[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Nov 15 20:12:42 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5f5ff7a3 by security tracker role at 2024-11-15T20:12:36+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,259 @@
+CVE-2024-8979 (The Essential Addons for Elementor \u2013 Best Elementor Addon, Templa ...)
+ TODO: check
+CVE-2024-8978 (The Essential Addons for Elementor \u2013 Best Elementor Addon, Templa ...)
+ TODO: check
+CVE-2024-7865
+ REJECTED
+CVE-2024-6413
+ REJECTED
+CVE-2024-52555 (In JetBrains WebStorm before 2024.3 code execution in Untrusted Projec ...)
+ TODO: check
+CVE-2024-52528 (Budget Control Gateway acts as an entry point for incoming requests an ...)
+ TODO: check
+CVE-2024-52526 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring sy ...)
+ TODO: check
+CVE-2024-52525 (Nextcloud Server is a self hosted personal cloud system. Under certain ...)
+ TODO: check
+CVE-2024-52523 (Nextcloud Server is a self hosted personal cloud system. After setting ...)
+ TODO: check
+CVE-2024-52522 (Rclone is a command-line program to sync files and directories to and ...)
+ TODO: check
+CVE-2024-52521 (Nextcloud Server is a self hosted personal cloud system. MD5 hashes we ...)
+ TODO: check
+CVE-2024-52520 (Nextcloud Server is a self hosted personal cloud system. Due to a pre- ...)
+ TODO: check
+CVE-2024-52519 (Nextcloud Server is a self hosted personal cloud system. The OAuth2 cl ...)
+ TODO: check
+CVE-2024-52518 (Nextcloud Server is a self hosted personal cloud system. After an atta ...)
+ TODO: check
+CVE-2024-52517 (Nextcloud Server is a self hosted personal cloud system. After storing ...)
+ TODO: check
+CVE-2024-52516 (Nextcloud Server is a self hosted personal cloud system. When a server ...)
+ TODO: check
+CVE-2024-52515 (Nextcloud Server is a self hosted personal cloud system. After an admi ...)
+ TODO: check
+CVE-2024-52514 (Nextcloud Server is a self hosted personal cloud system. After a user ...)
+ TODO: check
+CVE-2024-52513 (Nextcloud Server is a self hosted personal cloud system. After receivi ...)
+ TODO: check
+CVE-2024-52512 (user_oidc app is an OpenID Connect user backend for Nextcloud. A malic ...)
+ TODO: check
+CVE-2024-52511 (Nextcloud Tables allows users to to create tables with individual colu ...)
+ TODO: check
+CVE-2024-52510 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...)
+ TODO: check
+CVE-2024-52509 (Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivi ...)
+ TODO: check
+CVE-2024-52508 (Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivi ...)
+ TODO: check
+CVE-2024-52507 (Nextcloud Tables allows users to to create tables with individual colu ...)
+ TODO: check
+CVE-2024-51497 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring sy ...)
+ TODO: check
+CVE-2024-51496 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring sy ...)
+ TODO: check
+CVE-2024-51495 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring sy ...)
+ TODO: check
+CVE-2024-51494 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring sy ...)
+ TODO: check
+CVE-2024-51330 (An issue in UltiMaker Cura v.4.41 and 5.8.1 and before allows a local ...)
+ TODO: check
+CVE-2024-51164 (Multiple parameters have SQL injection vulnerability in JEPaaS 7.2.8 v ...)
+ TODO: check
+CVE-2024-51142 (Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows an ...)
+ TODO: check
+CVE-2024-51141 (An issue in TOTOLINK Bluetooth Wireless Adapter A600UB allows a local ...)
+ TODO: check
+CVE-2024-51037 (An issue in kodbox v.1.52.04 and before allows a remote attacker to ob ...)
+ TODO: check
+CVE-2024-50986 (An issue in Clementine v.1.3.1 allows a local attacker to execute arbi ...)
+ TODO: check
+CVE-2024-50800 (Cross Site Scripting vulnerability in M2000 Smart4Web before v.5.02024 ...)
+ TODO: check
+CVE-2024-50724 (KASO v9.0 was discovered to contain a SQL injection vulnerability via ...)
+ TODO: check
+CVE-2024-50655 (emlog pro <=2.3.18 is vulnerable to Cross Site Scripting (XSS), which ...)
+ TODO: check
+CVE-2024-50654 (lilishop <=4.2.4 is vulnerable to Incorrect Access Control, which can ...)
+ TODO: check
+CVE-2024-50653 (CRMEB <=5.4.0 is vulnerable to Incorrect Access Control. Users can byp ...)
+ TODO: check
+CVE-2024-50652 (A file upload vulnerability in java_shop 1.0 allows attackers to uploa ...)
+ TODO: check
+CVE-2024-50651 (java_shop 1.0 is vulnerable to Incorrect Access Control, which allows ...)
+ TODO: check
+CVE-2024-50650 (python_book V1.0 is vulnerable to Incorrect Access Control, which allo ...)
+ TODO: check
+CVE-2024-50649 (The user avatar upload function in python_book V1.0 has an arbitrary f ...)
+ TODO: check
+CVE-2024-50648 (yshopmall V1.0 has an arbitrary file upload vulnerability, which can e ...)
+ TODO: check
+CVE-2024-50647 (The python_food ordering system V1.0 has an unauthorized vulnerability ...)
+ TODO: check
+CVE-2024-50355 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring sy ...)
+ TODO: check
+CVE-2024-50352 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring sy ...)
+ TODO: check
+CVE-2024-50351 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring sy ...)
+ TODO: check
+CVE-2024-50350 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring sy ...)
+ TODO: check
+CVE-2024-49764 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring sy ...)
+ TODO: check
+CVE-2024-49759 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring sy ...)
+ TODO: check
+CVE-2024-49758 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring sy ...)
+ TODO: check
+CVE-2024-49754 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring sy ...)
+ TODO: check
+CVE-2024-49536 (Audition versions 23.6.9, 24.4.6 and earlier are affected by an out-of ...)
+ TODO: check
+CVE-2024-48068 (A cross-site scripting (XSS) vulnerability in Shenzhen Landray Softwar ...)
+ TODO: check
+CVE-2024-47759 (GLPI is a free Asset and IT management software package. An technician ...)
+ TODO: check
+CVE-2024-46467 (By default, dedicated folders of ZONEPOINT for Windows up to 2024.1 ca ...)
+ TODO: check
+CVE-2024-46466 (By default, dedicated folders of ZONECENTRAL for Windows up to 2024.3 ...)
+ TODO: check
+CVE-2024-46465 (By default, dedicated folders of CRYHOD for Windows up to 2024.3 can b ...)
+ TODO: check
+CVE-2024-46463 (By default, dedicated folders of ORIZON for Windows up to 2024.3 can b ...)
+ TODO: check
+CVE-2024-46462 (By default, dedicated folders of ZEDMAIL for Windows up to 2024.3 can ...)
+ TODO: check
+CVE-2024-46383 (Hathway Skyworth Router CM5100-511 v4.1.1.24 was discovered to store s ...)
+ TODO: check
+CVE-2024-45971 (Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC618 ...)
+ TODO: check
+CVE-2024-45970 (Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC618 ...)
+ TODO: check
+CVE-2024-45969 (NULL pointer dereference in the MMS Client in MZ Automation LibIEC1850 ...)
+ TODO: check
+CVE-2024-45784 (Apache Airflow versions before 2.10.3 contain a vulnerability that cou ...)
+ TODO: check
+CVE-2024-45609 (GLPI is a Free Asset and IT Management Software package, Data center m ...)
+ TODO: check
+CVE-2024-45608 (GLPI is a free asset and IT management software package. An authentica ...)
+ TODO: check
+CVE-2024-44759 (An arbitrary file download vulnerability in the component /Doc/Downloa ...)
+ TODO: check
+CVE-2024-44625 (Gogs <=0.13.0 is vulnerable to Directory Traversal via the editFilePos ...)
+ TODO: check
+CVE-2024-43418 (GLPI is a free asset and IT management software package. An unauthenti ...)
+ TODO: check
+CVE-2024-43417 (GLPI is a free asset and IT management software package. An unauthenti ...)
+ TODO: check
+CVE-2024-43189 (IBM Concert Software 1.0.0 through 1.0.1 could allow a remote attacker ...)
+ TODO: check
+CVE-2024-41785 (IBM Concert Software 1.0.0 through 1.0.1 is vulnerable to cross-site s ...)
+ TODO: check
+CVE-2024-41784 (IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1. ...)
+ TODO: check
+CVE-2024-41679 (GLPI is a free asset and IT management software package. An authentica ...)
+ TODO: check
+CVE-2024-41678 (GLPI is a free asset and IT management software package. An unauthenti ...)
+ TODO: check
+CVE-2024-40638 (GLPI is a free asset and IT management software package. An authentica ...)
+ TODO: check
+CVE-2024-3334 (A security bypass vulnerability exists in the Removable Media Encrypti ...)
+ TODO: check
+CVE-2024-39726 (IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 an ...)
+ TODO: check
+CVE-2024-24459 (An invalid memory access when handling the ProtocolIE_ID field of S1Se ...)
+ TODO: check
+CVE-2024-24458 (An invalid memory access when handling the ENB Configuration Transfer ...)
+ TODO: check
+CVE-2024-24457 (An invalid memory access when handling the ProtocolIE_ID field of E-RA ...)
+ TODO: check
+CVE-2024-24455 (An invalid memory access when handling a UE Context Release message co ...)
+ TODO: check
+CVE-2024-24454 (An invalid memory access when handling the ProtocolIE_ID field of E-RA ...)
+ TODO: check
+CVE-2024-24453 (An invalid memory access when handling the ProtocolIE_ID field of E-RA ...)
+ TODO: check
+CVE-2024-24452 (An invalid memory access when handling the ProtocolIE_ID field of E-RA ...)
+ TODO: check
+CVE-2024-24450 (Stack-based memcpy buffer overflow in the ngap_handle_pdu_session_reso ...)
+ TODO: check
+CVE-2024-24449 (An uninitialized pointer dereference in the NasPdu::NasPdu component o ...)
+ TODO: check
+CVE-2024-24447 (A buffer overflow in the ngap_amf_handle_pdu_session_resource_setup_re ...)
+ TODO: check
+CVE-2024-24446 (An uninitialized pointer dereference in OpenAirInterface CN5G AMF up t ...)
+ TODO: check
+CVE-2024-24431 (A reachable assertion in the ogs_nas_emm_decode function of Open5GS v2 ...)
+ TODO: check
+CVE-2024-24426 (Reachable assertions in the NGAP_FIND_PROTOCOLIE_BY_ID function of Ope ...)
+ TODO: check
+CVE-2024-24425 (Magma v1.8.0 and OAI EPC Federation v1.20 were discovered to contain a ...)
+ TODO: check
+CVE-2024-23169 (The web interface in RSA NetWitness 11.7.2.0 allows Cross-Site Scripti ...)
+ TODO: check
+CVE-2024-20373 (A vulnerability in the implementation of the Simple Network Management ...)
+ TODO: check
+CVE-2024-1240 (An open redirection vulnerability exists in pyload/pyload version 0.5. ...)
+ TODO: check
+CVE-2024-1097 (A stored cross-site scripting (XSS) vulnerability exists in craigk5n/w ...)
+ TODO: check
+CVE-2024-11259 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2024-11258 (A vulnerability classified as critical was found in 1000 Projects Beau ...)
+ TODO: check
+CVE-2024-11257 (A vulnerability classified as critical has been found in 1000 Projects ...)
+ TODO: check
+CVE-2024-11256 (A vulnerability was found in 1000 Projects Portfolio Management System ...)
+ TODO: check
+CVE-2024-11251 (A vulnerability was found in erzhongxmu Jeewms up to 20241108. It has ...)
+ TODO: check
+CVE-2024-11250 (A vulnerability was found in code-projects Inventory Management up to ...)
+ TODO: check
+CVE-2024-11248 (A vulnerability was found in Tenda AC10 16.03.10.13 and classified as ...)
+ TODO: check
+CVE-2024-11247 (A vulnerability has been found in SourceCodester Online Eyewear Shop 1 ...)
+ TODO: check
+CVE-2024-11246 (A vulnerability, which was classified as problematic, was found in cod ...)
+ TODO: check
+CVE-2024-11245 (A vulnerability, which was classified as critical, has been found in c ...)
+ TODO: check
+CVE-2024-11244 (A vulnerability classified as critical was found in code-projects Farm ...)
+ TODO: check
+CVE-2024-11243 (A vulnerability classified as problematic has been found in code-proje ...)
+ TODO: check
+CVE-2024-11242 (A vulnerability was found in ZZCMS 2023. It has been rated as critical ...)
+ TODO: check
+CVE-2024-11241 (A vulnerability was found in code-projects Job Recruitment 1.0. It has ...)
+ TODO: check
+CVE-2024-11240 (A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and clas ...)
+ TODO: check
+CVE-2024-11239 (A vulnerability has been found in Landray EKP up to 16.0 and classifie ...)
+ TODO: check
+CVE-2024-11238 (A vulnerability, which was classified as critical, was found in Landra ...)
+ TODO: check
+CVE-2024-11237 (A vulnerability, which was classified as critical, has been found in T ...)
+ TODO: check
+CVE-2024-11182 (An XSS issue was discovered in MDaemon Email Server before version24 ...)
+ TODO: check
+CVE-2024-10934 (In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, a ...)
+ TODO: check
+CVE-2024-10691
+ REJECTED
+CVE-2024-10534 (Origin Validation Error vulnerability in Dataprom Informatics Personne ...)
+ TODO: check
+CVE-2024-10443 (Improper neutralization of special elements used in a command ('Comman ...)
+ TODO: check
+CVE-2024-10311 (The External Database Based Actions plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-0875 (A stored cross-site scripting (XSS) vulnerability exists in openemr/op ...)
+ TODO: check
+CVE-2024-0787 (phpIPAM version 1.5.1 contains a vulnerability where an attacker can b ...)
+ TODO: check
+CVE-2023-4679 (A use after free vulnerability exists in GPAC version 2.3-DEV-revrelea ...)
+ TODO: check
+CVE-2023-4348
+ REJECTED
+CVE-2023-2332 (A stored Cross-site Scripting (XSS) vulnerability exists in the Condit ...)
+ TODO: check
CVE-2024-9834 (Improper data protection on the ventilator's serial interface could al ...)
NOT-FOR-US: Life2000 Ventilation System
CVE-2024-9832 (There is no limit on the number of failed login attempts permitted wit ...)
@@ -248,7 +504,7 @@ CVE-2024-11213 (A vulnerability, which was classified as critical, was found in
NOT-FOR-US: SourceCodester Best Employee Management System
CVE-2024-11212 (A vulnerability, which was classified as critical, has been found in S ...)
NOT-FOR-US: SourceCodester Best Employee Management System
-CVE-2024-11211 (A vulnerability classified as critical has been found in EyouCMS 1.5.6 ...)
+CVE-2024-11211 (A vulnerability classified as critical has been found in EyouCMS up to ...)
NOT-FOR-US: EyouCMS
CVE-2024-11210 (A vulnerability was found in EyouCMS 1.51. It has been rated as critic ...)
NOT-FOR-US: EyouCMS
@@ -267,24 +523,28 @@ CVE-2024-10921 (An authorized user may trigger crashes or receive the contents o
CVE-2024-10571 (The Chartify \u2013 WordPress Chart Plugin plugin for WordPress is vul ...)
NOT-FOR-US: WordPress plugin
CVE-2024-10979 (Incorrect control of environment variables in PostgreSQL PL/Perl allow ...)
+ {DSA-5812-1}
- postgresql-17 17.1-1
- postgresql-16 <unfixed>
- postgresql-15 <removed>
- postgresql-13 <removed>
NOTE: https://www.postgresql.org/support/security/CVE-2024-10979/
CVE-2024-10978 (Incorrect privilege assignment in PostgreSQL allows a less-privileged ...)
+ {DSA-5812-1}
- postgresql-17 17.1-1
- postgresql-16 <unfixed>
- postgresql-15 <removed>
- postgresql-13 <removed>
NOTE: https://www.postgresql.org/support/security/CVE-2024-10978/
CVE-2024-10977 (Client use of server error message in PostgreSQL allows a server not t ...)
+ {DSA-5812-1}
- postgresql-17 17.1-1
- postgresql-16 <unfixed>
- postgresql-15 <removed>
- postgresql-13 <removed>
NOTE: https://www.postgresql.org/support/security/CVE-2024-10977/
CVE-2024-10976 (Incomplete tracking in PostgreSQL of tables with row security allows a ...)
+ {DSA-5812-1}
- postgresql-17 17.1-1
- postgresql-16 <unfixed>
- postgresql-15 <removed>
@@ -558,6 +818,7 @@ CVE-2024-52292 (Craft is a content management system (CMS). The dataUrl function
CVE-2024-52291 (Craft is a content management system (CMS). A vulnerability in CraftCM ...)
NOT-FOR-US: Craft CMS
CVE-2024-51996 (Symphony process is a module for the Symphony PHP framework which exec ...)
+ {DSA-5813-1}
- symfony 6.4.15+dfsg-1
NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-cg23-qf8f-62rr
NOTE: https://github.com/symfony/symfony/commit/81354d392c5f0b7a52bcbd729d6f82501e94135a (v5.4.47, v6.4.15, v7.1.8, v7.2.0-RC1)
@@ -656,6 +917,7 @@ CVE-2023-35686 (In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitra
CVE-2023-35659 (In DevmemIntChangeSparse of devicemem_server.c, there is a possible ar ...)
NOT-FOR-US: Android
CVE-2024-11159 (Using remote content in OpenPGP encrypted messages can lead to the dis ...)
+ {DSA-5814-1}
- thunderbird 1:128.4.3esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-61/#CVE-2024-11159
CVE-2024-9614 (The Constant Contact Forms by MailMunch plugin for WordPress is vulner ...)
@@ -5902,7 +6164,7 @@ CVE-2024-50624 (ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-mid
NOTE: https://bugs.kde.org/show_bug.cgi?id=487882
NOTE: https://invent.kde.org/pim/kmail-account-wizard/-/commit/9784f5ab41c3aff435d4a88afb25585180a62ee4 (v24.07.80)
NOTE: Vulnerable code in src/ispdb/ispdb.cpp
-CVE-2024-50623 (In Cleo Harmony before 5.8.0.20, VLTrader before 5.8.0.20, and LexiCom ...)
+CVE-2024-50623 (In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom ...)
NOT-FOR-US: Cleo
CVE-2024-50616 (Ironman PowerShell Universal 5.x before 5.0.12 allows an authenticated ...)
NOT-FOR-US: Ironman PowerShell Universal
@@ -140467,8 +140729,8 @@ CVE-2023-0739 (Concurrent Execution using Shared Resource with Improper Synchron
NOT-FOR-US: Answer
CVE-2023-0738 (OrangeScrum version 2.0.11 allows an external attacker to obtain arbit ...)
NOT-FOR-US: OrangeScrum
-CVE-2023-0737
- RESERVED
+CVE-2023-0737 (wallabag version 2.5.2 contains a Cross-Site Request Forgery (CSRF) vu ...)
+ TODO: check
CVE-2023-0736 (Cross-site Scripting (XSS) - Stored in GitHub repository wallabag/wall ...)
NOT-FOR-US: Wallabag
CVE-2023-0735 (Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallab ...)
@@ -149149,8 +149411,8 @@ CVE-2023-0111 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos
NOT-FOR-US: usememos
CVE-2023-0110 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...)
NOT-FOR-US: usememos
-CVE-2023-0109
- RESERVED
+CVE-2023-0109 (A stored cross-site scripting (XSS) vulnerability was discovered in us ...)
+ TODO: check
CVE-2023-0108 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...)
NOT-FOR-US: usememos
CVE-2023-0107 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...)
@@ -167427,8 +167689,8 @@ CVE-2023-20156 (Multiple vulnerabilities in the web-based user interface of cert
NOT-FOR-US: Cisco
CVE-2023-20155 (A vulnerability in a logging API in Cisco Firepower Management Center ...)
NOT-FOR-US: Cisco
-CVE-2023-20154
- RESERVED
+CVE-2023-20154 (A vulnerability in the external authentication mechanism of Cisco Mode ...)
+ TODO: check
CVE-2023-20153 (Multiple vulnerabilities in specific Cisco Identity Services Engine (I ...)
NOT-FOR-US: Cisco
CVE-2023-20152 (Multiple vulnerabilities in specific Cisco Identity Services Engine (I ...)
@@ -167485,8 +167747,8 @@ CVE-2023-20127 (Multiple vulnerabilities in the web-based management interface o
NOT-FOR-US: Cisco
CVE-2023-20126 (A vulnerability in the web-based management interface of Cisco SPA112 ...)
NOT-FOR-US: Cisco
-CVE-2023-20125
- RESERVED
+CVE-2023-20125 (A vulnerability in the local interface of Cisco BroadWorks Network Ser ...)
+ TODO: check
CVE-2023-20124 (A vulnerability in the web-based management interface of Cisco Small B ...)
NOT-FOR-US: Cisco
CVE-2023-20123 (A vulnerability in the offline access mode of Cisco Duo Two-Factor Aut ...)
@@ -167547,16 +167809,16 @@ CVE-2023-20096 (A vulnerability in the web-based management interface of Cisco U
NOT-FOR-US: Cisco
CVE-2023-20095 (A vulnerability in the remote access VPN feature of Cisco Adaptive Sec ...)
NOT-FOR-US: Cisco
-CVE-2023-20094
- RESERVED
-CVE-2023-20093
- RESERVED
-CVE-2023-20092
- RESERVED
-CVE-2023-20091
- RESERVED
-CVE-2023-20090
- RESERVED
+CVE-2023-20094 (A vulnerability in Cisco TelePresence CE and RoomOS could allow an una ...)
+ TODO: check
+CVE-2023-20093 (Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS c ...)
+ TODO: check
+CVE-2023-20092 (Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS c ...)
+ TODO: check
+CVE-2023-20091 (A vulnerability in the CLI of Cisco TelePresence CE and RoomOS could a ...)
+ TODO: check
+CVE-2023-20090 (A vulnerability in Cisco TelePresence CE and RoomOS could allow an aut ...)
+ TODO: check
CVE-2023-20089 (A vulnerability in the Link Layer Discovery Protocol (LLDP) feature fo ...)
NOT-FOR-US: Cisco
CVE-2023-20088 (A vulnerability in the nginx configurations that are provided as part ...)
@@ -167615,8 +167877,8 @@ CVE-2023-20062 (Multiple vulnerabilities in Cisco Unified Intelligence Center co
NOT-FOR-US: Cisco
CVE-2023-20061 (Multiple vulnerabilities in Cisco Unified Intelligence Center could al ...)
NOT-FOR-US: Cisco
-CVE-2023-20060
- RESERVED
+CVE-2023-20060 (A vulnerability in the web-based management interface of Cisco Prime C ...)
+ TODO: check
CVE-2023-20059 (A vulnerability in the implementation of the Cisco Network Plug-and-Pl ...)
NOT-FOR-US: Cisco
CVE-2023-20058 (A vulnerability in the web-based management interface of Cisco Unified ...)
@@ -167660,14 +167922,14 @@ CVE-2023-20041 (Multiple vulnerabilities in the web-based management interface o
NOT-FOR-US: Cisco
CVE-2023-20040 (A vulnerability in the NETCONF service of Cisco Network Services Orche ...)
NOT-FOR-US: Cisco
-CVE-2023-20039
- RESERVED
+CVE-2023-20039 (A vulnerability in Cisco IND could allow an authenticated, local attac ...)
+ TODO: check
CVE-2023-20038 (A vulnerability in the monitoring application of Cisco Industrial Netw ...)
NOT-FOR-US: Cisco
CVE-2023-20037 (A vulnerability in Cisco Industrial Network Director could allow an au ...)
NOT-FOR-US: Cisco
-CVE-2023-20036
- RESERVED
+CVE-2023-20036 (A vulnerability in the web UI of Cisco IND could allow an authenticate ...)
+ TODO: check
CVE-2023-20035 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...)
NOT-FOR-US: Cisco
CVE-2023-20034 (Vulnerability in the Elasticsearch database used in the of Cisco SD-WA ...)
@@ -167734,8 +167996,8 @@ CVE-2023-20006 (A vulnerability in the hardware-based SSL/TLS cryptography funct
NOT-FOR-US: Cisco
CVE-2023-20005 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
-CVE-2023-20004
- RESERVED
+CVE-2023-20004 (Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS c ...)
+ TODO: check
CVE-2023-20003 (A vulnerability in the social login configuration option for the guest ...)
NOT-FOR-US: Cisco
CVE-2023-20002 (A vulnerability in Cisco TelePresence CE and RoomOS Software could all ...)
@@ -201964,8 +202226,8 @@ CVE-2022-1886 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
NOTE: Crash in CLI tool, no security impact
CVE-2022-1885 (The Cimy Header Image Rotator WordPress plugin through 6.1.1 does not ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1884
- RESERVED
+CVE-2022-1884 (A remote command execution vulnerability exists in gogs/gogs versions ...)
+ TODO: check
CVE-2022-1883 (SQL Injection in GitHub repository camptocamp/terraboard prior to 2.2. ...)
NOT-FOR-US: camptocamp/terraboard
CVE-2022-1882 (A use-after-free flaw was found in the Linux kernel\u2019s pipes funct ...)
@@ -210966,8 +211228,8 @@ CVE-2022-1227 (A privilege escalation flaw was found in Podman. This flaw allows
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2070368
NOTE: https://github.com/containers/psgo/pull/92
NOTE: https://github.com/containers/psgo/commit/d9467da9f563a9de1ece79dcae86b37b1db75443 (v1.7.2)
-CVE-2022-1226
- RESERVED
+CVE-2022-1226 (A Cross-Site Scripting (XSS) vulnerability in phpipam/phpipam versions ...)
+ TODO: check
CVE-2022-1225 (Incorrect Privilege Assignment in GitHub repository phpipam/phpipam pr ...)
- phpipam <itp> (bug #731713)
CVE-2022-1224 (Improper Authorization in GitHub repository phpipam/phpipam prior to 1 ...)
@@ -238881,18 +239143,18 @@ CVE-2021-44078 (An issue was discovered in split_region in uc.c in Unicorn Engin
NOT-FOR-US: Unicorn Engine
CVE-2021-44077 (Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP ...)
NOT-FOR-US: Zoho ManageEngine
-CVE-2021-3991
- RESERVED
+CVE-2021-3991 (An Improper Authorization vulnerability exists in Dolibarr versions pr ...)
+ TODO: check
CVE-2021-3990 (showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random N ...)
NOT-FOR-US: ShowDoc
CVE-2021-3989 (showdoc is vulnerable to URL Redirection to Untrusted Site)
NOT-FOR-US: ShowDoc
-CVE-2021-3988
- RESERVED
-CVE-2021-3987
- RESERVED
-CVE-2021-3986
- RESERVED
+CVE-2021-3988 (A Cross-site Scripting (XSS) vulnerability exists in janeczku/calibre- ...)
+ TODO: check
+CVE-2021-3987 (An improper access control vulnerability exists in janeczku/calibre-we ...)
+ TODO: check
+CVE-2021-3986 (A vulnerability in janeczku/calibre-web allows unauthorized users to v ...)
+ TODO: check
CVE-2021-44076 (An issue was discovered in CrushFTP 9. The creation of a new user thro ...)
NOT-FOR-US: CrushFTP
CVE-2021-44075
@@ -242835,8 +243097,8 @@ CVE-2022-20950 (A vulnerability in the interaction of SIP and Snort 3 for Cisco
NOT-FOR-US: Cisco
CVE-2022-20949 (A vulnerability in the management web server of Cisco Firepower Threat ...)
NOT-FOR-US: Cisco
-CVE-2022-20948
- RESERVED
+CVE-2022-20948 (A vulnerability in the web management interface of Cisco BroadWor ...)
+ TODO: check
CVE-2022-20947 (A vulnerability in dynamic access policies (DAP) functionality of Cisc ...)
NOT-FOR-US: Cisco
CVE-2022-20946 (A vulnerability in the generic routing encapsulation (GRE) tunnel deca ...)
@@ -242853,8 +243115,8 @@ CVE-2022-20941 (A vulnerability in the web-based management interface of Cisco F
NOT-FOR-US: Cisco
CVE-2022-20940 (A vulnerability in the TLS handler of Cisco Firepower Threat Defense ( ...)
NOT-FOR-US: Cisco
-CVE-2022-20939
- RESERVED
+CVE-2022-20939 (A vulnerability in the web-based management interface of Cisco Sm ...)
+ TODO: check
CVE-2022-20938 (A vulnerability in the module import function of the administrative in ...)
NOT-FOR-US: Cisco
CVE-2022-20937 (A vulnerability in a feature that monitors RADIUS requests on Cisco Id ...)
@@ -242869,8 +243131,8 @@ CVE-2022-20933 (A vulnerability in the Cisco AnyConnect VPN server of Cisco Mera
NOT-FOR-US: Cisco
CVE-2022-20932 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
-CVE-2022-20931
- RESERVED
+CVE-2022-20931 (A vulnerability in the version control of Cisco TelePresence CE S ...)
+ TODO: check
CVE-2022-20930 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...)
NOT-FOR-US: Cisco
CVE-2022-20929 (A vulnerability in the upgrade signature verification of Cisco Enterpr ...)
@@ -242989,8 +243251,8 @@ CVE-2022-20873 (Multiple vulnerabilities in the web-based management interface o
NOT-FOR-US: Cisco
CVE-2022-20872 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
-CVE-2022-20871
- RESERVED
+CVE-2022-20871 (A vulnerability in the web management interface of Cisco AsyncOS ...)
+ TODO: check
CVE-2022-20870 (A vulnerability in the egress MPLS packet processing function of Cisco ...)
NOT-FOR-US: Cisco
CVE-2022-20869 (A vulnerability in the web-based management interface of Cisco BroadWo ...)
@@ -243025,24 +243287,24 @@ CVE-2022-20855 (A vulnerability in the self-healing functionality of Cisco IOS X
NOT-FOR-US: Cisco
CVE-2022-20854 (A vulnerability in the processing of SSH connections of Cisco Firepowe ...)
NOT-FOR-US: Cisco
-CVE-2022-20853
- RESERVED
+CVE-2022-20853 (A vulnerability in the REST API of Cisco Expressway Series and Ci ...)
+ TODO: check
CVE-2022-20852 (Multiple vulnerabilities in the web interface of Cisco Webex Meetings ...)
NOT-FOR-US: Cisco
CVE-2022-20851 (A vulnerability in the web UI feature of Cisco IOS XE Software could a ...)
NOT-FOR-US: Cisco
CVE-2022-20850 (A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software ...)
NOT-FOR-US: Cisco
-CVE-2022-20849
- RESERVED
+CVE-2022-20849 (A vulnerability in the Broadband Network Gateway PPP over Ethernet (PP ...)
+ TODO: check
CVE-2022-20848 (A vulnerability in the UDP processing functionality of Cisco IOS XE So ...)
NOT-FOR-US: Cisco
CVE-2022-20847 (A vulnerability in the DHCP processing functionality of Cisco IOS XE W ...)
NOT-FOR-US: Cisco
-CVE-2022-20846
- RESERVED
-CVE-2022-20845
- RESERVED
+CVE-2022-20846 (A vulnerability in the Cisco Discovery Protocol implementation fo ...)
+ TODO: check
+CVE-2022-20845 (A vulnerability in the TL1 function of Cisco Network Convergence ...)
+ TODO: check
CVE-2022-20844 (A vulnerability in authentication mechanism of Cisco Software-Defined ...)
NOT-FOR-US: Cisco
CVE-2022-20843 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
@@ -243103,8 +243365,8 @@ CVE-2022-20816 (A vulnerability in the web-based management interface of Cisco U
NOT-FOR-US: Cisco
CVE-2022-20815 (A vulnerability in the web-based management interface of Cisco Unified ...)
NOT-FOR-US: Cisco
-CVE-2022-20814
- RESERVED
+CVE-2022-20814 (A vulnerability in the certificate validation of Cisco Expressway ...)
+ TODO: check
CVE-2022-20813 (Multiple vulnerabilities in the API and in the web-based management in ...)
NOT-FOR-US: Cisco
CVE-2022-20812 (Multiple vulnerabilities in the API and in the web-based management in ...)
@@ -243150,8 +243412,8 @@ CVE-2022-20795 (A vulnerability in the implementation of the Datagram TLS (DTLS)
NOT-FOR-US: Cisco
CVE-2022-20794 (Multiple vulnerabilities in the web engine of Cisco TelePresence Colla ...)
NOT-FOR-US: Cisco
-CVE-2022-20793
- RESERVED
+CVE-2022-20793 (A vulnerability in pairing process of Cisco TelePresence CE Softw ...)
+ TODO: check
CVE-2022-20792 (A vulnerability in the regex module used by the signature database loa ...)
{DLA-3042-1}
- clamav 0.103.6+dfsg-1
@@ -243220,8 +243482,8 @@ CVE-2022-20768 (A vulnerability in the logging component of Cisco TelePresence C
NOT-FOR-US: Cisco
CVE-2022-20767 (A vulnerability in the Snort rule evaluation function of Cisco Firepow ...)
NOT-FOR-US: Cisco Firepower
-CVE-2022-20766
- RESERVED
+CVE-2022-20766 (A vulnerability in the Cisco Discovery Protocol functionality of ...)
+ TODO: check
CVE-2022-20765 (A vulnerability in the web applications of Cisco UCS Director could al ...)
NOT-FOR-US: Cisco
CVE-2022-20764 (Multiple vulnerabilities in the web engine of Cisco TelePresence Colla ...)
@@ -243387,8 +243649,8 @@ CVE-2022-20687 (Multiple vulnerabilities in the Link Layer Discovery Protocol (L
NOT-FOR-US: Cisco
CVE-2022-20686 (Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) f ...)
NOT-FOR-US: Cisco
-CVE-2022-20685
- RESERVED
+CVE-2022-20685 (A vulnerability in the Modbus preprocessor of the Snort detection engi ...)
+ TODO: check
CVE-2022-20684 (A vulnerability in Simple Network Management Protocol (SNMP) trap gene ...)
NOT-FOR-US: Cisco
CVE-2022-20683 (A vulnerability in the Application Visibility and Control (AVC-FNF) fe ...)
@@ -243431,8 +243693,8 @@ CVE-2022-20665 (A vulnerability in the CLI of Cisco StarOS could allow an authen
NOT-FOR-US: Cisco
CVE-2022-20664 (A vulnerability in the web management interface of Cisco Secure Email ...)
NOT-FOR-US: Cisco
-CVE-2022-20663
- RESERVED
+CVE-2022-20663 (A vulnerability in the web-based management interface of Cisco Se ...)
+ TODO: check
CVE-2022-20662 (A vulnerability in the smart card login authentication of Cisco Duo fo ...)
NOT-FOR-US: Cisco
CVE-2022-20661 (Multiple vulnerabilities that affect Cisco Catalyst Digital Building S ...)
@@ -243443,26 +243705,26 @@ CVE-2022-20659 (A vulnerability in the web-based management interface of Cisco P
NOT-FOR-US: Cisco
CVE-2022-20658 (A vulnerability in the web-based management interface of Cisco Unified ...)
NOT-FOR-US: Cisco
-CVE-2022-20657
- RESERVED
-CVE-2022-20656
- RESERVED
-CVE-2022-20655
- RESERVED
-CVE-2022-20654
- RESERVED
+CVE-2022-20657 (A vulnerability in the web-based management interface of Cisco PI ...)
+ TODO: check
+CVE-2022-20656 (A vulnerability in the web-based management interface of Cisco PI ...)
+ TODO: check
+CVE-2022-20655 (A vulnerability in the implementation of the CLI on a device that is r ...)
+ TODO: check
+CVE-2022-20654 (A vulnerability in the web-based interface of Cisco Webex Meeting ...)
+ TODO: check
CVE-2022-20653 (A vulnerability in the DNS-based Authentication of Named Entities (DAN ...)
NOT-FOR-US: Cisco
-CVE-2022-20652
- RESERVED
+CVE-2022-20652 (A vulnerability in the web-based management interface and in the API s ...)
+ TODO: check
CVE-2022-20651 (A vulnerability in the logging component of Cisco Adaptive Security De ...)
NOT-FOR-US: Cisco
CVE-2022-20650 (A vulnerability in the NX-API feature of Cisco NX-OS Software could al ...)
NOT-FOR-US: Cisco
-CVE-2022-20649
- RESERVED
-CVE-2022-20648
- RESERVED
+CVE-2022-20649 (A vulnerability in Cisco RCM for Cisco StarOS Software could ...)
+ TODO: check
+CVE-2022-20648 (A vulnerability in a debug function for Cisco RCM for Cisco ...)
+ TODO: check
CVE-2022-20647 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
CVE-2022-20646 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
@@ -243489,14 +243751,14 @@ CVE-2022-20636 (Multiple vulnerabilities in the web-based management interface o
NOT-FOR-US: Cisco
CVE-2022-20635 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
-CVE-2022-20634
- RESERVED
-CVE-2022-20633
- RESERVED
-CVE-2022-20632
- RESERVED
-CVE-2022-20631
- RESERVED
+CVE-2022-20634 (A vulnerability in the web-based management interface of Cisco EC ...)
+ TODO: check
+CVE-2022-20633 (A vulnerability in the web-based management interface of Cisco EC ...)
+ TODO: check
+CVE-2022-20632 (A vulnerability in the web-based management interface of Cisco EC ...)
+ TODO: check
+CVE-2022-20631 (A vulnerability in the web-based management interface of Cisco EC ...)
+ TODO: check
CVE-2022-20630 (A vulnerability in the audit log of Cisco DNA Center could allow an au ...)
NOT-FOR-US: Cisco
CVE-2022-20629 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
@@ -243505,8 +243767,8 @@ CVE-2022-20628 (Multiple vulnerabilities in the web-based management interface o
NOT-FOR-US: Cisco Firepower
CVE-2022-20627 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco Firepower
-CVE-2022-20626
- RESERVED
+CVE-2022-20626 (A vulnerability in the web-based management interface of Cisco Pr ...)
+ TODO: check
CVE-2022-20625 (A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS ...)
NOT-FOR-US: Cisco
CVE-2022-20624 (A vulnerability in the Cisco Fabric Services over IP (CFSoIP) feature ...)
@@ -244491,8 +244753,7 @@ CVE-2021-42854 (It was discovered that the SteelCentral AppInternals Dynamic Sam
NOT-FOR-US: SteelCentral AppInternals Dynamic Sampling Agent (DSA)
CVE-2021-42853 (It was discovered that the SteelCentral AppInternals Dynamic Sampling ...)
NOT-FOR-US: SteelCentral AppInternals Dynamic Sampling Agent (DSA)
-CVE-2021-3902 [Improper Restriction of XML External Entity Reference for included svg files]
- RESERVED
+CVE-2021-3902 (An improper restriction of external entities (XXE) vulnerability in do ...)
- php-dompdf 2.0.2+dfsg-1
[bullseye] - php-dompdf <not-affected> (current code reject svg image. Double checked by testing)
[buster] - php-dompdf <not-affected> (current code reject svg image. Double checked by testing)
@@ -248434,8 +248695,8 @@ CVE-2021-3842 (nltk is vulnerable to Inefficient Regular Expression Complexity)
[stretch] - nltk <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/761a761e-2be2-430a-8d92-6f74ffe9866a/
NOTE: https://github.com/nltk/nltk/commit/2a50a3edc9d35f57ae42a921c621edc160877f4d (3.6.6)
-CVE-2021-3841
- RESERVED
+CVE-2021-3841 (sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulner ...)
+ TODO: check
CVE-2021-41829 (Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2021-41828 (Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded ...)
@@ -248641,8 +248902,7 @@ CVE-2021-41771 (ImportedSymbols in debug/macho (for Open or OpenFat) in Go befor
NOTE: https://github.com/golang/go/commit/d19c5bdb24e093a2d5097b7623284eb02726cede (go1.16.10)
CVE-2021-41770 (Ping Identity PingFederate before 10.3.1 mishandles pre-parsing valida ...)
NOT-FOR-US: Ping Identity PingFederate
-CVE-2021-3838 [Deserialization of Untrusted Data using PHAR deserialization]
- RESERVED
+CVE-2021-3838 (DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due ...)
{DLA-3495-2 DLA-3495-1}
- php-dompdf 2.0.2+dfsg-1
[bullseye] - php-dompdf <no-dsa> (Minor issue)
@@ -252865,12 +253125,12 @@ CVE-2021-3743 (An out-of-bounds (OOB) memory read flaw was found in the Qualcomm
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://lists.openwall.net/netdev/2021/08/17/124
NOTE: https://git.kernel.org/linus/7e78c597c3ebfd0cb329aa09a838734147e4f117
-CVE-2021-3742
- RESERVED
-CVE-2021-3741
- RESERVED
-CVE-2021-3740
- RESERVED
+CVE-2021-3742 (A Server-Side Request Forgery (SSRF) vulnerability was discovered in c ...)
+ TODO: check
+CVE-2021-3741 (A stored cross-site scripting (XSS) vulnerability was discovered in ch ...)
+ TODO: check
+CVE-2021-3740 (A Session Fixation vulnerability exists in chatwoot/chatwoot versions ...)
+ TODO: check
CVE-2021-40147 (EmTec ZOC before 8.02.2 allows \e[201~ pastes, a different vulnerabili ...)
NOT-FOR-US: EmTec ZOC
CVE-2021-40146 (A Remote Code Execution (RCE) vulnerability was discovered in the Any2 ...)
@@ -266301,14 +266561,14 @@ CVE-2021-34755 (Multiple vulnerabilities in the CLI of Cisco Firepower Threat De
NOT-FOR-US: Cisco
CVE-2021-34754 (Multiple vulnerabilities in the payload inspection for Ethernet Indust ...)
NOT-FOR-US: Cisco
-CVE-2021-34753
- RESERVED
-CVE-2021-34752
- RESERVED
-CVE-2021-34751
- RESERVED
-CVE-2021-34750
- RESERVED
+CVE-2021-34753 (A vulnerability in the payload inspection for Ethernet Industrial Prot ...)
+ TODO: check
+CVE-2021-34752 (A vulnerability in the CLI of Cisco FTD Software could allow an a ...)
+ TODO: check
+CVE-2021-34751 (A vulnerability in the administrative web-based GUI configuration mana ...)
+ TODO: check
+CVE-2021-34750 (A vulnerability in the administrative web-based GUI configuration mana ...)
+ TODO: check
CVE-2021-34749 (A vulnerability in Server Name Identification (SNI) request filtering ...)
{DSA-5354-1 DLA-3317-1}
- snort <removed> (bug #1021276)
@@ -311123,8 +311383,7 @@ CVE-2021-1495 (Multiple Cisco products are affected by a vulnerability in the Sn
{DSA-5354-1 DLA-3317-1}
- snort <removed> (bug #1021276)
NOTE: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-fp-bp-KfDdcQhc
-CVE-2021-1494
- RESERVED
+CVE-2021-1494 (Multiple Cisco products are affected by a vulnerability in the Snort d ...)
{DSA-5354-1 DLA-3317-1}
- snort <removed> (bug #1021276)
NOTE: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-fp-bp-KfDdcQhc
@@ -311132,8 +311391,8 @@ CVE-2021-1493 (A vulnerability in the web services interface of Cisco Adaptive S
NOT-FOR-US: Cisco
CVE-2021-1492 (The Duo Authentication Proxy installer prior to 5.2.1 did not properly ...)
NOT-FOR-US: Duo Authentication Proxy
-CVE-2021-1491
- RESERVED
+CVE-2021-1491 (A vulnerability in the web-based management interface of Cisco SD ...)
+ TODO: check
CVE-2021-1490 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
NOT-FOR-US: Cisco
CVE-2021-1489 (A vulnerability in filesystem usage management for Cisco Firepower Dev ...)
@@ -311146,14 +311405,14 @@ CVE-2021-1486 (A vulnerability in Cisco SD-WAN vManage Software could allow an u
NOT-FOR-US: Cisco
CVE-2021-1485 (A vulnerability in the CLI of Cisco IOS XR Software could allow an aut ...)
NOT-FOR-US: Cisco
-CVE-2021-1484
- RESERVED
-CVE-2021-1483
- RESERVED
-CVE-2021-1482
- RESERVED
-CVE-2021-1481
- RESERVED
+CVE-2021-1484 (A vulnerability in the web UI of Cisco SD-WAN vManage Software co ...)
+ TODO: check
+CVE-2021-1483 (A vulnerability in the web UI of Cisco SD-WAN vManage Software co ...)
+ TODO: check
+CVE-2021-1482 (A vulnerability in the web-based management interface of Cisco SD ...)
+ TODO: check
+CVE-2021-1481 (A vulnerability in the web-based management interface of Cisco SD ...)
+ TODO: check
CVE-2021-1480 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...)
NOT-FOR-US: Cisco
CVE-2021-1479 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...)
@@ -311174,20 +311433,20 @@ CVE-2021-1472 (Multiple vulnerabilities exist in the web-based management interf
NOT-FOR-US: Cisco
CVE-2021-1471 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...)
NOT-FOR-US: Cisco
-CVE-2021-1470
- RESERVED
+CVE-2021-1470 (A vulnerability in the web-based management interface of Cisco SD ...)
+ TODO: check
CVE-2021-1469 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...)
NOT-FOR-US: Cisco
CVE-2021-1468 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...)
NOT-FOR-US: Cisco
CVE-2021-1467 (A vulnerability in Cisco Webex Meetings for Android could allow an aut ...)
NOT-FOR-US: Cisco
-CVE-2021-1466
- RESERVED
+CVE-2021-1466 (A vulnerability in the vDaemon service of Cisco SD-WAN vManage So ...)
+ TODO: check
CVE-2021-1465
RESERVED
-CVE-2021-1464
- RESERVED
+CVE-2021-1464 (A vulnerability in Cisco SD-WAN vManage Software could allow an a ...)
+ TODO: check
CVE-2021-1463 (A vulnerability in the web-based management interface of Cisco Unified ...)
NOT-FOR-US: Cisco
CVE-2021-1462
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f5ff7a3355c4b6ea457f8f7c85f818436a517dc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f5ff7a3355c4b6ea457f8f7c85f818436a517dc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241115/9126a9d3/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list