated Stored ...)
+ TODO: check
CVE-2022-40286
RESERVED
CVE-2022-40285
@@ -15244,24 +15320,24 @@ CVE-2022-39022 (U-Office Force Download function has a path traversal vulnerabil
NOT-FOR-US: U-Office Force
CVE-2022-39021 (U-Office Force login function has an Open Redirect vulnerability. An u ...)
NOT-FOR-US: U-Office Force
-CVE-2022-39020
- RESERVED
-CVE-2022-39019
- RESERVED
-CVE-2022-39018
- RESERVED
-CVE-2022-39017
- RESERVED
-CVE-2022-39016
- RESERVED
+CVE-2022-39020 (Multiple instances of XSS (stored and reflected) was found in the appl ...)
+ TODO: check
+CVE-2022-39019 (Broken access controls on PDFtron WebviewerUI in M-Files Hubshare befo ...)
+ TODO: check
+CVE-2022-39018 (Broken access controls on PDFtron data in M-Files Hubshare before 3.3. ...)
+ TODO: check
+CVE-2022-39017 (Improper input validation and output encoding in all comments fields, ...)
+ TODO: check
+CVE-2022-39016 (Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 al ...)
+ TODO: check
CVE-2022-38400 (Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated atta ...)
NOT-FOR-US: Mailform Pro CGI
CVE-2022-33941 (PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injec ...)
NOT-FOR-US: PowerCMS
CVE-2022-3060 (Improper control of a resource identifier in Error Tracking in GitLab ...)
- gitlab <unfixed>
-CVE-2022-3059
- RESERVED
+CVE-2022-3059 (The application was vulnerable to multiple instances of SQL injection ...)
+ TODO: check
CVE-2022-3058 (Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 ...)
{DSA-5223-1}
- chromium 105.0.5195.52-1
@@ -19616,7 +19692,7 @@ CVE-2022-37456
CVE-2022-37455
RESERVED
CVE-2022-37454 (The Keccak XKCP SHA-3 reference implementation before fdc6fef has an i ...)
- {DSA-5267-1 DLA-3174-1}
+ {DSA-5267-1 DLA-3175-1 DLA-3174-1}
- php8.1 8.1.12-1
- php7.4 <removed>
- php7.3 <removed>
@@ -21017,8 +21093,8 @@ CVE-2022-37015
RESERVED
CVE-2022-37014
RESERVED
-CVE-2022-2572
- RESERVED
+CVE-2022-2572 (In affected versions of Octopus Server where access is managed by an e ...)
+ TODO: check
CVE-2022-2571 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...)
- vim 2:9.0.0135-1
NOTE: https://huntr.dev/bounties/2e5a1dc4-2dfb-4e5f-8c70-e1ede21f3571/
@@ -35236,12 +35312,12 @@ CVE-2022-31694
RESERVED
CVE-2022-31693
RESERVED
-CVE-2022-31692
- RESERVED
+CVE-2022-31692 (Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 co ...)
+ TODO: check
CVE-2022-31691
RESERVED
-CVE-2022-31690
- RESERVED
+CVE-2022-31690 (Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, ...)
+ TODO: check
CVE-2022-31689
RESERVED
CVE-2022-31688
@@ -43926,8 +44002,8 @@ CVE-2022-28765
RESERVED
CVE-2022-28764
RESERVED
-CVE-2022-28763
- RESERVED
+CVE-2022-28763 (The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Wind ...)
+ TODO: check
CVE-2022-28762 (Zoom Client for Meetings for macOS (Standard and for IT Admin) startin ...)
NOT-FOR-US: Zoom
CVE-2022-28761 (Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131 ...)
@@ -47521,8 +47597,8 @@ CVE-2022-27585
RESERVED
CVE-2022-27584
RESERVED
-CVE-2022-27583
- RESERVED
+CVE-2022-27583 (A remote unprivileged attacker can interact with the configuration int ...)
+ TODO: check
CVE-2022-27582
RESERVED
CVE-2022-27581
@@ -52142,8 +52218,8 @@ CVE-2022-25894
RESERVED
CVE-2022-25893
RESERVED
-CVE-2022-25892
- RESERVED
+CVE-2022-25892 (The package muhammara before 2.6.1, from 3.1.0 and before 3.1.1; all v ...)
+ TODO: check
CVE-2022-25891 (The package github.com/containrrr/shoutrrr/pkg/util before 0.6.0 are v ...)
NOT-FOR-US: github.com/containrrr/shoutrrr/pkg/util
CVE-2022-25890
@@ -52157,8 +52233,8 @@ CVE-2022-25887 (The package sanitize-html before 2.7.1 are vulnerable to Regular
NOTE: https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-2957526
CVE-2022-25886
RESERVED
-CVE-2022-25885
- RESERVED
+CVE-2022-25885 (The package muhammara before 2.6.0; all versions of package hummus are ...)
+ TODO: check
CVE-2022-25884
RESERVED
CVE-2022-25883
@@ -53352,19 +53428,19 @@ CVE-2022-25518 (In CMDBuild from version 3.0 to 3.3.2 payload requests are saved
NOT-FOR-US: CMDBuild
CVE-2022-25517 (MyBatis plus v3.4.3 was discovered to contain a SQL injection vulnerab ...)
NOT-FOR-US: MyBatis plus
-CVE-2022-25516 (stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow ...)
+CVE-2022-25516 (** DISPUTED ** stb_truetype.h v1.26 was discovered to contain a heap-b ...)
- libstb <unfixed> (unimportant)
NOTE: https://github.com/nothings/stb/issues/1287
NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files
NOTE: Also, the stb_truetype API does not know the length of the input font file and therefore
NOTE: cannot bounds check it.
-CVE-2022-25515 (stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow ...)
+CVE-2022-25515 (** DISPUTED ** stb_truetype.h v1.26 was discovered to contain a heap-b ...)
- libstb <unfixed> (unimportant)
NOTE: https://github.com/nothings/stb/issues/1288
NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files
NOTE: Also, the stb_truetype API does not know the length of the input font file and therefore
NOTE: cannot bounds check it.
-CVE-2022-25514 (stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow ...)
+CVE-2022-25514 (** DISPUTED ** stb_truetype.h v1.26 was discovered to contain a heap-b ...)
- libstb <unfixed> (unimportant)
NOTE: https://github.com/nothings/stb/issues/1286
NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files
@@ -57625,7 +57701,7 @@ CVE-2022-24200
RESERVED
CVE-2022-24199
RESERVED
-CVE-2022-24198 (iText v7.1.17 was discovered to contain an out-of-bounds exception via ...)
+CVE-2022-24198 (** DISPUTED ** iText v7.1.17 was discovered to contain an out-of-bound ...)
NOT-FOR-US: iText
CVE-2022-24197 (iText v7.1.17 was discovered to contain a stack-based buffer overflow ...)
NOT-FOR-US: iText
@@ -67445,7 +67521,7 @@ CVE-2021-45348 (An Arbitrary File Deletion vulnerability exists in SourceCodeste
NOT-FOR-US: SourceCodester
CVE-2021-45347 (An Incorrect Access Control vulnerability exists in zzcms 8.2, which l ...)
NOT-FOR-US: zzcms
-CVE-2021-45346 (A Memory Leak vulnerabilty exists in SQLite Project SQLite3 3.35.1 and ...)
+CVE-2021-45346 (** DISPUTED ** A Memory Leak vulnerability exists in SQLite Project SQ ...)
- sqlite3 <unfixed> (bug #1005974)
[bullseye] - sqlite3 <no-dsa> (Minor issue)
[buster] - sqlite3 <no-dsa> (Minor issue)
@@ -70172,7 +70248,8 @@ CVE-2021-44599 (The id parameter from Online Enrollment Management System 1.0 sy
NOT-FOR-US: Online Enrollment Management System
CVE-2021-44598 (Attendance Management System 1.0 is affected by a Cross Site Scripting ...)
NOT-FOR-US: Attendance Management System
-CVE-2021-44597 (An Access Control vunerabiity exists in Gerapy v 0.9.7 via the spider ...)
+CVE-2021-44597
+ REJECTED
NOT-FOR-US: Gerapy
CVE-2021-44596 (Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remot ...)
NOT-FOR-US: Wondershare
@@ -81339,7 +81416,7 @@ CVE-2021-41876
RESERVED
CVE-2021-41875
RESERVED
-CVE-2021-41874 (An unauthorized access vulnerabiitly exists in all versions of Portain ...)
+CVE-2021-41874 (** DISPUTED ** An unauthorized access vulnerabiitly exists in all vers ...)
NOT-FOR-US: Portainer
CVE-2021-41873 (Penguin Aurora TV Box 41502 is a high-end network HD set-top box produ ...)
NOT-FOR-US: Penguin Aurora TV Box 41502
@@ -117368,8 +117445,8 @@ CVE-2021-27786 (Cross-origin resource sharing (CORS) enables browsers to perform
NOT-FOR-US: HCL
CVE-2021-27785 (HCL Commerce's Remote Store server could allow a local attacker to obt ...)
NOT-FOR-US: HCL Commerce's Remote Store server
-CVE-2021-27784
- RESERVED
+CVE-2021-27784 (The provided HCL Launch Container images contain non-unique HTTPS cert ...)
+ TODO: check
CVE-2021-27783 (User generated PPKG file for Bulk Enroll may have unencrypted sensitiv ...)
NOT-FOR-US: HCL
CVE-2021-27782
@@ -142942,7 +143019,7 @@ CVE-2020-28886
RESERVED
CVE-2020-28885 (** DISPUTED ** Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is ...)
NOT-FOR-US: Liferay
-CVE-2020-28884 (Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS ...)
+CVE-2020-28884 (** DISPUTED ** Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is ...)
NOT-FOR-US: Liferay
CVE-2020-28883
RESERVED
@@ -159986,7 +160063,7 @@ CVE-2020-23257
CVE-2020-23256
RESERVED
CVE-2020-23255
- RESERVED
+ REJECTED
CVE-2020-23254
RESERVED
CVE-2020-23253
@@ -292422,9 +292499,9 @@ CVE-2018-13329 (Cross-site scripting in ajaxdata.php in TerraMaster TOS version
NOT-FOR-US: TerraMaster TOS
CVE-2018-13328 (The transfer, transferFrom, and mint functions of a smart contract imp ...)
NOT-FOR-US: smart contract
-CVE-2018-13327 (The transfer and transferFrom functions of a smart contract implementa ...)
+CVE-2018-13327 (** DISPUTED ** The transfer and transferFrom functions of a smart cont ...)
NOT-FOR-US: smart contract
-CVE-2018-13326 (The transfer and transferFrom functions of a smart contract implementa ...)
+CVE-2018-13326 (** DISPUTED ** The transfer and transferFrom functions of a smart cont ...)
NOT-FOR-US: smart contract
CVE-2018-13325 (The _sell function of a smart contract implementation for GROWCHAIN (G ...)
NOT-FOR-US: smart contract
@@ -292826,7 +292903,7 @@ CVE-2018-13146 (The mintToken, buy, and sell functions of a smart contract imple
NOT-FOR-US: smart contract
CVE-2018-13145 (The mintToken function of a smart contract implementation for JavaSwap ...)
NOT-FOR-US: smart contract
-CVE-2018-13144 (The transfer and transferFrom functions of a smart contract implementa ...)
+CVE-2018-13144 (** DISPUTED ** The transfer and transferFrom functions of a smart cont ...)
NOT-FOR-US: smart contract
CVE-2018-13143
RESERVED
@@ -292895,7 +292972,7 @@ CVE-2018-13115 (Lack of an authentication mechanism in KERUI Wifi Endoscope Came
NOT-FOR-US: KERUI Wifi Endoscope Camera
CVE-2018-13114 (Missing authentication and improper input validation in KERUI Wifi End ...)
NOT-FOR-US: KERUI Wifi Endoscope Camera
-CVE-2018-13113 (The transfer and transferFrom functions of a smart contract implementa ...)
+CVE-2018-13113 (** DISPUTED ** The transfer and transferFrom functions of a smart cont ...)
NOT-FOR-US: smart contract implementation for Easy Trading Token and Ethereum token
CVE-2018-13112 (get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows remote attac ...)
- tcpreplay 4.3.1-1 (low; bug #902952)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a3e14708d0c3d85c64a56ffab804c89a693c5b8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a3e14708d0c3d85c64a56ffab804c89a693c5b8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221101/59ea1e8e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list