[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Oct 28 09:11:31 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6bf12a0e by security tracker role at 2022-10-28T08:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,559 @@
+CVE-2023-20851
+	RESERVED
+CVE-2023-20850
+	RESERVED
+CVE-2023-20849
+	RESERVED
+CVE-2023-20848
+	RESERVED
+CVE-2023-20847
+	RESERVED
+CVE-2023-20846
+	RESERVED
+CVE-2023-20845
+	RESERVED
+CVE-2023-20844
+	RESERVED
+CVE-2023-20843
+	RESERVED
+CVE-2023-20842
+	RESERVED
+CVE-2023-20841
+	RESERVED
+CVE-2023-20840
+	RESERVED
+CVE-2023-20839
+	RESERVED
+CVE-2023-20838
+	RESERVED
+CVE-2023-20837
+	RESERVED
+CVE-2023-20836
+	RESERVED
+CVE-2023-20835
+	RESERVED
+CVE-2023-20834
+	RESERVED
+CVE-2023-20833
+	RESERVED
+CVE-2023-20832
+	RESERVED
+CVE-2023-20831
+	RESERVED
+CVE-2023-20830
+	RESERVED
+CVE-2023-20829
+	RESERVED
+CVE-2023-20828
+	RESERVED
+CVE-2023-20827
+	RESERVED
+CVE-2023-20826
+	RESERVED
+CVE-2023-20825
+	RESERVED
+CVE-2023-20824
+	RESERVED
+CVE-2023-20823
+	RESERVED
+CVE-2023-20822
+	RESERVED
+CVE-2023-20821
+	RESERVED
+CVE-2023-20820
+	RESERVED
+CVE-2023-20819
+	RESERVED
+CVE-2023-20818
+	RESERVED
+CVE-2023-20817
+	RESERVED
+CVE-2023-20816
+	RESERVED
+CVE-2023-20815
+	RESERVED
+CVE-2023-20814
+	RESERVED
+CVE-2023-20813
+	RESERVED
+CVE-2023-20812
+	RESERVED
+CVE-2023-20811
+	RESERVED
+CVE-2023-20810
+	RESERVED
+CVE-2023-20809
+	RESERVED
+CVE-2023-20808
+	RESERVED
+CVE-2023-20807
+	RESERVED
+CVE-2023-20806
+	RESERVED
+CVE-2023-20805
+	RESERVED
+CVE-2023-20804
+	RESERVED
+CVE-2023-20803
+	RESERVED
+CVE-2023-20802
+	RESERVED
+CVE-2023-20801
+	RESERVED
+CVE-2023-20800
+	RESERVED
+CVE-2023-20799
+	RESERVED
+CVE-2023-20798
+	RESERVED
+CVE-2023-20797
+	RESERVED
+CVE-2023-20796
+	RESERVED
+CVE-2023-20795
+	RESERVED
+CVE-2023-20794
+	RESERVED
+CVE-2023-20793
+	RESERVED
+CVE-2023-20792
+	RESERVED
+CVE-2023-20791
+	RESERVED
+CVE-2023-20790
+	RESERVED
+CVE-2023-20789
+	RESERVED
+CVE-2023-20788
+	RESERVED
+CVE-2023-20787
+	RESERVED
+CVE-2023-20786
+	RESERVED
+CVE-2023-20785
+	RESERVED
+CVE-2023-20784
+	RESERVED
+CVE-2023-20783
+	RESERVED
+CVE-2023-20782
+	RESERVED
+CVE-2023-20781
+	RESERVED
+CVE-2023-20780
+	RESERVED
+CVE-2023-20779
+	RESERVED
+CVE-2023-20778
+	RESERVED
+CVE-2023-20777
+	RESERVED
+CVE-2023-20776
+	RESERVED
+CVE-2023-20775
+	RESERVED
+CVE-2023-20774
+	RESERVED
+CVE-2023-20773
+	RESERVED
+CVE-2023-20772
+	RESERVED
+CVE-2023-20771
+	RESERVED
+CVE-2023-20770
+	RESERVED
+CVE-2023-20769
+	RESERVED
+CVE-2023-20768
+	RESERVED
+CVE-2023-20767
+	RESERVED
+CVE-2023-20766
+	RESERVED
+CVE-2023-20765
+	RESERVED
+CVE-2023-20764
+	RESERVED
+CVE-2023-20763
+	RESERVED
+CVE-2023-20762
+	RESERVED
+CVE-2023-20761
+	RESERVED
+CVE-2023-20760
+	RESERVED
+CVE-2023-20759
+	RESERVED
+CVE-2023-20758
+	RESERVED
+CVE-2023-20757
+	RESERVED
+CVE-2023-20756
+	RESERVED
+CVE-2023-20755
+	RESERVED
+CVE-2023-20754
+	RESERVED
+CVE-2023-20753
+	RESERVED
+CVE-2023-20752
+	RESERVED
+CVE-2023-20751
+	RESERVED
+CVE-2023-20750
+	RESERVED
+CVE-2023-20749
+	RESERVED
+CVE-2023-20748
+	RESERVED
+CVE-2023-20747
+	RESERVED
+CVE-2023-20746
+	RESERVED
+CVE-2023-20745
+	RESERVED
+CVE-2023-20744
+	RESERVED
+CVE-2023-20743
+	RESERVED
+CVE-2023-20742
+	RESERVED
+CVE-2023-20741
+	RESERVED
+CVE-2023-20740
+	RESERVED
+CVE-2023-20739
+	RESERVED
+CVE-2023-20738
+	RESERVED
+CVE-2023-20737
+	RESERVED
+CVE-2023-20736
+	RESERVED
+CVE-2023-20735
+	RESERVED
+CVE-2023-20734
+	RESERVED
+CVE-2023-20733
+	RESERVED
+CVE-2023-20732
+	RESERVED
+CVE-2023-20731
+	RESERVED
+CVE-2023-20730
+	RESERVED
+CVE-2023-20729
+	RESERVED
+CVE-2023-20728
+	RESERVED
+CVE-2023-20727
+	RESERVED
+CVE-2023-20726
+	RESERVED
+CVE-2023-20725
+	RESERVED
+CVE-2023-20724
+	RESERVED
+CVE-2023-20723
+	RESERVED
+CVE-2023-20722
+	RESERVED
+CVE-2023-20721
+	RESERVED
+CVE-2023-20720
+	RESERVED
+CVE-2023-20719
+	RESERVED
+CVE-2023-20718
+	RESERVED
+CVE-2023-20717
+	RESERVED
+CVE-2023-20716
+	RESERVED
+CVE-2023-20715
+	RESERVED
+CVE-2023-20714
+	RESERVED
+CVE-2023-20713
+	RESERVED
+CVE-2023-20712
+	RESERVED
+CVE-2023-20711
+	RESERVED
+CVE-2023-20710
+	RESERVED
+CVE-2023-20709
+	RESERVED
+CVE-2023-20708
+	RESERVED
+CVE-2023-20707
+	RESERVED
+CVE-2023-20706
+	RESERVED
+CVE-2023-20705
+	RESERVED
+CVE-2023-20704
+	RESERVED
+CVE-2023-20703
+	RESERVED
+CVE-2023-20702
+	RESERVED
+CVE-2023-20701
+	RESERVED
+CVE-2023-20700
+	RESERVED
+CVE-2023-20699
+	RESERVED
+CVE-2023-20698
+	RESERVED
+CVE-2023-20697
+	RESERVED
+CVE-2023-20696
+	RESERVED
+CVE-2023-20695
+	RESERVED
+CVE-2023-20694
+	RESERVED
+CVE-2023-20693
+	RESERVED
+CVE-2023-20692
+	RESERVED
+CVE-2023-20691
+	RESERVED
+CVE-2023-20690
+	RESERVED
+CVE-2023-20689
+	RESERVED
+CVE-2023-20688
+	RESERVED
+CVE-2023-20687
+	RESERVED
+CVE-2023-20686
+	RESERVED
+CVE-2023-20685
+	RESERVED
+CVE-2023-20684
+	RESERVED
+CVE-2023-20683
+	RESERVED
+CVE-2023-20682
+	RESERVED
+CVE-2023-20681
+	RESERVED
+CVE-2023-20680
+	RESERVED
+CVE-2023-20679
+	RESERVED
+CVE-2023-20678
+	RESERVED
+CVE-2023-20677
+	RESERVED
+CVE-2023-20676
+	RESERVED
+CVE-2023-20675
+	RESERVED
+CVE-2023-20674
+	RESERVED
+CVE-2023-20673
+	RESERVED
+CVE-2023-20672
+	RESERVED
+CVE-2023-20671
+	RESERVED
+CVE-2023-20670
+	RESERVED
+CVE-2023-20669
+	RESERVED
+CVE-2023-20668
+	RESERVED
+CVE-2023-20667
+	RESERVED
+CVE-2023-20666
+	RESERVED
+CVE-2023-20665
+	RESERVED
+CVE-2023-20664
+	RESERVED
+CVE-2023-20663
+	RESERVED
+CVE-2023-20662
+	RESERVED
+CVE-2023-20661
+	RESERVED
+CVE-2023-20660
+	RESERVED
+CVE-2023-20659
+	RESERVED
+CVE-2023-20658
+	RESERVED
+CVE-2023-20657
+	RESERVED
+CVE-2023-20656
+	RESERVED
+CVE-2023-20655
+	RESERVED
+CVE-2023-20654
+	RESERVED
+CVE-2023-20653
+	RESERVED
+CVE-2023-20652
+	RESERVED
+CVE-2023-20651
+	RESERVED
+CVE-2023-20650
+	RESERVED
+CVE-2023-20649
+	RESERVED
+CVE-2023-20648
+	RESERVED
+CVE-2023-20647
+	RESERVED
+CVE-2023-20646
+	RESERVED
+CVE-2023-20645
+	RESERVED
+CVE-2023-20644
+	RESERVED
+CVE-2023-20643
+	RESERVED
+CVE-2023-20642
+	RESERVED
+CVE-2023-20641
+	RESERVED
+CVE-2023-20640
+	RESERVED
+CVE-2023-20639
+	RESERVED
+CVE-2023-20638
+	RESERVED
+CVE-2023-20637
+	RESERVED
+CVE-2023-20636
+	RESERVED
+CVE-2023-20635
+	RESERVED
+CVE-2023-20634
+	RESERVED
+CVE-2023-20633
+	RESERVED
+CVE-2023-20632
+	RESERVED
+CVE-2023-20631
+	RESERVED
+CVE-2023-20630
+	RESERVED
+CVE-2023-20629
+	RESERVED
+CVE-2023-20628
+	RESERVED
+CVE-2023-20627
+	RESERVED
+CVE-2023-20626
+	RESERVED
+CVE-2023-20625
+	RESERVED
+CVE-2023-20624
+	RESERVED
+CVE-2023-20623
+	RESERVED
+CVE-2023-20622
+	RESERVED
+CVE-2023-20621
+	RESERVED
+CVE-2023-20620
+	RESERVED
+CVE-2023-20619
+	RESERVED
+CVE-2023-20618
+	RESERVED
+CVE-2023-20617
+	RESERVED
+CVE-2023-20616
+	RESERVED
+CVE-2023-20615
+	RESERVED
+CVE-2023-20614
+	RESERVED
+CVE-2023-20613
+	RESERVED
+CVE-2023-20612
+	RESERVED
+CVE-2023-20611
+	RESERVED
+CVE-2023-20610
+	RESERVED
+CVE-2023-20609
+	RESERVED
+CVE-2023-20608
+	RESERVED
+CVE-2023-20607
+	RESERVED
+CVE-2023-20606
+	RESERVED
+CVE-2023-20605
+	RESERVED
+CVE-2023-20604
+	RESERVED
+CVE-2023-20603
+	RESERVED
+CVE-2023-20602
+	RESERVED
+CVE-2022-43977
+	RESERVED
+CVE-2022-43976
+	RESERVED
+CVE-2022-43975
+	RESERVED
+CVE-2022-43974
+	RESERVED
+CVE-2022-43973
+	RESERVED
+CVE-2022-43972
+	RESERVED
+CVE-2022-43971
+	RESERVED
+CVE-2022-43970
+	RESERVED
+CVE-2022-43969
+	RESERVED
+CVE-2022-43968
+	RESERVED
+CVE-2022-43967
+	RESERVED
+CVE-2022-43966
+	RESERVED
+CVE-2022-43965
+	RESERVED
+CVE-2022-43964
+	RESERVED
+CVE-2022-43963
+	RESERVED
+CVE-2022-43962
+	RESERVED
+CVE-2022-43961
+	RESERVED
+CVE-2022-43960
+	RESERVED
+CVE-2022-43959
+	RESERVED
+CVE-2022-3736
+	RESERVED
+CVE-2022-3735
+	RESERVED
+CVE-2022-3734
+	RESERVED
+CVE-2022-3733
+	RESERVED
+CVE-2022-3732
+	RESERVED
+CVE-2022-3731
+	RESERVED
+CVE-2022-3730
+	RESERVED
+CVE-2022-3729
+	RESERVED
+CVE-2022-3728
+	RESERVED
 CVE-2023-20601
 	RESERVED
 CVE-2023-20600
@@ -1886,6 +2442,7 @@ CVE-2022-43682
 CVE-2022-43681
 	RESERVED
 CVE-2022-43680 (In libexpat through 2.4.9, there is a use-after free caused by overeag ...)
+	{DLA-3165-1}
 	- expat 2.5.0-1 (bug #1022743)
 	NOTE: https://github.com/libexpat/libexpat/issues/649
 	NOTE: https://github.com/libexpat/libexpat/pull/616
@@ -2599,8 +3156,8 @@ CVE-2022-3618
 	RESERVED
 CVE-2022-3617
 	RESERVED
-CVE-2022-3616
-	RESERVED
+CVE-2022-3616 (Attackers can create long chains of CAs that would lead to OctoRPKI ex ...)
+	TODO: check
 CVE-2022-3615
 	RESERVED
 CVE-2022-3614
@@ -3918,7 +4475,7 @@ CVE-2022-42933 (A malicious crafted .dwf or .pct file when consumed through Desi
 	NOT-FOR-US: Autodesk
 CVE-2022-42932
 	RESERVED
-	{DSA-5259-1 DLA-3156-1}
+	{DSA-5262-1 DSA-5259-1 DLA-3156-1}
 	- firefox 106.0-1
 	- firefox-esr 102.4.0esr-1
 	- thunderbird 1:102.4.0-1
@@ -3935,7 +4492,7 @@ CVE-2022-42930
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-44/#CVE-2022-42930
 CVE-2022-42929
 	RESERVED
-	{DSA-5259-1 DLA-3156-1}
+	{DSA-5262-1 DSA-5259-1 DLA-3156-1}
 	- firefox 106.0-1
 	- firefox-esr 102.4.0esr-1
 	- thunderbird 1:102.4.0-1
@@ -3944,7 +4501,7 @@ CVE-2022-42929
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-46/#CVE-2022-42929
 CVE-2022-42928
 	RESERVED
-	{DSA-5259-1 DLA-3156-1}
+	{DSA-5262-1 DSA-5259-1 DLA-3156-1}
 	- firefox 106.0-1
 	- firefox-esr 102.4.0esr-1
 	- thunderbird 1:102.4.0-1
@@ -3953,7 +4510,7 @@ CVE-2022-42928
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-46/#CVE-2022-42928
 CVE-2022-42927
 	RESERVED
-	{DSA-5259-1 DLA-3156-1}
+	{DSA-5262-1 DSA-5259-1 DLA-3156-1}
 	- firefox 106.0-1
 	- firefox-esr 102.4.0esr-1
 	- thunderbird 1:102.4.0-1
@@ -6190,12 +6747,12 @@ CVE-2022-36354
 	RESERVED
 CVE-2022-3388
 	RESERVED
-CVE-2022-3387
-	RESERVED
-CVE-2022-3386
-	RESERVED
-CVE-2022-3385
-	RESERVED
+CVE-2022-3387 (Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path tr ...)
+	TODO: check
+CVE-2022-3386 (Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack ...)
+	TODO: check
+CVE-2022-3385 (Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack ...)
+	TODO: check
 CVE-2022-3384
 	RESERVED
 CVE-2022-3383
@@ -6503,10 +7060,10 @@ CVE-2022-3381
 	RESERVED
 CVE-2022-3380
 	RESERVED
-CVE-2022-3379
-	RESERVED
-CVE-2022-3378
-	RESERVED
+CVE-2022-3379 (Horner Automation's Cscape version 9.90 SP7 and prior does not properl ...)
+	TODO: check
+CVE-2022-3378 (Horner Automation's Cscape version 9.90 SP 7 and prior does not proper ...)
+	TODO: check
 CVE-2022-3377
 	RESERVED
 CVE-2022-3376 (Weak Password Requirements in GitHub repository ikus060/rdiffweb prior ...)
@@ -6640,14 +7197,14 @@ CVE-2022-41778
 	RESERVED
 CVE-2022-41776
 	RESERVED
-CVE-2022-41773
-	RESERVED
+CVE-2022-41773 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...)
+	TODO: check
 CVE-2022-41772
 	RESERVED
-CVE-2022-41702
-	RESERVED
-CVE-2022-41701
-	RESERVED
+CVE-2022-41702 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...)
+	TODO: check
+CVE-2022-41701 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...)
+	TODO: check
 CVE-2022-41697
 	RESERVED
 CVE-2022-41688
@@ -6660,8 +7217,8 @@ CVE-2022-41654
 	RESERVED
 CVE-2022-41653
 	RESERVED
-CVE-2022-41651
-	RESERVED
+CVE-2022-41651 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...)
+	TODO: check
 CVE-2022-41648
 	RESERVED
 CVE-2022-41644
@@ -6670,22 +7227,22 @@ CVE-2022-41636
 	RESERVED
 CVE-2022-41629
 	RESERVED
-CVE-2022-41627
-	RESERVED
+CVE-2022-41627 (The physical IoT device of the AliveCor's KardiaMobile, a smartphone-b ...)
+	TODO: check
 CVE-2022-41613
 	RESERVED
 CVE-2022-41607
 	RESERVED
-CVE-2022-41555
-	RESERVED
-CVE-2022-41133
-	RESERVED
+CVE-2022-41555 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...)
+	TODO: check
+CVE-2022-41133 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...)
+	TODO: check
 CVE-2022-40981
 	RESERVED
-CVE-2022-40967
-	RESERVED
-CVE-2022-40965
-	RESERVED
+CVE-2022-40967 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...)
+	TODO: check
+CVE-2022-40965 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...)
+	TODO: check
 CVE-2022-40703 (CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Ka ...)
 	NOT-FOR-US: AliveCor Kardia App
 CVE-2022-40204
@@ -8964,8 +9521,8 @@ CVE-2022-40878 (In Exam Reviewer Management System 1.0, an authenticated attacke
 	NOT-FOR-US: Exam Reviewer Management System
 CVE-2022-40877 (Exam Reviewer Management System 1.0 is vulnerable to SQL Injection via ...)
 	NOT-FOR-US: Exam Reviewer Management System
-CVE-2022-40876
-	RESERVED
+CVE-2022-40876 (In Tenda ax1803 v1.0.0.1, the http requests handled by the fromAdvSetM ...)
+	TODO: check
 CVE-2022-40875 (Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow in the ...)
 	NOT-FOR-US: Tenda
 CVE-2022-40874 (Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow vulner ...)
@@ -11128,12 +11685,12 @@ CVE-2022-39980
 	RESERVED
 CVE-2022-39979
 	RESERVED
-CVE-2022-39978
-	RESERVED
-CVE-2022-39977
-	RESERVED
-CVE-2022-39976
-	RESERVED
+CVE-2022-39978 (Online Pet Shop We App v1.0 was discovered to contain an arbitrary fil ...)
+	TODO: check
+CVE-2022-39977 (Online Pet Shop We App v1.0 was discovered to contain an arbitrary fil ...)
+	TODO: check
+CVE-2022-39976 (School Activity Updates with SMS Notification v1.0 was discovered to c ...)
+	TODO: check
 CVE-2022-39975 (The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Life ...)
 	NOT-FOR-US: Liferay
 CVE-2022-39974 (WASM3 v0.5.0 was discovered to contain a segmentation fault via the co ...)
@@ -16772,12 +17329,12 @@ CVE-2022-37917
 	RESERVED
 CVE-2022-37916
 	RESERVED
-CVE-2022-37915
-	RESERVED
-CVE-2022-37914
-	RESERVED
-CVE-2022-37913
-	RESERVED
+CVE-2022-37915 (A vulnerability in the web-based management interface of Aruba EdgeCon ...)
+	TODO: check
+CVE-2022-37914 (Vulnerabilities in the web-based management interface of Aruba EdgeCon ...)
+	TODO: check
+CVE-2022-37913 (Vulnerabilities in the web-based management interface of Aruba EdgeCon ...)
+	TODO: check
 CVE-2022-37912
 	RESERVED
 CVE-2022-37911
@@ -27774,8 +28331,8 @@ CVE-2022-33861
 	RESERVED
 CVE-2022-33860
 	RESERVED
-CVE-2022-33859
-	RESERVED
+CVE-2022-33859 (A security vulnerability was discovered in the Eaton Foreseer EPMS sof ...)
+	TODO: check
 CVE-2022-33858
 	RESERVED
 CVE-2022-33857
@@ -33386,8 +33943,8 @@ CVE-2022-31680 (The vCenter Server contains an unsafe deserialisation vulnerabil
 	NOT-FOR-US: VMware
 CVE-2022-31679 (Applications that allow HTTP PATCH access to resources exposed by Spri ...)
 	NOT-FOR-US: VMware
-CVE-2022-31678
-	RESERVED
+CVE-2022-31678 (VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE)  ...)
+	TODO: check
 CVE-2022-31677 (An Insufficient Session Expiration issue was discovered in the Pinnipe ...)
 	NOT-FOR-US: Pinniped Supervisor
 CVE-2022-31676 (VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege es ...)
@@ -38476,6 +39033,7 @@ CVE-2022-29972 (An argument injection vulnerability in the browser-based authent
 CVE-2022-29971 (An argument injection vulnerability in the browser-based authenticatio ...)
 	NOT-FOR-US: Magnitude Simba Amazon Athena ODBC Driver
 CVE-2022-29970 (Sinatra before 2.2.0 does not validate that the expanded path matches  ...)
+	{DLA-3166-1}
 	- ruby-sinatra 2.2.2-1 (bug #1014717)
 	NOTE: https://github.com/sinatra/sinatra/commit/462c3ca1db53ed3cfc394cf5948e9c948ad1c10e (v2.2.0)
 CVE-2022-29969 (The RSS extension before 2022-04-29 for MediaWiki allows XSS via an rs ...)
@@ -63484,12 +64042,12 @@ CVE-2022-0076
 	RESERVED
 CVE-2022-0075
 	RESERVED
-CVE-2022-0074
-	RESERVED
-CVE-2022-0073
-	RESERVED
-CVE-2022-0072
-	RESERVED
+CVE-2022-0074 (Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLite ...)
+	TODO: check
+CVE-2022-0073 (Improper Input Validation vulnerability in LiteSpeed Technologies Open ...)
+	TODO: check
+CVE-2022-0072 (Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSp ...)
+	TODO: check
 CVE-2022-0071 (Incomplete fix for CVE-2021-3101. Hotdog, prior to v1.0.2, did not mim ...)
 	NOT-FOR-US: Amazon Web Services hotpatch
 CVE-2022-0070 (Incomplete fix for CVE-2021-3100. The Apache Log4j hotpatch package st ...)
@@ -88232,16 +88790,16 @@ CVE-2021-38401 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to
 	NOT-FOR-US: Fuji Electric
 CVE-2021-38400 (An attacker with physical access to Boston Scientific Zoom Latitude Mo ...)
 	NOT-FOR-US: Boston Scientific Zoom Latitude Model 3120
-CVE-2021-38399
-	RESERVED
+CVE-2021-38399 (Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vuln ...)
+	TODO: check
 CVE-2021-38398 (The affected device uses off-the-shelf software components that contai ...)
 	NOT-FOR-US: Boston Scientific
-CVE-2021-38397
-	RESERVED
+CVE-2021-38397 (Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vuln ...)
+	TODO: check
 CVE-2021-38396 (The programmer installation utility does not perform a cryptographic a ...)
 	NOT-FOR-US: Boston Scientific
-CVE-2021-38395
-	RESERVED
+CVE-2021-38395 (Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vuln ...)
+	TODO: check
 CVE-2021-38394 (An attacker with physical access to the device can extract the binary  ...)
 	NOT-FOR-US: Boston Scientific
 CVE-2021-38393 (A Blind SQL injection vulnerability exists in the /DataHandler/Handler ...)
@@ -93767,8 +94325,8 @@ CVE-2021-36208
 	RESERVED
 CVE-2021-36207 (Under certain circumstances improper privilege management in Metasys A ...)
 	NOT-FOR-US: Metasys
-CVE-2021-36206
-	RESERVED
+CVE-2021-36206 (All versions of CEVAS prior to 1.01.46 do not sufficiently validate us ...)
+	TODO: check
 CVE-2021-36205 (Under certain circumstances the session token is not cleared on logout ...)
 	NOT-FOR-US: Johnson Controls
 CVE-2021-36204
@@ -197522,7 +198080,7 @@ CVE-2020-7563 (A CWE-787: Out-of-bounds Write vulnerability exists in the Web Se
 	NOT-FOR-US: Modicon
 CVE-2020-7562 (A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server o ...)
 	NOT-FOR-US: Modicon
-CVE-2020-7561 (A CWE-284: Improper Access Control vulnerability exists in Easergy T30 ...)
+CVE-2020-7561 (A CWE-306: Missing Authentication for Critical Function vulnerability  ...)
 	NOT-FOR-US: Easergy
 CVE-2020-7560 (A CWE-123: Write-what-where Condition vulnerability exists in EcoStrux ...)
 	NOT-FOR-US: EcoStruxure Control Expert



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6bf12a0e489298c3a9ebb46f79e04dad16e90837

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6bf12a0e489298c3a9ebb46f79e04dad16e90837
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221028/6e88ee7a/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list