[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Aug 22 21:12:30 BST 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
039f20e7 by security tracker role at 2023-08-22T20:12:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,101 @@
+CVE-2023-4475 (An Arbitrary File Movement vulnerability was found in ASUSTOR Data Mas ...)
+	TODO: check
+CVE-2023-4303 (Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error m ...)
+	TODO: check
+CVE-2023-4212 (A command injection vulnerability exists in Trane XL824, XL850, XL1050 ...)
+	TODO: check
+CVE-2023-3699 (An Improper Privilege Management vulnerability was found in ASUSTOR Da ...)
+	TODO: check
+CVE-2023-39599 (Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows att ...)
+	TODO: check
+CVE-2023-39141 (webui-aria2 commit 4fe2e was discovered to contain a path traversal vu ...)
+	TODO: check
+CVE-2023-38996 (An issue in all versions of Douran DSGate allows a local authenticated ...)
+	TODO: check
+CVE-2023-38909 (An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Applic ...)
+	TODO: check
+CVE-2023-38908 (An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Applic ...)
+	TODO: check
+CVE-2023-38906 (An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Applic ...)
+	TODO: check
+CVE-2023-38732 (IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allo ...)
+	TODO: check
+CVE-2023-38668 (Stack-based buffer over-read in disasm in nasm 2.16 allows attackers t ...)
+	TODO: check
+CVE-2023-38667 (Stack-based buffer over-read in function disasm in nasm 2.16 allows at ...)
+	TODO: check
+CVE-2023-38666 (Bento4 v1.6.0-639 was discovered to contain a segmentation violation v ...)
+	TODO: check
+CVE-2023-38665 (Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows att ...)
+	TODO: check
+CVE-2023-37440 (A vulnerability in the web-based management interfaceof EdgeConnect SD ...)
+	TODO: check
+CVE-2023-37439 (Multiple vulnerabilities in the web-based managementinterface of EdgeC ...)
+	TODO: check
+CVE-2023-37438 (Multiple vulnerabilities in the web-based managementinterface of EdgeC ...)
+	TODO: check
+CVE-2023-37437 (Multiple vulnerabilities in the web-based managementinterface of EdgeC ...)
+	TODO: check
+CVE-2023-37436 (Multiple vulnerabilities in the web-based managementinterface of EdgeC ...)
+	TODO: check
+CVE-2023-37435 (Multiple vulnerabilities in the web-based managementinterface of EdgeC ...)
+	TODO: check
+CVE-2023-37434 (Multiple vulnerabilities in the web-based managementinterface of EdgeC ...)
+	TODO: check
+CVE-2023-37433 (Multiple vulnerabilities in the web-based managementinterface of EdgeC ...)
+	TODO: check
+CVE-2023-37432 (Multiple vulnerabilities in the web-based managementinterface of EdgeC ...)
+	TODO: check
+CVE-2023-37431 (Multiple vulnerabilities in the web-based managementinterface of EdgeC ...)
+	TODO: check
+CVE-2023-37430 (Multiple vulnerabilities in the web-based managementinterface of EdgeC ...)
+	TODO: check
+CVE-2023-37429 (Multiple vulnerabilities in the web-based managementinterface of EdgeC ...)
+	TODO: check
+CVE-2023-37428 (A vulnerability in the EdgeConnect SD-WAN Orchestratorweb-based manage ...)
+	TODO: check
+CVE-2023-37427 (A vulnerability in the web-based management interface ofEdgeConnect SD ...)
+	TODO: check
+CVE-2023-37426 (EdgeConnect SD-WAN Orchestrator instances prior to theversions resolve ...)
+	TODO: check
+CVE-2023-37425 (A vulnerability in the web-based management interfaceof EdgeConnect SD ...)
+	TODO: check
+CVE-2023-37424 (A vulnerability in the web-based management interfaceof EdgeConnect SD ...)
+	TODO: check
+CVE-2023-37423 (Vulnerabilities in the web-based management interface of EdgeConnect S ...)
+	TODO: check
+CVE-2023-37422 (Vulnerabilities in the web-based management interface of EdgeConnect S ...)
+	TODO: check
+CVE-2023-37421 (Vulnerabilities in the web-based management interface of EdgeConnect S ...)
+	TODO: check
+CVE-2023-36281 (An issue in langchain v.0.0.171 allows a remote attacker to execute ar ...)
+	TODO: check
+CVE-2023-34853 (Buffer Overflow vulnerability in Supermicro motherboard X12DPG-QR 1.4b ...)
+	TODO: check
+CVE-2022-48571 (memcached 1.6.7 allows a Denial of Service via multi-packet uploads in ...)
+	TODO: check
+CVE-2022-48570 (Crypto++ through 8.4 contains a timing side channel in ECDSA signature ...)
+	TODO: check
+CVE-2022-48566 (An issue was discovered in compare_digest in Lib/hmac.py in Python thr ...)
+	TODO: check
+CVE-2022-48565 (An XML External Entity (XXE) issue was discovered in Python through 3. ...)
+	TODO: check
+CVE-2022-48564 (read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a po ...)
+	TODO: check
+CVE-2022-48560 (A use-after-free exists in Python through 3.9 via heappushpop in heapq ...)
+	TODO: check
+CVE-2022-48554 (File before 5.43 has an stack-based buffer over-read in file_copystr i ...)
+	TODO: check
+CVE-2022-48547 (A reflected cross-site scripting (XSS) vulnerability in Cacti 0.8.7g a ...)
+	TODO: check
+CVE-2022-48545 (An infinite recursion in Catalog::findDestInTree can cause denial of s ...)
+	TODO: check
+CVE-2022-48541 (A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote att ...)
+	TODO: check
+CVE-2022-48538 (In Cacti 1.2.19, there is an authentication bypass in the web login fu ...)
+	TODO: check
+CVE-2022-48522 (In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based c ...)
+	TODO: check
 CVE-2023-XXXX [RUSTSEC-2023-0053: rustls-webpki: CPU denial of service in certificate path building]
 	- rust-rustls-webpki <unfixed> (bug #1050298)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0053.html
@@ -462,9 +560,9 @@ CVE-2023-32453 (Dell BIOS contains an improper authentication vulnerability. A m
 	NOT-FOR-US: Dell
 CVE-2023-2737 (Improper log permissions in SafeNet Authentication ServiceVersion 3.4. ...)
 	NOT-FOR-US: SafeNet Authentication ServiceVersion
-CVE-2023-4302
+CVE-2023-4302 (A missing permission check in Jenkins Fortify Plugin 22.1.38 and earli ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-4301
+CVE-2023-4301 (A cross-site request forgery (CSRF) vulnerability in Jenkins Fortify P ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2023-40351 (A cross-site request forgery (CSRF) vulnerability in Jenkins Favorite  ...)
 	NOT-FOR-US: Jenkins plugin
@@ -16338,10 +16436,10 @@ CVE-2023-30081
 	RESERVED
 CVE-2023-30080
 	RESERVED
-CVE-2023-30079
-	RESERVED
-CVE-2023-30078
-	RESERVED
+CVE-2023-30079 (A stack overflow vulnerability exists in function read_file in atlibec ...)
+	TODO: check
+CVE-2023-30078 (A stack overflow vulnerability exists in function econf_writeFile in f ...)
+	TODO: check
 CVE-2023-30077 (Judging Management System v1.0 by oretnom23 was discovered to vulnerab ...)
 	NOT-FOR-US: Judging Management System
 CVE-2023-30076 (Sourcecodester Judging Management System v1.0 is vulnerable to SQL Inj ...)
@@ -17891,15 +17989,19 @@ CVE-2023-29458 (Duktape is an 3rd-party embeddable JavaScript engine, with a foc
 	NOTE: https://support.zabbix.com/browse/ZBX-22989
 	NOTE: duktape library introduced with https://github.com/zabbix/zabbix/commit/d43b04665c1ade5b4a9f49db750b8ca6c82e9de2 (5.0.0alpha1)
 CVE-2023-29457 (Reflected XSS attacks, occur when a malicious script is reflected off  ...)
+	{DLA-3538-1}
 	- zabbix <unfixed>
 	NOTE: https://support.zabbix.com/browse/ZBX-22988
 CVE-2023-29456 (URL validation scheme receives input from a user and then parses it to ...)
+	{DLA-3538-1}
 	- zabbix <unfixed>
 	NOTE: https://support.zabbix.com/browse/ZBX-22987
 CVE-2023-29455 (Reflected XSS attacks, also known as non-persistent attacks, occur whe ...)
+	{DLA-3538-1}
 	- zabbix <unfixed>
 	NOTE: https://support.zabbix.com/browse/ZBX-22986
 CVE-2023-29454 (Stored or persistent cross-site scripting (XSS) is a type of XSS where ...)
+	{DLA-3538-1}
 	- zabbix <unfixed>
 	NOTE: https://support.zabbix.com/browse/ZBX-22985
 CVE-2023-29453
@@ -17912,10 +18014,12 @@ CVE-2023-29452 (Currently, geomap configuration (Administration -> General -> Ge
 	NOTE: Patches links: https://support.zabbix.com/browse/ZBX-22720
 	NOTE: vulnerable geopmap widget introduced in version with https://github.com/zabbix/zabbix/commit/7e6a91149533b17b12c0317968b485e0c98d4ac2 (6.0.0alpha6)
 CVE-2023-29451 (Specially crafted string can cause a buffer overrun in the JSON parser ...)
+	{DLA-3538-1}
 	- zabbix <unfixed>
 	[bullseye] - zabbix <not-affected> (5.x not affected)
 	NOTE: https://support.zabbix.com/browse/ZBX-22587
 CVE-2023-29450 (JavaScript pre-processing can be used by the attacker to gain access t ...)
+	{DLA-3538-1}
 	- zabbix <unfixed>
 	NOTE: https://support.zabbix.com/browse/ZBX-22588
 	NOTE: Patch for 5.0.32rc1: https://github.com/zabbix/zabbix/commit/c3f1543e4
@@ -28964,12 +29068,12 @@ CVE-2023-25917
 	RESERVED
 CVE-2023-25916
 	RESERVED
-CVE-2023-25915
-	RESERVED
-CVE-2023-25914
-	RESERVED
-CVE-2023-25913
-	RESERVED
+CVE-2023-25915 (Due to improper input validation, a remote attacker could execute arbi ...)
+	TODO: check
+CVE-2023-25914 (Due to improper restriction, attackers could retrieve and read system  ...)
+	TODO: check
+CVE-2023-25913 (Because of an authentication flaw an attacker would be capable of gene ...)
+	TODO: check
 CVE-2023-25912 (The webreport generation feature in the Danfoss AK-EM100 allows an una ...)
 	NOT-FOR-US: Danfoss AK-EM100
 CVE-2023-25911 (The Danfoss AK-EM100 web applications allow for OS command injection t ...)
@@ -33189,7 +33293,7 @@ CVE-2023-24577 (McAfee Total Protection prior to 16.0.50 allows attackers to ele
 CVE-2023-24543
 	RESERVED
 CVE-2023-23908 (Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalab ...)
-	{DSA-5474-1}
+	{DSA-5474-1 DLA-3537-1}
 	- intel-microcode 3.20230808.1 (bug #1043305)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00836.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230808
@@ -33483,14 +33587,14 @@ CVE-2023-24519 (Two OS command injection vulnerability exist in the vtysh_ubus t
 	NOT-FOR-US: Milesight UR32L
 CVE-2023-24518
 	RESERVED
-CVE-2023-24517
-	RESERVED
-CVE-2023-24516
-	RESERVED
-CVE-2023-24515
-	RESERVED
-CVE-2023-24514
-	RESERVED
+CVE-2023-24517 (Unrestricted Upload of File with Dangerous Type vulnerability in the P ...)
+	TODO: check
+CVE-2023-24516 (Cross-site Scripting (XSS) vulnerability in the Pandora FMS Special Da ...)
+	TODO: check
+CVE-2023-24515 (Server-Side Request Forgery (SSRF) vulnerability in API checker of Pan ...)
+	TODO: check
+CVE-2023-24514 (Cross-site Scripting (XSS) vulnerability in Visual Console Module of P ...)
+	TODO: check
 CVE-2023-23546 (A misconfiguration vulnerability exists in the urvpn_client functional ...)
 	NOT-FOR-US: Milesight UR32L
 CVE-2023-0507 (Grafana is an open-source platform for monitoring and observability.   ...)
@@ -36380,12 +36484,12 @@ CVE-2023-23589 (The SafeSocks option in Tor before 0.4.7.13 has a logic error in
 	NOTE: https://gitlab.torproject.org/tpo/core/tor/-/commit/a282145b3634547ab84ccd959d0537c021ff7ffc
 CVE-2023-23566 (A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker t ...)
 	NOT-FOR-US: Axigen
-CVE-2023-23565
-	RESERVED
-CVE-2023-23564
-	RESERVED
-CVE-2023-23563
-	RESERVED
+CVE-2023-23565 (An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote  ...)
+	TODO: check
+CVE-2023-23564 (An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote  ...)
+	TODO: check
+CVE-2023-23563 (An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote  ...)
+	TODO: check
 CVE-2023-23562 (Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access ...)
 	NOT-FOR-US: Stormshield Endpoint Security
 CVE-2023-23561 (Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access ...)
@@ -40406,8 +40510,8 @@ CVE-2022-48176 (Netgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.1
 	NOT-FOR-US: Netgear
 CVE-2022-48175 (Rukovoditel v3.2.1 was discovered to contain a remote code execution ( ...)
 	NOT-FOR-US: Rukovoditel
-CVE-2022-48174
-	RESERVED
+CVE-2022-48174 (There is a stack overflow vulnerability in ash.c:6030 in busybox befor ...)
+	TODO: check
 CVE-2022-48173
 	RESERVED
 CVE-2022-48172
@@ -40624,12 +40728,12 @@ CVE-2022-48067 (An information disclosure vulnerability in Totolink A830R V4.1.2
 	NOT-FOR-US: TOTOLINK
 CVE-2022-48066 (An issue in the component global.so of Totolink A830R V4.1.2cu.5182 al ...)
 	NOT-FOR-US: TOTOLINK
-CVE-2022-48065
-	RESERVED
-CVE-2022-48064
-	RESERVED
-CVE-2022-48063
-	RESERVED
+CVE-2022-48065 (GNU Binutils before 2.40 was discovered to contain a memory leak vulne ...)
+	TODO: check
+CVE-2022-48064 (GNU Binutils before 2.40 was discovered to contain an excessive memory ...)
+	TODO: check
+CVE-2022-48063 (GNU Binutils before 2.40 was discovered to contain an excessive memory ...)
+	TODO: check
 CVE-2022-48062
 	RESERVED
 CVE-2022-48061
@@ -42181,10 +42285,10 @@ CVE-2022-47698 (COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) C
 	NOT-FOR-US: COMFAST Router
 CVE-2022-47697 (COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR62 ...)
 	NOT-FOR-US: COMFAST Router
-CVE-2022-47696
-	RESERVED
-CVE-2022-47695
-	RESERVED
+CVE-2022-47696 (An issue was discovered Binutils objdump before 2.39.3 allows attacker ...)
+	TODO: check
+CVE-2022-47695 (An issue was discovered Binutils objdump before 2.39.3 allows attacker ...)
+	TODO: check
 CVE-2022-47694
 	RESERVED
 CVE-2022-47693
@@ -42227,8 +42331,8 @@ CVE-2022-47675
 	RESERVED
 CVE-2022-47674
 	RESERVED
-CVE-2022-47673
-	RESERVED
+CVE-2022-47673 (An issue was discovered in Binutils addr2line before 2.39.3, function  ...)
+	TODO: check
 CVE-2022-47672
 	RESERVED
 CVE-2022-47671
@@ -45368,8 +45472,8 @@ CVE-2022-47071 (In NVS365 V01, the background network test function can trigger
 	NOT-FOR-US: NVS365 V01
 CVE-2022-47070 (NVS365 V01 is vulnerable to Incorrect Access Control. After entering a ...)
 	NOT-FOR-US: NVS365 V01
-CVE-2022-47069
-	RESERVED
+CVE-2022-47069 (p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerabi ...)
+	TODO: check
 CVE-2022-47068
 	RESERVED
 CVE-2022-47067
@@ -45464,8 +45568,8 @@ CVE-2022-47024 (A null pointer dereference issue was discovered in function gui_
 	NOTE: Crash in CLI tool, no security impact
 CVE-2022-47023
 	RESERVED
-CVE-2022-47022
-	RESERVED
+CVE-2022-47022 (An issue was discovered in open-mpi hwloc 2.1.0 allows attackers to ca ...)
+	TODO: check
 CVE-2022-47021 (A null pointer dereference issue was discovered in functions op_get_da ...)
 	- opusfile 0.12-4 (bug #1030049)
 	[bullseye] - opusfile <no-dsa> (Minor issue)
@@ -45497,16 +45601,16 @@ CVE-2022-47013
 	RESERVED
 CVE-2022-47012 (Use of uninitialized variable in function gen_eth_recv in GNS3 dynamip ...)
 	NOT-FOR-US: GNS3
-CVE-2022-47011
-	RESERVED
-CVE-2022-47010
-	RESERVED
+CVE-2022-47011 (An issue was discovered function parse_stab_struct_fields in stabs.c i ...)
+	TODO: check
+CVE-2022-47010 (An issue was discovered function pr_function_type in prdbg.c in Binuti ...)
+	TODO: check
 CVE-2022-47009
 	RESERVED
-CVE-2022-47008
-	RESERVED
-CVE-2022-47007
-	RESERVED
+CVE-2022-47008 (An issue was discovered function make_tempdir, and make_tempname in bu ...)
+	TODO: check
+CVE-2022-47007 (An issue was discovered function stab_demangle_v3_arg in stabs.c in Bi ...)
+	TODO: check
 CVE-2022-47006
 	RESERVED
 CVE-2022-47005
@@ -49558,8 +49662,8 @@ CVE-2022-45705
 	RESERVED
 CVE-2022-45704
 	RESERVED
-CVE-2022-45703
-	RESERVED
+CVE-2022-45703 (Heap buffer overflow vulnerability in binutils readelf before 2.40 via ...)
+	TODO: check
 CVE-2022-45702
 	RESERVED
 CVE-2022-45701 (Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution ...)
@@ -49747,8 +49851,8 @@ CVE-2022-45613 (Book Store Management System v1.0 was discovered to contain a cr
 	NOT-FOR-US: Book Store Management System
 CVE-2022-45612
 	RESERVED
-CVE-2022-45611
-	RESERVED
+CVE-2022-45611 (An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows  ...)
+	TODO: check
 CVE-2022-45610
 	RESERVED
 CVE-2022-45609
@@ -49805,8 +49909,8 @@ CVE-2022-45584
 	RESERVED
 CVE-2022-45583
 	RESERVED
-CVE-2022-45582
-	RESERVED
+CVE-2022-45582 (Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1. ...)
+	TODO: check
 CVE-2022-45581
 	RESERVED
 CVE-2022-45580
@@ -52210,8 +52314,8 @@ CVE-2022-44842
 	RESERVED
 CVE-2022-44841
 	RESERVED
-CVE-2022-44840
-	RESERVED
+CVE-2022-44840 (Heap buffer overflow vulnerability in binutils readelf before 2.40 via ...)
+	TODO: check
 CVE-2022-44839
 	RESERVED
 CVE-2022-44838 (Automotive Shop Management System v1.0 was discovered to contain a SQL ...)
@@ -52515,10 +52619,10 @@ CVE-2022-44748 (A directory traversal vulnerability in the ZIP archive extractio
 	NOT-FOR-US: KNIME
 CVE-2022-44731 (A vulnerability has been identified in SIMATIC WinCC OA V3.15 (All ver ...)
 	NOT-FOR-US: Siemens
-CVE-2022-44730
-	RESERVED
-CVE-2022-44729
-	RESERVED
+CVE-2022-44730 (Server-Side Request Forgery (SSRF) vulnerability in Apache Software Fo ...)
+	TODO: check
+CVE-2022-44729 (Server-Side Request Forgery (SSRF) vulnerability in Apache Software Fo ...)
+	TODO: check
 CVE-2022-44728
 	RESERVED
 CVE-2022-44727 (The EU Cookie Law GDPR (Banner + Blocker) module before 2.1.3 for Pres ...)
@@ -54972,8 +55076,8 @@ CVE-2022-44217
 	RESERVED
 CVE-2022-44216 (Gnuboard 5.5.4 and 5.5.5 is vulnerable to Insecure Permissions. An att ...)
 	NOT-FOR-US: Gnuboard
-CVE-2022-44215
-	RESERVED
+CVE-2022-44215 (There is an open redirect vulnerability in Titan FTP server 19.0 and b ...)
+	TODO: check
 CVE-2022-44214
 	RESERVED
 CVE-2022-44213 (ZKTeco Xiamen Information Technology ZKBio ECO ADMS <=3.1-164 is vulne ...)
@@ -58567,6 +58671,7 @@ CVE-2022-43517 (A vulnerability has been identified in Simcenter STAR-CCM+ (All
 CVE-2022-43516 (A Firewall Rule which allows all incoming TCP connections to all progr ...)
 	- zabbix <not-affected> (Specific to Windows)
 CVE-2022-43515 (Zabbix Frontend provides a feature that allows admins to maintain the  ...)
+	{DLA-3538-1}
 	- zabbix 1:6.0.13+dfsg-1 (bug #1026847)
 	[bullseye] - zabbix <ignored> (Minor issue)
 	NOTE: https://support.zabbix.com/browse/ZBX-22050
@@ -59172,10 +59277,10 @@ CVE-2022-43360
 	RESERVED
 CVE-2022-43359 (Gifdec commit 1dcbae19363597314f6623010cc80abad4e47f7c was discovered  ...)
 	NOT-FOR-US: Gifdec
-CVE-2022-43358
-	RESERVED
-CVE-2022-43357
-	RESERVED
+CVE-2022-43358 (Stack overflow vulnerability in ast_selectors.cpp: in function Sass::C ...)
+	TODO: check
+CVE-2022-43357 (Stack overflow vulnerability in ast_selectors.cpp in function Sass::Co ...)
+	TODO: check
 CVE-2022-43356
 	RESERVED
 CVE-2022-43355 (Sanitization Management System v1.0 was discovered to contain a SQL in ...)
@@ -63460,7 +63565,7 @@ CVE-2022-41816
 CVE-2022-41815
 	RESERVED
 CVE-2022-41804 (Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some  ...)
-	{DSA-5474-1}
+	{DSA-5474-1 DLA-3537-1}
 	- intel-microcode 3.20230808.1 (bug #1043305)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00837.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230808
@@ -64208,7 +64313,7 @@ CVE-2022-41342 (Improper buffer restrictions in the Intel(R) C++ Compiler Classi
 CVE-2022-41314 (Uncontrolled search path in some Intel(R) Network Adapter installer so ...)
 	NOT-FOR-US: Intel
 CVE-2022-40982 (Information exposure through microarchitectural state after transient  ...)
-	{DSA-5475-1 DSA-5474-1 DLA-3525-1 DLA-3524-1}
+	{DSA-5475-1 DSA-5474-1 DLA-3537-1 DLA-3525-1 DLA-3524-1}
 	- linux 6.4.4-3
 	- intel-microcode 3.20230808.1 (bug #1043305)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/08/08/5
@@ -64569,8 +64674,8 @@ CVE-2022-41446 (An access control issue in /Admin/dashboard.php of Record Manage
 	NOT-FOR-US: Record Management System
 CVE-2022-41445 (A cross-site scripting (XSS) vulnerability in Record Management System ...)
 	NOT-FOR-US: Record Management System
-CVE-2022-41444
-	RESERVED
+CVE-2022-41444 (Cross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via crafted P ...)
+	TODO: check
 CVE-2022-41443 (phpipam v1.5.0 was discovered to contain a header injection vulnerabil ...)
 	- phpipam <itp> (bug #731713)
 CVE-2022-41442 (PicUploader v2.6.3 was discovered to contain cross-site scripting (XSS ...)
@@ -67121,8 +67226,8 @@ CVE-2022-40435 (Employee Performance Evaluation System v1.0 was discovered to co
 	NOT-FOR-US: Employee Performance Evaluation System
 CVE-2022-40434 (Softr v2.0 was discovered to be vulnerable to HTML injection via the N ...)
 	NOT-FOR-US: Softr
-CVE-2022-40433
-	RESERVED
+CVE-2022-40433 (An issue was discovered in function ciMethodBlocks::make_block_at in O ...)
+	TODO: check
 CVE-2022-40432 (The d8s-strings for python, as distributed on PyPI, included a potenti ...)
 	NOT-FOR-US: d8s-strings for python
 CVE-2022-40431 (The d8s-pdfs for python, as distributed on PyPI, included a potential  ...)
@@ -67985,8 +68090,8 @@ CVE-2022-40092 (Online Tours & Travels Management System v1.0 was discovered to
 	NOT-FOR-US: Online Tours & Travels Management System
 CVE-2022-40091 (Online Tours & Travels Management System v1.0 was discovered to contai ...)
 	NOT-FOR-US: Online Tours & Travels Management System
-CVE-2022-40090
-	RESERVED
+CVE-2022-40090 (An issue was discovered in function TIFFReadDirectory libtiff before 4 ...)
+	TODO: check
 CVE-2022-40089 (A remote file inclusion (RFI) vulnerability in Simple College Website  ...)
 	NOT-FOR-US: Simple College Website
 CVE-2022-40088 (Simple College Website v1.0 was discovered to contain a reflected cros ...)
@@ -72949,8 +73054,8 @@ CVE-2022-38351 (A vulnerability in Suprema BioStar (aka Bio Star) 2 v2.8.16 allo
 	NOT-FOR-US: Suprema Bio Star
 CVE-2022-38350
 	RESERVED
-CVE-2022-38349
-	RESERVED
+CVE-2022-38349 (An issue was discovered in Poppler 22.08.0. There is a reachable asser ...)
+	TODO: check
 CVE-2022-38348
 	RESERVED
 CVE-2022-38347
@@ -76336,12 +76441,12 @@ CVE-2022-37054
 	RESERVED
 CVE-2022-37053 (TRENDnet TEW733GR v1.03B01 is vulnerable to Command injection via /htd ...)
 	NOT-FOR-US: Trendnet
-CVE-2022-37052
-	RESERVED
-CVE-2022-37051
-	RESERVED
-CVE-2022-37050
-	RESERVED
+CVE-2022-37052 (A reachable Object::getString assertion in Poppler 22.07.0 allows atta ...)
+	TODO: check
+CVE-2022-37051 (An issue was discovered in Poppler 22.07.0. There is a reachable abort ...)
+	TODO: check
+CVE-2022-37050 (In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers t ...)
+	TODO: check
 CVE-2022-37049 (The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a  ...)
 	- tcpreplay 4.4.2-1 (unimportant; bug #1018057)
 	NOTE: https://github.com/appneta/tcpreplay/issues/736
@@ -77417,8 +77522,8 @@ CVE-2022-36650
 	RESERVED
 CVE-2022-36649
 	RESERVED
-CVE-2022-36648
-	RESERVED
+CVE-2022-36648 (The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device ...)
+	TODO: check
 CVE-2022-36647 (PKUVCL davs2 v1.6.205 was discovered to contain a global buffer overfl ...)
 	- davs2 <unfixed> (bug #1019358)
 	NOTE: https://github.com/pkuvcl/davs2/issues/29
@@ -81196,7 +81301,7 @@ CVE-2022-35230 (An authenticated user can create a link with reflected Javascrip
 	NOTE: https://support.zabbix.com/browse/ZBX-21305
 	NOTE: Fixed in: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/3b47a97676ee9ca4e16566f1931c456459108eae (5.0.25rc1)
 CVE-2022-35229 (An authenticated user can create a link with reflected Javascript code ...)
-	{DLA-3390-1}
+	{DLA-3538-1 DLA-3390-1}
 	[experimental] - zabbix 1:6.0.6+dfsg-1
 	- zabbix 1:6.0.7+dfsg-2 (bug #1014992)
 	[bullseye] - zabbix <no-dsa> (Minor issue)
@@ -81301,10 +81406,10 @@ CVE-2022-35208
 	RESERVED
 CVE-2022-35207
 	RESERVED
-CVE-2022-35206
-	RESERVED
-CVE-2022-35205
-	RESERVED
+CVE-2022-35206 (Null pointer dereference vulnerability in Binutils readelf 2.38.50 via ...)
+	TODO: check
+CVE-2022-35205 (An issue was discovered in Binutils readelf 2.38.50, reachable asserti ...)
+	TODO: check
 CVE-2022-35204 (Vitejs Vite before v2.9.13 was discovered to allow attackers to perfor ...)
 	NOT-FOR-US: Vitejs Vite
 CVE-2022-35203 (An access control issue in TrendNet TV-IP572PI v1.0 allows unauthentic ...)
@@ -84775,8 +84880,8 @@ CVE-2022-34040
 	RESERVED
 CVE-2022-34039
 	RESERVED
-CVE-2022-34038
-	RESERVED
+CVE-2022-34038 (Etcd v3.5.4 allows remote attackers to cause a denial of service via f ...)
+	TODO: check
 CVE-2022-34037 (An out-of-bounds read in the rewrite function at /modules/caddyhttp/re ...)
 	NOT-FOR-US: Caddy
 CVE-2022-34036
@@ -97272,8 +97377,8 @@ CVE-2022-29656 (Wedding Management System v1.0 was discovered to contain a SQL i
 	NOT-FOR-US: Wedding Management System
 CVE-2022-29655 (An arbitrary file upload vulnerability in the Upload Photos module of  ...)
 	NOT-FOR-US: Wedding Management System
-CVE-2022-29654
-	RESERVED
+CVE-2022-29654 (Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm ...)
+	TODO: check
 CVE-2022-29653 (OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vu ...)
 	NOT-FOR-US: OFCMS
 CVE-2022-29652 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...)
@@ -102109,18 +102214,18 @@ CVE-2022-28075
 	RESERVED
 CVE-2022-28074 (Halo-1.5.0 was discovered to contain a stored cross-site scripting (XS ...)
 	NOT-FOR-US: Halo
-CVE-2022-28073
-	RESERVED
-CVE-2022-28072
-	RESERVED
-CVE-2022-28071
-	RESERVED
-CVE-2022-28070
-	RESERVED
-CVE-2022-28069
-	RESERVED
-CVE-2022-28068
-	RESERVED
+CVE-2022-28073 (A use after free in r_reg_set_value function in radare2 5.4.2 and 5.4. ...)
+	TODO: check
+CVE-2022-28072 (A heap buffer overflow in r_read_le32 function in radare25.4.2 and 5.4 ...)
+	TODO: check
+CVE-2022-28071 (A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5 ...)
+	TODO: check
+CVE-2022-28070 (A null pointer deference in __core_anal_fcn function in radare2 5.4.2  ...)
+	TODO: check
+CVE-2022-28069 (A heap buffer overflow in vax_opfunction in radare2 5.4.2 and 5.4.0.)
+	TODO: check
+CVE-2022-28068 (A heap buffer overflow in r_sleb128 function in radare2 5.4.2 and 5.4. ...)
+	TODO: check
 CVE-2022-28067 (An incorrect access control issue in Sandboxie Classic v5.55.13 allows ...)
 	NOT-FOR-US: Sandboxie Classic
 CVE-2022-28066
@@ -106288,8 +106393,8 @@ CVE-2022-26594 (Multiple cross-site scripting (XSS) vulnerabilities in Liferay P
 	NOT-FOR-US: Liferay
 CVE-2022-26593 (Cross-site scripting (XSS) vulnerability in the Asset module's asset c ...)
 	NOT-FOR-US: Liferay
-CVE-2022-26592
-	RESERVED
+CVE-2022-26592 (Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector ...)
+	TODO: check
 CVE-2022-26591 (FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows unauthenticated attac ...)
 	NOT-FOR-US: FANTEC GmbH MWiD25-DS Firmware
 CVE-2022-26590
@@ -110809,8 +110914,8 @@ CVE-2022-25026 (A Server-Side Request Forgery (SSRF) in Rocket TRUfusion Portal
 	NOT-FOR-US: Rocket TRUfusion Portal
 CVE-2022-25025
 	RESERVED
-CVE-2022-25024
-	RESERVED
+CVE-2022-25024 (The json2xml package through 3.12.0 for Python allows an error in type ...)
+	TODO: check
 CVE-2022-25023 (Audio File commit 004065d was discovered to contain a heap-buffer over ...)
 	NOT-FOR-US: AudioFile (different from src:audiofile)
 CVE-2022-25022 (A cross-site scripting (XSS) vulnerability in Htmly v2.8.1 allows atta ...)
@@ -117147,8 +117252,8 @@ CVE-2021-46313 (The binary MP4Box in GPAC v1.0.1 was discovered to contain a seg
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2039
 	NOTE: https://github.com/gpac/gpac/commit/ee969d3c4c425ecb25999eb68ada616925b58eba (v2.0.0)
-CVE-2021-46312
-	RESERVED
+CVE-2021-46312 (An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in all ...)
+	TODO: check
 CVE-2021-46311 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the ...)
 	- gpac 2.0.0+dfsg1-2
 	[bullseye] - gpac <ignored> (Minor issue)
@@ -117156,8 +117261,8 @@ CVE-2021-46311 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 v
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2038
 	NOTE: https://github.com/gpac/gpac/commit/ad19e0c4504a89ca273442b1b1483ae7adfb9491 (v2.0.0)
-CVE-2021-46310
-	RESERVED
+CVE-2021-46310 (An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows at ...)
+	TODO: check
 CVE-2021-46309 (An SQL Injection vulnerability exists in Sourcecodester Employee and V ...)
 	NOT-FOR-US: Sourcecodester
 CVE-2021-46308 (An SQL Injection vulnerability exists in Sourcecodester Online Railway ...)
@@ -118932,8 +119037,8 @@ CVE-2021-46181
 	RESERVED
 CVE-2021-46180
 	RESERVED
-CVE-2021-46179
-	RESERVED
+CVE-2021-46179 (Reachable Assertion vulnerability in upx before 4.0.0 allows attackers ...)
+	TODO: check
 CVE-2021-46178
 	RESERVED
 CVE-2021-46177
@@ -118942,8 +119047,8 @@ CVE-2021-46176
 	RESERVED
 CVE-2021-46175
 	RESERVED
-CVE-2021-46174
-	RESERVED
+CVE-2021-46174 (Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump  ...)
+	TODO: check
 CVE-2021-46173
 	RESERVED
 CVE-2021-46172
@@ -132972,8 +133077,8 @@ CVE-2021-43172 (NLnet Labs Routinator prior to 0.10.2 happily processes a chain
 	NOTE: https://github.com/NLnetLabs/routinator/pull/665
 CVE-2021-3917 (A flaw was found in the coreos-installer, where it writes the Ignition ...)
 	NOT-FOR-US: coreos-installer
-CVE-2021-43171
-	RESERVED
+CVE-2021-43171 (Improper verification of applications' cryptographic signatures in the ...)
+	TODO: check
 CVE-2021-43170
 	RESERVED
 CVE-2021-43169
@@ -141835,16 +141940,16 @@ CVE-2021-40268
 	RESERVED
 CVE-2021-40267
 	RESERVED
-CVE-2021-40266
-	RESERVED
-CVE-2021-40265
-	RESERVED
-CVE-2021-40264
-	RESERVED
-CVE-2021-40263
-	RESERVED
-CVE-2021-40262
-	RESERVED
+CVE-2021-40266 (FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vul ...)
+	TODO: check
+CVE-2021-40265 (A heap overflow bug exists FreeImage before 1.18.0 via ofLoad function ...)
+	TODO: check
+CVE-2021-40264 (NULL pointer dereference vulnerability in FreeImage before 1.18.0 via  ...)
+	TODO: check
+CVE-2021-40263 (A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad funct ...)
+	TODO: check
+CVE-2021-40262 (A stack exhaustion issue was discovered in FreeImage before 1.18.0 via ...)
+	TODO: check
 CVE-2021-40261 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCod ...)
 	NOT-FOR-US: SourceCodester
 CVE-2021-40260 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCod ...)
@@ -141949,8 +142054,8 @@ CVE-2021-40213
 	RESERVED
 CVE-2021-40212 (An exploitable out-of-bounds write vulnerability in PotPlayer 1.7.2152 ...)
 	NOT-FOR-US: PotPlayer
-CVE-2021-40211
-	RESERVED
+CVE-2021-40211 (An issue was discovered with ImageMagick 7.1.0-4 via Division by zero  ...)
+	TODO: check
 CVE-2021-40210
 	RESERVED
 CVE-2021-40209
@@ -154276,8 +154381,8 @@ CVE-2021-35311
 	RESERVED
 CVE-2021-35310
 	RESERVED
-CVE-2021-35309
-	RESERVED
+CVE-2021-35309 (An issue discovered in Samsung SyncThru Web Service SPL 5.93 06-09-201 ...)
+	TODO: check
 CVE-2021-35308
 	RESERVED
 CVE-2021-35307 (An issue was discovered in Bento4 through v1.6.0-636. A NULL pointer d ...)
@@ -156863,8 +156968,8 @@ CVE-2021-34195
 	RESERVED
 CVE-2021-34194
 	RESERVED
-CVE-2021-34193
-	RESERVED
+CVE-2021-34193 (Stack overflow vulnerability in OpenSC smart card middleware before 0. ...)
+	TODO: check
 CVE-2021-34192
 	RESERVED
 CVE-2021-34191
@@ -158935,12 +159040,12 @@ CVE-2021-33391 (An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute a
 	[buster] - tidy-html5 <no-dsa> (Minor issue)
 	NOTE: https://github.com/htacg/tidy-html5/issues/946
 	NOTE: https://github.com/htacg/tidy-html5/commit/efa61528aa500a1efbd2768121820742d3bb709b
-CVE-2021-33390
-	RESERVED
+CVE-2021-33390 (dpic 2021.04.10 has a use-after-free in thedeletestringbox() function  ...)
+	TODO: check
 CVE-2021-33389
 	RESERVED
-CVE-2021-33388
-	RESERVED
+CVE-2021-33388 (dpic 2021.04.10 has a Heap Buffer Overflow in themakevar() function in ...)
+	TODO: check
 CVE-2021-33387 (Cross Site Scripting Vulnerability in MiniCMS v.1.10 allows attacker t ...)
 	NOT-FOR-US: MiniCMS
 CVE-2021-33386
@@ -161559,12 +161664,12 @@ CVE-2021-32424 (In TrendNet TW100-S4W1CA 2.3.32, due to a lack of proper session
 	NOT-FOR-US: TrendNet TW100-S4W1CA
 CVE-2021-32423
 	RESERVED
-CVE-2021-32422
-	RESERVED
-CVE-2021-32421
-	RESERVED
-CVE-2021-32420
-	RESERVED
+CVE-2021-32422 (dpic 2021.01.01 has a Global buffer overflow in theyylex() function in ...)
+	TODO: check
+CVE-2021-32421 (dpic 2021.01.01 has a Heap Use-After-Free in thedeletestringbox() func ...)
+	TODO: check
+CVE-2021-32420 (dpic 2021.01.01 has a Heap-based Buffer Overflow in thestorestring fun ...)
+	TODO: check
 CVE-2021-32419 (An issue in Schism Tracker v20200412 fixed in v.20200412 allows attack ...)
 	- schism 2:20210525-2 (unimportant)
 	NOTE: https://github.com/schismtracker/schismtracker/issues/249
@@ -161830,8 +161935,8 @@ CVE-2021-32294 (An issue was discovered in libgig through 20200507. A heap-buffe
 	NOTE: https://github.com/drbye78/libgig/issues/1
 CVE-2021-32293
 	RESERVED
-CVE-2021-32292
-	RESERVED
+CVE-2021-32292 (An issue was discovered in json-c through 0.15-20200726. A stack-buffe ...)
+	TODO: check
 CVE-2021-32291
 	RESERVED
 CVE-2021-32290
@@ -168041,8 +168146,8 @@ CVE-2021-30049 (SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via
 	NOT-FOR-US: SysAid
 CVE-2021-30048 (Directory Traversal in the fileDownload function in com/java2nb/common ...)
 	NOT-FOR-US: Novel-plus
-CVE-2021-30047
-	RESERVED
+CVE-2021-30047 (VSFTPD 3.0.3 allows attackers to cause a denial of service due to limi ...)
+	TODO: check
 CVE-2021-30046 (VIGRA Computer Vision Library Version-1-11-1 contains a segmentation f ...)
 	NOT-FOR-US: VIGRA Computer Vision Library
 CVE-2021-30045 (SerenityOS 2021-03-27 contains a buffer overflow vulnerability in the  ...)
@@ -169837,8 +169942,8 @@ CVE-2021-29392
 	RESERVED
 CVE-2021-29391
 	RESERVED
-CVE-2021-29390
-	RESERVED
+CVE-2021-29390 (libjpeg-turbo version 2.0.90 is vulnerable to a heap-buffer-overflow v ...)
+	TODO: check
 CVE-2021-29389
 	RESERVED
 CVE-2021-29388 (A stored cross-site scripting (XSS) vulnerability in SourceCodester Bu ...)
@@ -195136,8 +195241,8 @@ CVE-2020-35360
 	RESERVED
 CVE-2020-35359 (Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server  ...)
 	NOTE: Bogus issue, can be configured using MaxClientsPerIP in pure-ftpd.conf configuration file
-CVE-2020-35357
-	RESERVED
+CVE-2020-35357 (A buffer overflow can occur when calculating the quantile value using  ...)
+	TODO: check
 CVE-2020-35356
 	RESERVED
 CVE-2020-35355
@@ -195166,8 +195271,8 @@ CVE-2020-35344
 	RESERVED
 CVE-2020-35343
 	RESERVED
-CVE-2020-35342
-	RESERVED
+CVE-2020-35342 (GNU Binutils before 2.34 has an uninitialized-heap vulnerability in fu ...)
+	TODO: check
 CVE-2020-35341
 	RESERVED
 CVE-2020-35340 (A local file inclusion vulnerability in ExpertPDF 9.5.0 through 14.1.0 ...)
@@ -208380,8 +208485,8 @@ CVE-2020-26685
 	RESERVED
 CVE-2020-26684
 	RESERVED
-CVE-2020-26683
-	RESERVED
+CVE-2020-26683 (A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Softw ...)
+	TODO: check
 CVE-2020-26682 (In libass 0.14.0, the `ass_outline_construct`'s call to `outline_strok ...)
 	- libass 1:0.15.0-1 (bug #975108)
 	[buster] - libass <no-dsa> (Minor issue)
@@ -208449,8 +208554,8 @@ CVE-2020-26654
 	RESERVED
 CVE-2020-26653
 	RESERVED
-CVE-2020-26652
-	RESERVED
+CVE-2020-26652 (An issue was discovered in function nl80211_send_chandef in rtl8812au  ...)
+	TODO: check
 CVE-2020-26651
 	RESERVED
 CVE-2020-26650 (AtomXCMS 2.0 is affected by Arbitrary File Read via admin/dump.php)
@@ -210282,8 +210387,8 @@ CVE-2020-25889 (Online Bus Booking System Project Using PHP/MySQL version 1.0 ha
 	NOT-FOR-US: Online Bus Booking System Project Using PHP/MySQL
 CVE-2020-25888
 	RESERVED
-CVE-2020-25887
-	RESERVED
+CVE-2020-25887 (Buffer overflow in mg_resolve_from_hosts_file in Mongoose 6.18, when r ...)
+	TODO: check
 CVE-2020-25886
 	RESERVED
 CVE-2020-25885
@@ -214355,14 +214460,14 @@ CVE-2020-24297 (httpd on TP-Link TL-WPA4220 devices (versions 2 through 4) allow
 	NOT-FOR-US: TP-Link
 CVE-2020-24296
 	RESERVED
-CVE-2020-24295
-	RESERVED
-CVE-2020-24294
-	RESERVED
-CVE-2020-24293
-	RESERVED
-CVE-2020-24292
-	RESERVED
+CVE-2020-24295 (Buffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in Fre ...)
+	TODO: check
+CVE-2020-24294 (Buffer Overflow vulnerability in psdParser::UnpackRLE function in PSDP ...)
+	TODO: check
+CVE-2020-24293 (Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp i ...)
+	TODO: check
+CVE-2020-24292 (Buffer Overflow vulnerability in load function in PluginICO.cpp in Fre ...)
+	TODO: check
 CVE-2020-24291
 	RESERVED
 CVE-2020-24290
@@ -214995,8 +215100,8 @@ CVE-2020-23994
 	RESERVED
 CVE-2020-23993
 	RESERVED
-CVE-2020-23992
-	RESERVED
+CVE-2020-23992 (Cross Site Scripting (XSS) in Nagios XI 5.7.1 allows remote attackers  ...)
+	TODO: check
 CVE-2020-23991
 	RESERVED
 CVE-2020-23990
@@ -215425,8 +215530,8 @@ CVE-2020-23806
 	RESERVED
 CVE-2020-23805
 	RESERVED
-CVE-2020-23804
-	RESERVED
+CVE-2020-23804 (Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allow ...)
+	TODO: check
 CVE-2020-23803
 	RESERVED
 CVE-2020-23802
@@ -215447,8 +215552,8 @@ CVE-2020-23795
 	RESERVED
 CVE-2020-23794
 	RESERVED
-CVE-2020-23793
-	RESERVED
+CVE-2020-23793 (An issue was discovered in spice-server spice-server-0.14.0-6.el7_6.1. ...)
+	TODO: check
 CVE-2020-23792
 	RESERVED
 CVE-2020-23791
@@ -217290,8 +217395,8 @@ CVE-2020-22918
 	RESERVED
 CVE-2020-22917
 	RESERVED
-CVE-2020-22916
-	RESERVED
+CVE-2020-22916 (An issue discovered in XZ 5.2.5 allows attackers to cause a denial of  ...)
+	TODO: check
 CVE-2020-22915
 	RESERVED
 CVE-2020-22914
@@ -217897,8 +218002,8 @@ CVE-2020-22630
 	RESERVED
 CVE-2020-22629
 	RESERVED
-CVE-2020-22628
-	RESERVED
+CVE-2020-22628 (Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\ ...)
+	TODO: check
 CVE-2020-22627
 	RESERVED
 CVE-2020-22626
@@ -218024,8 +218129,8 @@ CVE-2020-22572
 	RESERVED
 CVE-2020-22571
 	RESERVED
-CVE-2020-22570
-	RESERVED
+CVE-2020-22570 (Memcached 1.6.0 before 1.6.3 allows remote attackers to cause a denial ...)
+	TODO: check
 CVE-2020-22569
 	RESERVED
 CVE-2020-22568
@@ -218116,8 +218221,8 @@ CVE-2020-22526
 	RESERVED
 CVE-2020-22525
 	RESERVED
-CVE-2020-22524
-	RESERVED
+CVE-2020-22524 (Buffer Overflow vulnerability in FreeImage_Load function in FreeImage  ...)
+	TODO: check
 CVE-2020-22523
 	RESERVED
 CVE-2020-22522
@@ -218755,12 +218860,12 @@ CVE-2020-22221
 	RESERVED
 CVE-2020-22220
 	RESERVED
-CVE-2020-22219
-	RESERVED
-CVE-2020-22218
-	RESERVED
-CVE-2020-22217
-	RESERVED
+CVE-2020-22219 (Buffer Overflow vulnerability in function bitwriter_grow_ in flac befo ...)
+	TODO: check
+CVE-2020-22218 (An issue was discovered in function _libssh2_packet_add in libssh2 1.1 ...)
+	TODO: check
+CVE-2020-22217 (Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via  ...)
+	TODO: check
 CVE-2020-22216
 	RESERVED
 CVE-2020-22215
@@ -218831,8 +218936,8 @@ CVE-2020-22183
 	RESERVED
 CVE-2020-22182
 	RESERVED
-CVE-2020-22181
-	RESERVED
+CVE-2020-22181 (A reflected cross site scripting (XSS) vulnerability was discovered on ...)
+	TODO: check
 CVE-2020-22180
 	RESERVED
 CVE-2020-22179
@@ -219532,8 +219637,8 @@ CVE-2020-21898
 	RESERVED
 CVE-2020-21897
 	RESERVED
-CVE-2020-21896
-	RESERVED
+CVE-2020-21896 (A Use After Free vulnerability in svg_dev_text_span_as_paths_defs func ...)
+	TODO: check
 CVE-2020-21895
 	RESERVED
 CVE-2020-21894
@@ -219544,8 +219649,8 @@ CVE-2020-21892
 	RESERVED
 CVE-2020-21891
 	RESERVED
-CVE-2020-21890
-	RESERVED
+CVE-2020-21890 (Buffer Overflow vulnerability in clj_media_size function in devices/gd ...)
+	TODO: check
 CVE-2020-21889
 	RESERVED
 CVE-2020-21888
@@ -219876,12 +219981,12 @@ CVE-2020-21726 (OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /
 	NOT-FOR-US: OpenSNS
 CVE-2020-21725 (OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Contro ...)
 	NOT-FOR-US: OpenSNS
-CVE-2020-21724
-	RESERVED
-CVE-2020-21723
-	RESERVED
-CVE-2020-21722
-	RESERVED
+CVE-2020-21724 (Buffer Overflow vulnerability in ExtractorInformation function in stre ...)
+	TODO: check
+CVE-2020-21723 (A Segmentation Fault issue discovered StreamSerializer::extractStreams ...)
+	TODO: check
+CVE-2020-21722 (Buffer Overflow vulnerability in oggvideotools 0.9.1 allows remote att ...)
+	TODO: check
 CVE-2020-21721
 	RESERVED
 CVE-2020-21720
@@ -219904,8 +220009,8 @@ CVE-2020-21712
 	RESERVED
 CVE-2020-21711
 	RESERVED
-CVE-2020-21710
-	RESERVED
+CVE-2020-21710 (A divide by zero issue discovered in eps_print_page in gdevepsn.c in A ...)
+	TODO: check
 CVE-2020-21709
 	RESERVED
 CVE-2020-21708
@@ -219926,8 +220031,8 @@ CVE-2020-21701
 	RESERVED
 CVE-2020-21700
 	RESERVED
-CVE-2020-21699
-	RESERVED
+CVE-2020-21699 (The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 ...)
+	TODO: check
 CVE-2020-21698
 	RESERVED
 CVE-2020-21697 (A heap-use-after-free in the mpeg_mux_write_packet function in libavfo ...)
@@ -219960,12 +220065,12 @@ CVE-2020-21688 (A heap-use-after-free in the av_freep function in libavutil/mem.
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=22c3cd176079dd104ec7610ead697235b04396f1 (4.4)
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f7c9b1ed56b98eede5756d6865a10305982b4570 (4.1.9)
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f1a77222da98dbe4b8eeda54d68deefe6adcd299 (3.2.17)
-CVE-2020-21687
-	RESERVED
-CVE-2020-21686
-	RESERVED
-CVE-2020-21685
-	RESERVED
+CVE-2020-21687 (Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2. ...)
+	TODO: check
+CVE-2020-21686 (A stack-use-after-scope issue discovered in expand_mmac_params functio ...)
+	TODO: check
+CVE-2020-21685 (Buffer Overflow vulnerability in hash_findi function in hashtbl.c in n ...)
+	TODO: check
 CVE-2020-21684 (A global buffer overflow in the put_font in genpict2e.c of fig2dev 3.2 ...)
 	- fig2dev 1:3.2.8-1 (unimportant)
 	- transfig <removed>
@@ -219998,8 +220103,8 @@ CVE-2020-21680 (A stack-based buffer overflow in the put_arrow() component in ge
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/3165d86c31c6323913239fdc6460be6ababd3826/ (3.2.8)
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/100e2789f8106f9cc0f7e4319c4ee7bda076c3ac/ (3.2.8)
 	NOTE: Crash in CLI tool, no security impact
-CVE-2020-21679
-	RESERVED
+CVE-2020-21679 (Buffer Overflow vulnerability in WritePCXImage function in pcx.c in Gr ...)
+	TODO: check
 CVE-2020-21678 (A global buffer overflow in the genmp_writefontmacro_latex component i ...)
 	- fig2dev 1:3.2.8-1 (unimportant)
 	- transfig <removed>
@@ -220253,8 +220358,8 @@ CVE-2020-21585 (Vulnerability in emlog v6.0.0 allows user to upload webshells vi
 	NOT-FOR-US: emlog
 CVE-2020-21584
 	RESERVED
-CVE-2020-21583
-	RESERVED
+CVE-2020-21583 (An issue was discovered in hwclock.13-v2.27 allows attackers to gain e ...)
+	TODO: check
 CVE-2020-21582
 	RESERVED
 CVE-2020-21581
@@ -220405,8 +220510,8 @@ CVE-2020-21529 (fig2dev 3.2.7b contains a stack buffer overflow in the bezier_sp
 	NOTE: https://sourceforge.net/p/mcj/tickets/65/
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/d70e4ba6308046f71cb51f67db8412155af52411/ (3.2.8)
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/e3cee2576438f47a3b8678c6960472e625f8f7d7/ (3.2.8)
-CVE-2020-21528
-	RESERVED
+CVE-2020-21528 (A Segmentation Fault issue discovered in in ieee_segment function in o ...)
+	TODO: check
 CVE-2020-21527 (There is an Arbitrary file deletion vulnerability in halo v1.1.3. A ba ...)
 	NOT-FOR-US: Halo
 CVE-2020-21526 (An Arbitrary file writing vulnerability in halo v1.1.3. In an interfac ...)
@@ -220481,8 +220586,8 @@ CVE-2020-21492
 	RESERVED
 CVE-2020-21491
 	RESERVED
-CVE-2020-21490
-	RESERVED
+CVE-2020-21490 (An issue was discovered in GNU Binutils 2.34. It is a memory leak when ...)
+	TODO: check
 CVE-2020-21489 (File Upload vulnerability in Feehicms v.2.0.8 allows a remote attacker ...)
 	NOT-FOR-US: Feehicms
 CVE-2020-21488
@@ -220523,8 +220628,8 @@ CVE-2020-21471
 	RESERVED
 CVE-2020-21470
 	RESERVED
-CVE-2020-21469
-	RESERVED
+CVE-2020-21469 (An issue was discovered in PostgreSQL 12.2 allows attackers to cause a ...)
+	TODO: check
 CVE-2020-21468 (A segmentation fault in the redis-server component of Redis 5.0.7 lead ...)
 	- redis <unfixed> (unimportant)
 	NOTE: https://github.com/redis/redis/issues/6633
@@ -220607,12 +220712,12 @@ CVE-2020-21430
 	RESERVED
 CVE-2020-21429
 	RESERVED
-CVE-2020-21428
-	RESERVED
-CVE-2020-21427
-	RESERVED
-CVE-2020-21426
-	RESERVED
+CVE-2020-21428 (Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in  ...)
+	TODO: check
+CVE-2020-21427 (Buffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginB ...)
+	TODO: check
+CVE-2020-21426 (Buffer Overflow vulnerability in function C_IStream::read in PluginEXR ...)
+	TODO: check
 CVE-2020-21425
 	RESERVED
 CVE-2020-21424
@@ -221385,8 +221490,8 @@ CVE-2020-21048 (An issue in the dither.c component of libsixel prior to v1.8.4 a
 	NOTE: https://github.com/saitoha/libsixel/issues/73
 	NOTE: https://github.com/saitoha/libsixel/commit/cb373ab6614c910407c5e5a93ab935144e62b037 (v1.8.4)
 	NOTE: https://github.com/saitoha/libsixel/commit/26ac06f3623279348f0dce2d191a9b6ca0c80226 (v1.8.4)
-CVE-2020-21047
-	RESERVED
+CVE-2020-21047 (The libcpu component which is used by libasm of elfutils version 0.177 ...)
+	TODO: check
 CVE-2020-21046 (A local privilege escalation vulnerability was identified within the " ...)
 	NOT-FOR-US: EagleGet for Windows
 CVE-2020-21045
@@ -221887,8 +221992,8 @@ CVE-2020-20815
 	RESERVED
 CVE-2020-20814
 	RESERVED
-CVE-2020-20813
-	RESERVED
+CVE-2020-20813 (Control Channel in OpenVPN 2.4.7 and earlier allows remote attackers t ...)
+	TODO: check
 CVE-2020-20812
 	RESERVED
 CVE-2020-20811
@@ -223268,8 +223373,8 @@ CVE-2020-20147
 	RESERVED
 CVE-2020-20146
 	RESERVED
-CVE-2020-20145
-	RESERVED
+CVE-2020-20145 (An issue was discovered in /src/helper.c in Dnsmasq up to and includin ...)
+	TODO: check
 CVE-2020-20144
 	RESERVED
 CVE-2020-20143
@@ -223740,8 +223845,8 @@ CVE-2020-19911
 	RESERVED
 CVE-2020-19910
 	RESERVED
-CVE-2020-19909
-	RESERVED
+CVE-2020-19909 (Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via cr ...)
+	TODO: check
 CVE-2020-19908
 	RESERVED
 CVE-2020-19907 (A command injection vulnerability in the sandcat plugin of Caldera 2.3 ...)
@@ -224134,12 +224239,12 @@ CVE-2020-19728
 	RESERVED
 CVE-2020-19727
 	RESERVED
-CVE-2020-19726
-	RESERVED
-CVE-2020-19725
-	RESERVED
-CVE-2020-19724
-	RESERVED
+CVE-2020-19726 (An issue was discovered in binutils libbfd.c 2.36 relating to the auxi ...)
+	TODO: check
+CVE-2020-19725 (There is a use-after-free vulnerability in file pdd_simplifier.cpp in  ...)
+	TODO: check
+CVE-2020-19724 (A memory consumption issue in get_data function in binutils/nm.c in GN ...)
+	TODO: check
 CVE-2020-19723
 	RESERVED
 CVE-2020-19722 (An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1. ...)
@@ -224609,7 +224714,7 @@ CVE-2020-19502
 CVE-2020-19501
 	RESERVED
 CVE-2020-19500
-	RESERVED
+	REJECTED
 CVE-2020-19499 (An issue was discovered in heif::Box_iref::get_references in libheif 1 ...)
 	- libheif 1.5.0-1
 	[buster] - libheif <no-dsa> (Minor issue)
@@ -225284,18 +225389,18 @@ CVE-2020-19192
 	RESERVED
 CVE-2020-19191
 	RESERVED
-CVE-2020-19190
-	RESERVED
-CVE-2020-19189
-	RESERVED
-CVE-2020-19188
-	RESERVED
-CVE-2020-19187
-	RESERVED
-CVE-2020-19186
-	RESERVED
-CVE-2020-19185
-	RESERVED
+CVE-2020-19190 (Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:7 ...)
+	TODO: check
+CVE-2020-19189 (Buffer Overflow vulnerability in postprocess_terminfo function in tinf ...)
+	TODO: check
+CVE-2020-19188 (Buffer Overflow vulnerability in fmt_entry function in progs/dump_entr ...)
+	TODO: check
+CVE-2020-19187 (Buffer Overflow vulnerability in fmt_entry function in progs/dump_entr ...)
+	TODO: check
+CVE-2020-19186 (Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp ...)
+	TODO: check
+CVE-2020-19185 (Buffer Overflow vulnerability in one_one_mapping function in progs/dum ...)
+	TODO: check
 CVE-2020-19184
 	RESERVED
 CVE-2020-19183
@@ -226020,8 +226125,8 @@ CVE-2020-18841
 	RESERVED
 CVE-2020-18840
 	RESERVED
-CVE-2020-18839
-	RESERVED
+CVE-2020-18839 (Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 ...)
+	TODO: check
 CVE-2020-18838
 	RESERVED
 CVE-2020-18837
@@ -226036,8 +226141,8 @@ CVE-2020-18833
 	RESERVED
 CVE-2020-18832
 	RESERVED
-CVE-2020-18831
-	RESERVED
+CVE-2020-18831 (Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cp ...)
+	TODO: check
 CVE-2020-18830
 	RESERVED
 CVE-2020-18829
@@ -226136,10 +226241,10 @@ CVE-2020-18783
 	RESERVED
 CVE-2020-18782
 	RESERVED
-CVE-2020-18781
-	RESERVED
-CVE-2020-18780
-	RESERVED
+CVE-2020-18781 (Heap buffer overflow vulnerability in FilePOSIX::read in File.cpp in a ...)
+	TODO: check
+CVE-2020-18780 (A Use After Free vulnerability in function new_Token in asm/preproc.c  ...)
+	TODO: check
 CVE-2020-18779
 	RESERVED
 CVE-2020-18778 (In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_p_ ...)
@@ -226168,12 +226273,12 @@ CVE-2020-18771 (Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal
 	- exiv2 0.27.2-6
 	[stretch] - exiv2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/Exiv2/exiv2/issues/756
-CVE-2020-18770
-	RESERVED
+CVE-2020-18770 (An issue was discovered in function zzip_disk_entry_to_file_header in  ...)
+	TODO: check
 CVE-2020-18769
 	RESERVED
-CVE-2020-18768
-	RESERVED
+CVE-2020-18768 (There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in  ...)
+	TODO: check
 CVE-2020-18767
 	RESERVED
 CVE-2020-18766 (A cross-site scripting (XSS) vulnerability AntSword v2.0.7 can remotel ...)
@@ -226412,10 +226517,10 @@ CVE-2020-18654 (Cross Site Scripting (XSS) in Wuzhi CMS v4.1.0 allows remote att
 	NOT-FOR-US: Wuzhi CMS
 CVE-2020-18653
 	RESERVED
-CVE-2020-18652
-	RESERVED
-CVE-2020-18651
-	RESERVED
+CVE-2020-18652 (Buffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and  ...)
+	TODO: check
+CVE-2020-18651 (Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::get ...)
+	TODO: check
 CVE-2020-18650
 	RESERVED
 CVE-2020-18649
@@ -226728,8 +226833,8 @@ CVE-2020-18496
 	RESERVED
 CVE-2020-18495
 	RESERVED
-CVE-2020-18494
-	RESERVED
+CVE-2020-18494 (Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1 ...)
+	TODO: check
 CVE-2020-18493
 	RESERVED
 CVE-2020-18492
@@ -226967,16 +227072,16 @@ CVE-2020-18384
 	RESERVED
 CVE-2020-18383
 	RESERVED
-CVE-2020-18382
-	RESERVED
+CVE-2020-18382 (Heap-buffer-overflow in /src/wasm/wasm-binary.cpp in wasm::WasmBinaryB ...)
+	TODO: check
 CVE-2020-18381
 	RESERVED
 CVE-2020-18380
 	RESERVED
 CVE-2020-18379
 	RESERVED
-CVE-2020-18378
-	RESERVED
+CVE-2020-18378 (A NULL pointer dereference was discovered in SExpressionWasmBuilder::m ...)
+	TODO: check
 CVE-2020-18377
 	RESERVED
 CVE-2020-18376
@@ -227267,8 +227372,8 @@ CVE-2020-18234
 	RESERVED
 CVE-2020-18233
 	RESERVED
-CVE-2020-18232
-	RESERVED
+CVE-2020-18232 (Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1 ...)
+	TODO: check
 CVE-2020-18231
 	RESERVED
 CVE-2020-18230 (Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers t ...)
@@ -253201,7 +253306,7 @@ CVE-2020-8641 (Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of
 	NOT-FOR-US: Lotus Core CMS
 CVE-2019-20447 (Jobberbase 2.0 has SQL injection via the PATH_INFO to the jobs-in endp ...)
 	NOT-FOR-US: Jobberbase CMS
-CVE-2020-27418
+CVE-2020-27418 (A Use After Free vulnerability in Fedora Linux kernel 5.9.0-rc9 allows ...)
 	- linux 5.5.13-1
 	[buster] - linux 4.19.118-1
 	NOTE: https://patchwork.freedesktop.org/patch/356372/
@@ -272038,6 +272143,7 @@ CVE-2019-19396 (illumos, as used in OmniOS Community Edition before r151030y, al
 CVE-2019-19395
 	RESERVED
 CVE-2013-7484 (Zabbix before 5.0 represents passwords in the users table with unsalte ...)
+	{DLA-3538-1}
 	- zabbix 1:5.0.0+dfsg-1
 	[stretch] - zabbix <no-dsa> (Minor issue)
 	[jessie] - zabbix <no-dsa> (Minor issue)
@@ -281221,6 +281327,7 @@ CVE-2019-17384 (The animate-it plugin before 2.3.4 for WordPress has XSS.)
 CVE-2019-17383 (The netaddr gem before 2.0.4 for Ruby has misconfigured file permissio ...)
 	- ruby-netaddr <not-affected> (Upstream packaging issue)
 CVE-2019-17382 (An issue was discovered in zabbix.php?action=dashboard.view&dashboardi ...)
+	{DLA-3538-1}
 	- zabbix 1:5.0.0+dfsg-1
 	[stretch] - zabbix <ignored> (Minor issue, no patch, guest accounts can be disabled)
 	[jessie] - zabbix <no-dsa> (Minor issue, guest accounts can be disabled)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/039f20e7e8985db473a6905f2d7a7eb78a0fdce7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/039f20e7e8985db473a6905f2d7a7eb78a0fdce7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230822/f750326d/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list