[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jan 20 20:10:29 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
034f37a3 by security tracker role at 2023-01-20T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,139 @@
+CVE-2023-24021 (In ModSecurity before 2.9.7, FILES_TMP_CONTENT sometimes lacked the co ...)
+ TODO: check
+CVE-2023-24012
+ RESERVED
+CVE-2023-24011
+ RESERVED
+CVE-2023-24010
+ RESERVED
+CVE-2023-24009
+ RESERVED
+CVE-2023-24008
+ RESERVED
+CVE-2023-24007
+ RESERVED
+CVE-2023-24006
+ RESERVED
+CVE-2023-24005
+ RESERVED
+CVE-2023-24004
+ RESERVED
+CVE-2023-24003
+ RESERVED
+CVE-2023-24002
+ RESERVED
+CVE-2023-24001
+ RESERVED
+CVE-2023-24000
+ RESERVED
+CVE-2023-23999
+ RESERVED
+CVE-2023-23998
+ RESERVED
+CVE-2023-23997
+ RESERVED
+CVE-2023-23996
+ RESERVED
+CVE-2023-23995
+ RESERVED
+CVE-2023-23994
+ RESERVED
+CVE-2023-23993
+ RESERVED
+CVE-2023-23992
+ RESERVED
+CVE-2023-23991
+ RESERVED
+CVE-2023-23990
+ RESERVED
+CVE-2023-23989
+ RESERVED
+CVE-2023-23988
+ RESERVED
+CVE-2023-23987
+ RESERVED
+CVE-2023-23986
+ RESERVED
+CVE-2023-23985
+ RESERVED
+CVE-2023-23984
+ RESERVED
+CVE-2023-23983
+ RESERVED
+CVE-2023-23982
+ RESERVED
+CVE-2023-23981
+ RESERVED
+CVE-2023-23980
+ RESERVED
+CVE-2023-23979
+ RESERVED
+CVE-2023-23978
+ RESERVED
+CVE-2023-23977
+ RESERVED
+CVE-2023-23976
+ RESERVED
+CVE-2023-23975
+ RESERVED
+CVE-2023-23974
+ RESERVED
+CVE-2023-23973
+ RESERVED
+CVE-2023-23972
+ RESERVED
+CVE-2023-23971
+ RESERVED
+CVE-2023-23970
+ RESERVED
+CVE-2023-23907
+ RESERVED
+CVE-2023-23902
+ RESERVED
+CVE-2023-23571
+ RESERVED
+CVE-2023-23547
+ RESERVED
+CVE-2023-22844
+ RESERVED
+CVE-2023-22659
+ RESERVED
+CVE-2023-22319
+ RESERVED
+CVE-2023-22306
+ RESERVED
+CVE-2023-0430
+ RESERVED
+CVE-2023-0429
+ RESERVED
+CVE-2023-0428
+ RESERVED
+CVE-2023-0427
+ RESERVED
+CVE-2023-0426
+ RESERVED
+CVE-2023-0425
+ RESERVED
+CVE-2023-0424
+ RESERVED
+CVE-2023-0423
+ RESERVED
+CVE-2023-0422
+ RESERVED
+CVE-2023-0421
+ RESERVED
+CVE-2023-0420
+ RESERVED
+CVE-2023-0419
+ RESERVED
+CVE-2023-0418
+ RESERVED
+CVE-2022-4894
+ RESERVED
+CVE-2022-4893
+ RESERVED
+CVE-2022-48279 (In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart reque ...)
+ TODO: check
CVE-2023-23969
RESERVED
CVE-2023-23968
@@ -803,8 +939,8 @@ CVE-2023-23693
RESERVED
CVE-2023-23692
RESERVED
-CVE-2023-23691
- RESERVED
+CVE-2023-23691 (Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Clie ...)
+ TODO: check
CVE-2023-23690 (Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contai ...)
NOT-FOR-US: EMC
CVE-2023-23689
@@ -1163,7 +1299,8 @@ CVE-2014-125080 (A vulnerability has been found in frontaccounting faplanet and
NOT-FOR-US: frontaccounting faplanet
CVE-2013-10012 (A vulnerability, which was classified as critical, was found in antonb ...)
NOT-FOR-US: antonbolling clan7ups
-CVE-2010-10005 (A vulnerability was found in msmania poodim. It has been declared as c ...)
+CVE-2010-10005
+ REJECTED
NOT-FOR-US: msmania poodim
CVE-2023-23596 (jc21 NGINX Proxy Manager through 2.9.19 allows OS command injection. W ...)
NOT-FOR-US: jc21 NGINX Proxy Manager
@@ -1524,16 +1661,16 @@ CVE-2021-46872 (An issue was discovered in Nim before 1.6.2. The RST module of t
[bullseye] - nim <no-dsa> (Minor issue)
NOTE: https://github.com/nim-lang/Nim/pull/19134
NOTE: https://github.com/nim-lang/Nim/commit/9338aa24977e84a33b9a7802eaff0777fcf4d9c3
-CVE-2023-23492
- RESERVED
-CVE-2023-23491
- RESERVED
-CVE-2023-23490
- RESERVED
-CVE-2023-23489
- RESERVED
-CVE-2023-23488
- RESERVED
+CVE-2023-23492 (The Login with Phone Number WordPress Plugin, version < 1.4.2, is a ...)
+ TODO: check
+CVE-2023-23491 (The Quick Event Manager WordPress Plugin, version < 9.7.5, is affec ...)
+ TODO: check
+CVE-2023-23490 (The Survey Maker WordPress Plugin, version < 3.1.2, is affected by ...)
+ TODO: check
+CVE-2023-23489 (The Easy Digital Downloads WordPress Plugin, version < 3.1.0.4, is ...)
+ TODO: check
+CVE-2023-23488 (The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affe ...)
+ TODO: check
CVE-2023-23487
RESERVED
CVE-2023-23486
@@ -2305,12 +2442,12 @@ CVE-2023-23147
RESERVED
CVE-2023-23146
RESERVED
-CVE-2023-23145
- RESERVED
-CVE-2023-23144
- RESERVED
-CVE-2023-23143
- RESERVED
+CVE-2023-23145 (GPAC version 2.2-rev0-gab012bbfb-master was discovered to contain a me ...)
+ TODO: check
+CVE-2023-23144 (Integer overflow vulnerability in function Q_DecCoordOnUnitSphere file ...)
+ TODO: check
+CVE-2023-23143 (Buffer overflow vulnerability in function avc_parse_slice in file medi ...)
+ TODO: check
CVE-2023-23142
RESERVED
CVE-2023-23141
@@ -2595,8 +2732,8 @@ CVE-2023-23026
RESERVED
CVE-2023-23025
RESERVED
-CVE-2023-23024
- RESERVED
+CVE-2023-23024 (Book Store Management System v1.0 was discovered to contain a cross-si ...)
+ TODO: check
CVE-2023-23023
RESERVED
CVE-2023-23022
@@ -2613,18 +2750,18 @@ CVE-2023-23017
RESERVED
CVE-2023-23016
RESERVED
-CVE-2023-23015
- RESERVED
-CVE-2023-23014
- RESERVED
+CVE-2023-23015 (Cross Site Scripting (XSS) vulnerability in Kalkun 0.8.0 via username ...)
+ TODO: check
+CVE-2023-23014 (Cross Site Scripting (XSS) vulnerability in InventorySystem thru commi ...)
+ TODO: check
CVE-2023-23013
RESERVED
-CVE-2023-23012
- RESERVED
+CVE-2023-23012 (Cross Site Scripting (XSS) vulnerability in craigrodway classroombooki ...)
+ TODO: check
CVE-2023-23011
RESERVED
-CVE-2023-23010
- RESERVED
+CVE-2023-23010 (Cross Site Scripting (XSS) vulnerability in Ecommerce-CodeIgniter-Boot ...)
+ TODO: check
CVE-2023-23009
RESERVED
CVE-2023-23008
@@ -2715,8 +2852,8 @@ CVE-2023-22966
RESERVED
CVE-2023-22965
RESERVED
-CVE-2023-22964
- RESERVED
+CVE-2023-22964 (Zoho ManageEngine ServiceDesk Plus MSP through 13003 is vulnerable to ...)
+ TODO: check
CVE-2023-22963 (The personnummer implementation before 3.0.3 for Dart mishandles numbe ...)
NOT-FOR-US: Dart language (different from src:dart)
CVE-2023-22962
@@ -2945,13 +3082,11 @@ CVE-2023-22914
RESERVED
CVE-2023-22913
RESERVED
-CVE-2023-22912
- RESERVED
+CVE-2023-22912 (An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.3 ...)
NOT-FOR-US: MediaWiki extension CheckUser
CVE-2023-22911 (An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.3 ...)
NOT-FOR-US: MediaWiki extension Widgets
-CVE-2023-22910
- RESERVED
+CVE-2023-22910 (An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.3 ...)
NOT-FOR-US: MediaWiki extension WikiBase
CVE-2023-22909 (An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.3 ...)
NOT-FOR-US: MediaWiki extension MobileFrontend
@@ -3830,8 +3965,8 @@ CVE-2023-0103
RESERVED
CVE-2023-0102
RESERVED
-CVE-2023-0101
- RESERVED
+CVE-2023-0101 (A privilege escalation vulnerability was identified in Nessus versions ...)
+ TODO: check
CVE-2023-0100
RESERVED
CVE-2023-0099
@@ -4833,8 +4968,7 @@ CVE-2023-22461 (The `sanitize-svg` package, a small SVG sanitizer to prevent cro
NOT-FOR-US: sanitize-svg
CVE-2023-22460 (go-ipld-prime is an implementation of the InterPlanetary Linked Data ( ...)
NOT-FOR-US: go-ipld-prime
-CVE-2023-22458
- RESERVED
+CVE-2023-22458 (Redis is an in-memory database that persists on disk. Authenticated us ...)
- redis <unfixed>
NOTE: https://github.com/redis/redis/commit/3f1f02034ce674cad8268f958cf8c39944b240c6 (7.0.8)
CVE-2023-22457 (CKEditor Integration UI adds support for editing wiki pages using CKEd ...)
@@ -4925,8 +5059,8 @@ CVE-2022-48154
RESERVED
CVE-2022-48153
RESERVED
-CVE-2022-48152
- RESERVED
+CVE-2022-48152 (SQL Injection vulnerability in RemoteClinic 2.0 allows attackers to ex ...)
+ TODO: check
CVE-2022-48151
RESERVED
CVE-2022-48150
@@ -4977,20 +5111,20 @@ CVE-2022-48128
RESERVED
CVE-2022-48127
RESERVED
-CVE-2022-48126
- RESERVED
-CVE-2022-48125
- RESERVED
-CVE-2022-48124
- RESERVED
-CVE-2022-48123
- RESERVED
-CVE-2022-48122
- RESERVED
-CVE-2022-48121
- RESERVED
-CVE-2022-48120
- RESERVED
+CVE-2022-48126 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...)
+ TODO: check
+CVE-2022-48125 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...)
+ TODO: check
+CVE-2022-48124 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...)
+ TODO: check
+CVE-2022-48123 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...)
+ TODO: check
+CVE-2022-48122 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...)
+ TODO: check
+CVE-2022-48121 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...)
+ TODO: check
+CVE-2022-48120 (SQL Injection vulnerability in kishan0725 Hospital Management System t ...)
+ TODO: check
CVE-2022-48119
RESERVED
CVE-2022-48118
@@ -6528,8 +6662,8 @@ CVE-2022-47749
RESERVED
CVE-2022-47748
RESERVED
-CVE-2022-47747
- RESERVED
+CVE-2022-47747 (kraken <= 0.1.4 has an arbitrary file read vulnerability via the co ...)
+ TODO: check
CVE-2022-47746
RESERVED
CVE-2022-47745 (ZenTao 16.4 to 18.0.beta1 is vulnerable to SQL injection. After loggin ...)
@@ -6558,8 +6692,8 @@ CVE-2022-47734
RESERVED
CVE-2022-47733
RESERVED
-CVE-2022-47732
- RESERVED
+CVE-2022-47732 (In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthe ...)
+ TODO: check
CVE-2022-47731
RESERVED
CVE-2022-47730
@@ -9808,14 +9942,14 @@ CVE-2022-47026
RESERVED
CVE-2022-47025
RESERVED
-CVE-2022-47024
- RESERVED
+CVE-2022-47024 (A null pointer dereference issue was discovered in function gui_x11_cr ...)
+ TODO: check
CVE-2022-47023
RESERVED
CVE-2022-47022
RESERVED
-CVE-2022-47021
- RESERVED
+CVE-2022-47021 (A null pointer dereference issue was discovered in functions op_get_da ...)
+ TODO: check
CVE-2022-47020
RESERVED
CVE-2022-47019
@@ -9824,16 +9958,16 @@ CVE-2022-47018
RESERVED
CVE-2022-47017
RESERVED
-CVE-2022-47016
- RESERVED
-CVE-2022-47015
- RESERVED
+CVE-2022-47016 (A null pointer dereference issue was discovered in function window_pan ...)
+ TODO: check
+CVE-2022-47015 (MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of S ...)
+ TODO: check
CVE-2022-47014
RESERVED
CVE-2022-47013
RESERVED
-CVE-2022-47012
- RESERVED
+CVE-2022-47012 (Use of uninitialized variable in function gen_eth_recv in GNS3 dynamip ...)
+ TODO: check
CVE-2022-47011
RESERVED
CVE-2022-47010
@@ -13676,8 +13810,8 @@ CVE-2022-45750
RESERVED
CVE-2022-45749
RESERVED
-CVE-2022-45748
- RESERVED
+CVE-2022-45748 (An issue was discovered with assimp 5.1.4, a use after free occurred i ...)
+ TODO: check
CVE-2022-45747
RESERVED
CVE-2022-45746
@@ -14060,10 +14194,10 @@ CVE-2022-45560
RESERVED
CVE-2022-45559
RESERVED
-CVE-2022-45558
- RESERVED
-CVE-2022-45557
- RESERVED
+CVE-2022-45558 (Cross site scripting (XSS) vulnerability in Hundredrabbits Left 7.1.5 ...)
+ TODO: check
+CVE-2022-45557 (Cross site scripting (XSS) vulnerability in Hundredrabbits Left 7.1.5 ...)
+ TODO: check
CVE-2022-45556
RESERVED
CVE-2022-45555
@@ -14092,18 +14226,18 @@ CVE-2022-45544
RESERVED
CVE-2022-45543
RESERVED
-CVE-2022-45542
- RESERVED
-CVE-2022-45541
- RESERVED
-CVE-2022-45540
- RESERVED
-CVE-2022-45539
- RESERVED
-CVE-2022-45538
- RESERVED
-CVE-2022-45537
- RESERVED
+CVE-2022-45542 (EyouCMS <= 1.6.0 was discovered a reflected-XSS in the FileManager ...)
+ TODO: check
+CVE-2022-45541 (EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article attr ...)
+ TODO: check
+CVE-2022-45540 (EyouCMS <= 1.6.0 was discovered a reflected-XSS in article type edi ...)
+ TODO: check
+CVE-2022-45539 (EyouCMS <= 1.6.0 was discovered a reflected-XSS in FileManager comp ...)
+ TODO: check
+CVE-2022-45538 (EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publ ...)
+ TODO: check
+CVE-2022-45537 (EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publ ...)
+ TODO: check
CVE-2022-45536 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability ...)
NOT-FOR-US: AeroCMS
CVE-2022-45535 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability ...)
@@ -20176,8 +20310,8 @@ CVE-2022-43961
RESERVED
CVE-2022-43960
RESERVED
-CVE-2022-43959
- RESERVED
+CVE-2022-43959 (Insufficiently Protected Credentials in the AD/LDAP server settings in ...)
+ TODO: check
CVE-2022-3736
RESERVED
CVE-2022-3735 (A vulnerability was found in seccome Ehoney. It has been rated as crit ...)
@@ -22063,8 +22197,8 @@ CVE-2022-43705 (In Botan before 2.19.3, it is possible to forge OCSP responses d
NOTE: https://github.com/randombit/botan/commit/991b0159282781f2d5c06ff42a9ff00ee563e96b (2.19.3)
NOTE: https://github.com/randombit/botan/commit/a33689613127f319c0047fb96f092de16e7cb350 (2.19.3)
NOTE: https://github.com/randombit/botan/commit/909c62717855402e04dbaf8ffc085f444d547aae (2.19.3)
-CVE-2022-43704
- RESERVED
+CVE-2022-43704 (The Sinilink XY-WFT1 WiFi Remote Thermostat, running firmware 1.3.6, a ...)
+ TODO: check
CVE-2022-43703
RESERVED
CVE-2022-43702
@@ -24512,6 +24646,7 @@ CVE-2022-3478
RESERVED
- gitlab <unfixed>
CVE-2022-42906 (powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbi ...)
+ {DLA-3277-1}
- powerline-gitstatus 1.3.2-1
[bullseye] - powerline-gitstatus 1.3.2-0+deb11u1
NOTE: https://github.com/jaspernbrouwer/powerline-gitstatus/issues/45
@@ -27586,8 +27721,8 @@ CVE-2022-41735 (IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 t
NOT-FOR-US: IBM
CVE-2022-41734
RESERVED
-CVE-2022-41733
- RESERVED
+CVE-2022-41733 (IBM InfoSphere Information Server 11.7 could allow a remote attacked t ...)
+ TODO: check
CVE-2022-41732 (IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear t ...)
NOT-FOR-US: IBM
CVE-2022-41731
@@ -28391,8 +28526,8 @@ CVE-2022-41443 (phpipam v1.5.0 was discovered to contain a header injection vuln
- phpipam <itp> (bug #731713)
CVE-2022-41442 (PicUploader v2.6.3 was discovered to contain cross-site scripting (XSS ...)
NOT-FOR-US: PicUploader
-CVE-2022-41441
- RESERVED
+CVE-2022-41441 (Multiple cross-site scripting (XSS) vulnerabilities in ReQlogic v11.3 ...)
+ TODO: check
CVE-2022-41440 (Billing System Project v1.0 was discovered to contain a SQL injection ...)
NOT-FOR-US: Billing System Project
CVE-2022-41439 (Billing System Project v1.0 was discovered to contain a SQL injection ...)
@@ -31258,8 +31393,8 @@ CVE-2022-40269
RESERVED
CVE-2022-40268
RESERVED
-CVE-2022-40267
- RESERVED
+CVE-2022-40267 (Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerabilit ...)
+ TODO: check
CVE-2022-40266 (Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 ...)
NOT-FOR-US: Mitsubishi
CVE-2022-40265 (Improper Input Validation vulnerability in Mitsubishi Electric Corpora ...)
@@ -33891,8 +34026,7 @@ CVE-2022-39195 (A cross-site scripting (XSS) vulnerability in the LISTSERV 17 we
NOT-FOR-US: LISTSERV
CVE-2022-39194 (An issue was discovered in the MediaWiki through 1.38.2. The community ...)
NOT-FOR-US: MediaWiki extension GrowthExperiments
-CVE-2022-39193
- RESERVED
+CVE-2022-39193 (An issue was discovered in the CheckUser extension for MediaWiki throu ...)
NOT-FOR-US: MediaWiki extension CheckUser
CVE-2022-39192
RESERVED
@@ -37346,12 +37480,12 @@ CVE-2022-38114 (This vulnerability occurs when a web server fails to correctly p
NOT-FOR-US: Solarwinds
CVE-2022-38113 (This vulnerability discloses build and services versions in the server ...)
NOT-FOR-US: Solarwinds
-CVE-2022-38112
- RESERVED
+CVE-2022-38112 (In DPA 2022.4 and older releases, generated heap memory dumps contain ...)
+ TODO: check
CVE-2022-38111
RESERVED
-CVE-2022-38110
- RESERVED
+CVE-2022-38110 (In Database Performance Analyzer (DPA) 2022.4 and older releases, cert ...)
+ TODO: check
CVE-2022-38109
RESERVED
CVE-2022-38108 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...)
@@ -42866,8 +43000,7 @@ CVE-2022-35978 (Minetest is a free open-source voxel game engine with easy moddi
[buster] - minetest <no-dsa> (Minor issue)
NOTE: https://github.com/minetest/minetest/security/advisories/GHSA-663q-pcjw-27cc
NOTE: https://github.com/minetest/minetest/commit/da71e86633d0b27cd02d7aac9fdac625d141ca13 (5.6.0)
-CVE-2022-35977
- RESERVED
+CVE-2022-35977 (Redis is an in-memory database that persists on disk. Authenticated us ...)
- redis <unfixed>
NOTE: https://github.com/redis/redis/commit/6c25c6b7da116e110e89a5db45eeae743879e7ea (7.0.8)
CVE-2022-35976 (The GitOps Tools Extension for VSCode relies on kubeconfigs in order t ...)
@@ -65989,13 +66122,13 @@ CVE-2022-27920 (libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver
CVE-2022-27919 (Gradle Enterprise before 2022.1 allows remote code execution if the in ...)
NOT-FOR-US: Gradle Enterprise
CVE-2022-27918
- RESERVED
+ REJECTED
CVE-2022-27917
- RESERVED
+ REJECTED
CVE-2022-27916
- RESERVED
+ REJECTED
CVE-2022-27915
- RESERVED
+ REJECTED
CVE-2022-27914 (An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate fil ...)
NOT-FOR-US: Joomla!
CVE-2022-27913 (An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate fil ...)
@@ -72446,8 +72579,8 @@ CVE-2022-25633
RESERVED
CVE-2022-25632
RESERVED
-CVE-2022-25631
- RESERVED
+CVE-2022-25631 (Symantec Endpoint Protection, prior to 14.3 RU6 (14.3.9210.6000), may ...)
+ TODO: check
CVE-2022-25630 (An authenticated user can embed malicious content with XSS into the ad ...)
NOT-FOR-US: Symantec Messaging Gateway
CVE-2022-25629 (An authenticated user who has the privilege to add/edit annotations on ...)
@@ -107989,8 +108122,8 @@ CVE-2021-39091
RESERVED
CVE-2021-39090
RESERVED
-CVE-2021-39089
- RESERVED
+CVE-2021-39089 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allo ...)
+ TODO: check
CVE-2021-39088 (IBM QRadar SIEM 7.3, 7.4, and 7.5 is vulnerable to local privilege esc ...)
NOT-FOR-US: IBM
CVE-2021-39087 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, ...)
@@ -108145,8 +108278,8 @@ CVE-2021-39013 (IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0
NOT-FOR-US: IBM
CVE-2021-39012
RESERVED
-CVE-2021-39011
- RESERVED
+CVE-2021-39011 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 stores pot ...)
+ TODO: check
CVE-2021-39010
RESERVED
CVE-2021-39009 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credential ...)
@@ -112131,12 +112264,12 @@ CVE-2021-37502
RESERVED
CVE-2021-37501
RESERVED
-CVE-2021-37500
- RESERVED
-CVE-2021-37499
- RESERVED
-CVE-2021-37498
- RESERVED
+CVE-2021-37500 (Directory traversal vulnerability in Reprise License Manager (RLM) web ...)
+ TODO: check
+CVE-2021-37499 (CRLF vulnerability in Reprise License Manager (RLM) web interface thro ...)
+ TODO: check
+CVE-2021-37498 (An SSRF issue was discovered in Reprise License Manager (RLM) web inte ...)
+ TODO: check
CVE-2021-37497
RESERVED
CVE-2021-37496
@@ -132909,8 +133042,8 @@ CVE-2021-29370 (A UXSS was discovered in the Thanos-Soft Cheetah Browser in Andr
NOT-FOR-US: Thanos-Soft Cheetah Browser in Android
CVE-2021-29369 (The gnuplot package prior to version 0.1.0 for Node.js allows code exe ...)
NOT-FOR-US: Node gnuplot
-CVE-2021-29368
- RESERVED
+CVE-2021-29368 (Session fixation vulnerability in CuppaCMS thru commit 4c9b742b23b924c ...)
+ TODO: check
CVE-2021-29367 (A buffer overflow vulnerability in WPG+0x1dda of Irfanview 4.57 allows ...)
NOT-FOR-US: IrfanView
CVE-2021-29366 (A buffer overflow vulnerability in FORMATS!GetPlugInInfo+0x2de9 of Irf ...)
@@ -139569,12 +139702,12 @@ CVE-2021-26646
RESERVED
CVE-2021-26645
RESERVED
-CVE-2021-26644
- RESERVED
+CVE-2021-26644 (SQL-Injection vulnerability caused by the lack of verification of inpu ...)
+ TODO: check
CVE-2021-26643
RESERVED
-CVE-2021-26642
- RESERVED
+CVE-2021-26642 (When uploading an image file to a bulletin board developed with Xpress ...)
+ TODO: check
CVE-2021-26641
RESERVED
CVE-2021-26640
@@ -161482,8 +161615,8 @@ CVE-2020-29299 (Certain Zyxel products allow command injection by an admin via a
NOT-FOR-US: Zyxel
CVE-2020-29298
RESERVED
-CVE-2020-29297
- RESERVED
+CVE-2020-29297 (Multiple SQL Injection vulnerabilies in tourist5 Online-food-ordering- ...)
+ TODO: check
CVE-2020-29296
RESERVED
CVE-2020-29295
@@ -179538,8 +179671,8 @@ CVE-2020-23258
RESERVED
CVE-2020-23257
RESERVED
-CVE-2020-23256
- RESERVED
+CVE-2020-23256 (An issue was discovered in Electerm 1.3.22, allows attackers to execut ...)
+ TODO: check
CVE-2020-23255
REJECTED
CVE-2020-23254
@@ -180773,26 +180906,26 @@ CVE-2020-22664
RESERVED
CVE-2020-22663
RESERVED
-CVE-2020-22662
- RESERVED
-CVE-2020-22661
- RESERVED
-CVE-2020-22660
- RESERVED
-CVE-2020-22659
- RESERVED
-CVE-2020-22658
- RESERVED
-CVE-2020-22657
- RESERVED
-CVE-2020-22656
- RESERVED
-CVE-2020-22655
- RESERVED
-CVE-2020-22654
- RESERVED
-CVE-2020-22653
- RESERVED
+CVE-2020-22662 (In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10. ...)
+ TODO: check
+CVE-2020-22661 (In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10. ...)
+ TODO: check
+CVE-2020-22660 (In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10. ...)
+ TODO: check
+CVE-2020-22659 (In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10. ...)
+ TODO: check
+CVE-2020-22658 (In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10. ...)
+ TODO: check
+CVE-2020-22657 (In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10. ...)
+ TODO: check
+CVE-2020-22656 (In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10. ...)
+ TODO: check
+CVE-2020-22655 (In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10. ...)
+ TODO: check
+CVE-2020-22654 (In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10. ...)
+ TODO: check
+CVE-2020-22653 (In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10. ...)
+ TODO: check
CVE-2020-22652
RESERVED
CVE-2020-22651
@@ -184109,8 +184242,8 @@ CVE-2020-21154
RESERVED
CVE-2020-21153
RESERVED
-CVE-2020-21152
- RESERVED
+CVE-2020-21152 (SQL Injection vulnerability in inxedu 2.0.6 allows attackers to execut ...)
+ TODO: check
CVE-2020-21151
RESERVED
CVE-2020-21150
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/034f37a308c5037fcb0c7d5afe53de4d53497849
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/034f37a308c5037fcb0c7d5afe53de4d53497849
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230120/963d8efb/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list