Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4c258f02 by security tracker role at 2022-01-29T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2022-24120
+ RESERVED
+CVE-2022-24119
+ RESERVED
+CVE-2022-24118
+ RESERVED
+CVE-2022-24117
+ RESERVED
+CVE-2022-24116
+ RESERVED
+CVE-2022-24115
+ RESERVED
+CVE-2022-24114
+ RESERVED
+CVE-2022-24113
+ RESERVED
+CVE-2022-0409
+ RESERVED
+CVE-2022-0408
+ RESERVED
+CVE-2022-0407
+ RESERVED
CVE-2022-24112
RESERVED
CVE-2022-0406
@@ -134,12 +156,12 @@ CVE-2022-24070
RESERVED
CVE-2022-0396
RESERVED
-CVE-2022-0395
- RESERVED
+CVE-2022-0395 (Cross-site Scripting (XSS) - Stored in Packagist
remdex/livehelperchat ...)
+ TODO: check
CVE-2022-0394 (Cross-site Scripting (XSS) - Stored in Packagist
remdex/livehelperchat ...)
NOT-FOR-US: livehelperchat
-CVE-2022-0393
- RESERVED
+CVE-2022-0393 (Out-of-bounds Read in Conda vim prior to 8.2. ...)
+ TODO: check
CVE-2022-24069
RESERVED
CVE-2022-24064
@@ -208,8 +230,8 @@ CVE-2022-21798
RESERVED
CVE-2022-21154
RESERVED
-CVE-2022-0392
- RESERVED
+CVE-2022-0392 (Heap-based Buffer Overflow in Conda vim prior to 8.2. ...)
+ TODO: check
CVE-2022-0391 [urllib.parse does not sanitize URLs containing ASCII newline
and tabs]
RESERVED
- python3.9 3.9.7-1
@@ -542,8 +564,8 @@ CVE-2022-23981
RESERVED
CVE-2022-23980
RESERVED
-CVE-2022-23979
- RESERVED
+CVE-2022-23979 (Authenticated (admin+) Stored Cross-Site Scripting (XSS)
vulnerability ...)
+ TODO: check
CVE-2022-23978
RESERVED
CVE-2022-23977
@@ -832,12 +854,12 @@ CVE-2022-23891
RESERVED
CVE-2022-23890
RESERVED
-CVE-2022-23889
- RESERVED
-CVE-2022-23888
- RESERVED
-CVE-2022-23887
- RESERVED
+CVE-2022-23889 (The comment function in YzmCMS v6.3 was discovered as being
able to be ...)
+ TODO: check
+CVE-2022-23888 (YzmCMS v6.3 was discovered to contain a Cross-Site Request
Forgey (CSR ...)
+ TODO: check
+CVE-2022-23887 (YzmCMS v6.3 was discovered to contain a Cross-Site Request
Forgery (CS ...)
+ TODO: check
CVE-2022-23886
RESERVED
CVE-2022-23885
@@ -882,8 +904,8 @@ CVE-2022-23866
RESERVED
CVE-2022-23865
RESERVED
-CVE-2022-0352
- RESERVED
+CVE-2022-0352 (Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior
to 0.6 ...)
+ TODO: check
CVE-2022-0351 (Access of Memory Location Before Start of Buffer in Conda vim
prior to ...)
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
@@ -1128,16 +1150,16 @@ CVE-2021-46450
RESERVED
CVE-2021-46449
RESERVED
-CVE-2021-46448
- RESERVED
-CVE-2021-46447
- RESERVED
-CVE-2021-46446
- RESERVED
-CVE-2021-46445
- RESERVED
-CVE-2021-46444
- RESERVED
+CVE-2021-46448 (H.H.G Multistore v5.1.0 and below was discovered to contain a
SQL inje ...)
+ TODO: check
+CVE-2021-46447 (A cross-site scripting (XSS) vulnerability in H.H.G Multistore
v5.1.0 ...)
+ TODO: check
+CVE-2021-46446 (H.H.G Multistore v5.1.0 and below was discovered to contain a
SQL inje ...)
+ TODO: check
+CVE-2021-46445 (H.H.G Multistore v5.1.0 and below was discovered to contain a
SQL inje ...)
+ TODO: check
+CVE-2021-46444 (H.H.G Multistore v5.1.0 and below was discovered to contain a
SQL inje ...)
+ TODO: check
CVE-2021-46443
RESERVED
CVE-2021-46442
@@ -1601,8 +1623,8 @@ CVE-2022-23729
RESERVED
CVE-2022-23728 (Attacker can reset the device with AT Command in the process
of reboot ...)
NOT-FOR-US: LG
-CVE-2022-23727
- RESERVED
+CVE-2022-23727 (There is a privilege escalation vulnerability in some webOS
TVs. Due t ...)
+ TODO: check
CVE-2022-23726
RESERVED
CVE-2022-23725
@@ -1857,10 +1879,10 @@ CVE-2022-23601
RESERVED
CVE-2022-23600
RESERVED
-CVE-2022-23599
- RESERVED
-CVE-2022-23598
- RESERVED
+CVE-2022-23599 (Products.ATContentTypes are the core content types for Plone
2.1 - 4.3 ...)
+ TODO: check
+CVE-2022-23598 (laminas-form is a package for validating and displaying simple
and com ...)
+ TODO: check
CVE-2022-23597
RESERVED
CVE-2022-23596
@@ -2151,8 +2173,8 @@ CVE-2022-0312
RESERVED
CVE-2022-0299
RESERVED
-CVE-2022-23456
- RESERVED
+CVE-2022-23456 (Potential arbitrary file deletion vulnerability has been
identified in ...)
+ TODO: check
CVE-2022-23455
RESERVED
CVE-2022-23454
@@ -2607,10 +2629,10 @@ CVE-2022-23313
RESERVED
CVE-2022-22137
RESERVED
-CVE-2022-21801
- RESERVED
-CVE-2022-21796
- RESERVED
+CVE-2022-21801 (A denial of service vulnerability exists in the netserver
recv_command ...)
+ TODO: check
+CVE-2022-21796 (A memory corruption vulnerability exists in the netserver
parse_comman ...)
+ TODO: check
CVE-2022-0274 (Cross-site Scripting (XSS) - Stored in NuGet
OrchardCore.Application.C ...)
NOT-FOR-US: Orchard CMS
CVE-2022-0273
@@ -3280,16 +3302,16 @@ CVE-2021-4206
RESERVED
CVE-2021-4205
RESERVED
-CVE-2021-31567
- RESERVED
+CVE-2021-31567 (Authenticated (admin+) Arbitrary File Download vulnerability
discovere ...)
+ TODO: check
CVE-2021-26256
RESERVED
CVE-2021-23227 (Cross-Site Request Forgery (CSRF) vulnerability discovered in
PHP Ever ...)
NOT-FOR-US: WordPress plugin
CVE-2021-23209
RESERVED
-CVE-2021-23174
- RESERVED
+CVE-2021-23174 (Authenticated (admin+) Persistent Cross-Site Scripting (XSS)
vulnerabi ...)
+ TODO: check
CVE-2021-23150
RESERVED
CVE-2022-23206
@@ -3349,8 +3371,8 @@ CVE-2022-23180
RESERVED
CVE-2022-23179
RESERVED
-CVE-2022-21199
- RESERVED
+CVE-2022-21199 (An information disclosure vulnerability exists due to the
hardcoded TL ...)
+ TODO: check
CVE-2022-0217 [Unauthenticated Remote Denial of Service Attack in the
WebSocket interface]
RESERVED
{DSA-5047-1}
@@ -3565,12 +3587,12 @@ CVE-2022-23105 (Jenkins Active Directory Plugin 2.25
and earlier does not encryp
NOT-FOR-US: Jenkins plugin
CVE-2022-23102
RESERVED
-CVE-2022-21236
- RESERVED
-CVE-2022-21217
- RESERVED
-CVE-2022-21134
- RESERVED
+CVE-2022-21236 (An information disclosure vulnerability exists due to a web
server mis ...)
+ TODO: check
+CVE-2022-21217 (An out-of-bounds write vulnerability exists in the device
TestEmail fu ...)
+ TODO: check
+CVE-2022-21134 (A firmware update vulnerability exists in the
&quot;update&quo ...)
+ TODO: check
CVE-2022-0194
RESERVED
CVE-2022-0193
@@ -3837,12 +3859,12 @@ CVE-2022-22996
RESERVED
CVE-2022-22995
RESERVED
-CVE-2022-22994
- RESERVED
-CVE-2022-22993
- RESERVED
-CVE-2022-22992
- RESERVED
+CVE-2022-22994 (A remote code execution vulnerability was discovered on
Western Digita ...)
+ TODO: check
+CVE-2022-22993 (A limited SSRF vulnerability was discovered on Western Digital
My Clou ...)
+ TODO: check
+CVE-2022-22992 (A command injection remote code execution vulnerability was
discovered ...)
+ TODO: check
CVE-2022-22991 (A malicious user on the same LAN could use DNS spoofing
followed by a ...)
NOT-FOR-US: Western Digital / My Cloud OS 5 Firmware
CVE-2022-22990 (A limited authentication bypass vulnerability was discovered
that coul ...)
@@ -3969,8 +3991,8 @@ CVE-2022-22940
RESERVED
CVE-2022-22939
RESERVED
-CVE-2022-22938
- RESERVED
+CVE-2022-22938 (VMware Workstation (16.x prior to 16.2.2) and Horizon Client
for Windo ...)
+ TODO: check
CVE-2022-22937
RESERVED
CVE-2022-22936
@@ -4636,10 +4658,10 @@ CVE-2022-22793
RESERVED
CVE-2022-22792
RESERVED
-CVE-2022-22791
- RESERVED
-CVE-2022-22790
- RESERVED
+CVE-2022-22791 (SYNEL - eharmony Authenticated Blind & Stored XSS. Inject
JS code ...)
+ TODO: check
+CVE-2022-22790 (SYNEL - eharmony Directory Traversal. Directory Traversal - is
an atta ...)
+ TODO: check
CVE-2022-22789 (Charactell - FormStorm Enterprise Account takeover – An
attacker ...)
NOT-FOR-US: Charactell - FormStorm Enterprise
CVE-2022-22788
@@ -8025,8 +8047,7 @@ CVE-2021-45466
RESERVED
CVE-2021-45465
RESERVED
-CVE-2021-4160 [BN_mod_exp may produce incorrect results on MIPS]
- RESERVED
+CVE-2021-4160 (There is a carry propagation bug in the MIPS32 and MIPS64
squaring pro ...)
- openssl 1.1.1m-1
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb
(OpenSSL_1_1_1m)
NOTE:
https://mta.openssl.org/pipermail/openssl-announce/2022-January/000214.html
@@ -9530,8 +9551,8 @@ CVE-2021-45115 (An issue was discovered in Django 2.2
before 2.2.26, 3.2 before
NOTE:
https://github.com/django/django/commit/2135637fdd5ce994de110affef9e67dffdf77277
(2.2.26)
CVE-2021-45106
RESERVED
-CVE-2021-44463
- RESERVED
+CVE-2021-44463 (Missing DLLs, if replaced by an insider, could allow an
attacker to ac ...)
+ TODO: check
CVE-2021-44462
RESERVED
CVE-2021-4137
@@ -9572,8 +9593,8 @@ CVE-2021-4126
{DSA-5034-1 DLA-2874-1}
- thunderbird 1:91.4.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/#CVE-2021-4126
-CVE-2021-26264
- RESERVED
+CVE-2021-26264 (A specially crafted script could cause the DeltaV Distributed
Control ...)
+ TODO: check
CVE-2021-23173 (The affected product is vulnerable to an improper access
control, whic ...)
NOT-FOR-US: Philips
CVE-2021-23157 (WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable
to a he ...)
@@ -11890,7 +11911,7 @@ CVE-2021-33848 (Fresenius Kabi Vigilant Software Suite
(Mastermed Dashboard) ver
NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard)
CVE-2021-33846 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard)
version 2 ...)
NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard)
-CVE-2021-33843 (Fresenius Kabi Agilia Link + version 3.0 has a default
configuration p ...)
+CVE-2021-33843 (Fresenius Kabi Agilia SP MC WiFi vD25 and prior has a default
configur ...)
NOT-FOR-US: Fresenius Kabi Agilia Link
CVE-2021-31562 (The SSL/TLS configuration of Fresenius Kabi Agilia Link +
version 3.0 ...)
NOT-FOR-US: Fresenius Kabi Agilia Link
@@ -11931,130 +11952,130 @@ CVE-2021-44420 (In Django 2.2 before 2.2.25, 3.1
before 3.1.14, and 3.2 before 3
NOTE:
https://www.djangoproject.com/weblog/2021/dec/07/security-releases/
NOTE:
https://github.com/django/django/commit/333c65603032c377e682cdbd7388657a5463a05a
(3.2.10)
NOTE:
https://github.com/django/django/commit/7cf7d74e8a754446eeb85cacf2fef1247e0cb6d7
(2.2.25)
-CVE-2021-44419
- RESERVED
-CVE-2021-44418
- RESERVED
-CVE-2021-44417
- RESERVED
-CVE-2021-44416
- RESERVED
-CVE-2021-44415
- RESERVED
-CVE-2021-44414
- RESERVED
-CVE-2021-44413
- RESERVED
-CVE-2021-44412
- RESERVED
-CVE-2021-44411
- RESERVED
-CVE-2021-44410
- RESERVED
-CVE-2021-44409
- RESERVED
-CVE-2021-44408
- RESERVED
-CVE-2021-44407
- RESERVED
-CVE-2021-44406
- RESERVED
-CVE-2021-44405
- RESERVED
-CVE-2021-44404
- RESERVED
-CVE-2021-44403
- RESERVED
-CVE-2021-44402
- RESERVED
-CVE-2021-44401
- RESERVED
-CVE-2021-44400
- RESERVED
-CVE-2021-44399
- RESERVED
-CVE-2021-44398
- RESERVED
-CVE-2021-44397
- RESERVED
-CVE-2021-44396
- RESERVED
-CVE-2021-44395
- RESERVED
+CVE-2021-44419 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44418 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44417 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44416 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44415 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44414 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44413 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44412 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44411 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44410 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44409 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44408 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44407 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44406 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44405 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44404 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44403 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44402 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44401 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44400 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44399 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44398 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44397 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44396 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44395 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
CVE-2021-44394
RESERVED
-CVE-2021-44393
- RESERVED
-CVE-2021-44392
- RESERVED
-CVE-2021-44391
- RESERVED
-CVE-2021-44390
- RESERVED
-CVE-2021-44389
- RESERVED
-CVE-2021-44388
- RESERVED
-CVE-2021-44387
- RESERVED
-CVE-2021-44386
- RESERVED
-CVE-2021-44385
- RESERVED
-CVE-2021-44384
- RESERVED
-CVE-2021-44383
- RESERVED
-CVE-2021-44382
- RESERVED
-CVE-2021-44381
- RESERVED
-CVE-2021-44380
- RESERVED
-CVE-2021-44379
- RESERVED
-CVE-2021-44378
- RESERVED
-CVE-2021-44377
- RESERVED
-CVE-2021-44376
- RESERVED
+CVE-2021-44393 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44392 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44391 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44390 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44389 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44388 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44387 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44386 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44385 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44384 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44383 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44382 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44381 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44380 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44379 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44378 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44377 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44376 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
CVE-2021-44375
RESERVED
-CVE-2021-44374
- RESERVED
-CVE-2021-44373
- RESERVED
-CVE-2021-44372
- RESERVED
-CVE-2021-44371
- RESERVED
-CVE-2021-44370
- RESERVED
-CVE-2021-44369
- RESERVED
-CVE-2021-44368
- RESERVED
-CVE-2021-44367
- RESERVED
+CVE-2021-44374 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44373 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44372 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44371 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44370 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44369 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44368 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44367 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
CVE-2021-44366
RESERVED
-CVE-2021-44365
- RESERVED
-CVE-2021-44364
- RESERVED
-CVE-2021-44363
- RESERVED
-CVE-2021-44362
- RESERVED
-CVE-2021-44361
- RESERVED
-CVE-2021-44360
- RESERVED
-CVE-2021-44359
- RESERVED
-CVE-2021-44358
- RESERVED
+CVE-2021-44365 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44364 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44363 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44362 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44361 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44360 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44359 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
+CVE-2021-44358 (A denial of service vulnerability exists in the cgiserver.cgi
JSON com ...)
+ TODO: check
CVE-2021-44357
RESERVED
CVE-2021-44356
@@ -12063,8 +12084,7 @@ CVE-2021-44355
RESERVED
CVE-2021-44354
RESERVED
-CVE-2021-4034
- RESERVED
+CVE-2021-4034 (A local privilege escalation vulnerability was found on
polkit's pkexe ...)
{DSA-5059-1 DLA-2899-1}
- policykit-1 0.105-31.1
NOTE: https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
@@ -13341,8 +13361,8 @@ CVE-2022-21723 (PJSIP is a free and open source
multimedia communication library
TODO: check
CVE-2022-21722 (PJSIP is a free and open source multimedia communication
library writt ...)
TODO: check
-CVE-2022-21721
- RESERVED
+CVE-2022-21721 (Next.js is a React framework. Starting with version 12.0.0 and
prior t ...)
+ TODO: check
CVE-2022-21720 (GLPI is a free asset and IT management software package. Prior
to vers ...)
- glpi <removed> (unimportant)
NOTE: Only supported behind an authenticated HTTP zone
@@ -25353,46 +25373,46 @@ CVE-2021-40425
RESERVED
CVE-2021-40424
RESERVED
-CVE-2021-40423
- RESERVED
+CVE-2021-40423 (A denial of service vulnerability exists in the cgiserver.cgi
API comm ...)
+ TODO: check
CVE-2021-40422
RESERVED
CVE-2021-40421
RESERVED
CVE-2021-40420
RESERVED
-CVE-2021-40419
- RESERVED
+CVE-2021-40419 (A firmware update vulnerability exists in the 'factory' binary
of reol ...)
+ TODO: check
CVE-2021-40418 (When parsing a file that is submitted to the DPDecoder service
as a jo ...)
NOT-FOR-US: DaVinci Resolve
CVE-2021-40417 (When parsing a file that is submitted to the DPDecoder service
as a jo ...)
NOT-FOR-US: DaVinci Resolve
-CVE-2021-40416
- RESERVED
-CVE-2021-40415
- RESERVED
-CVE-2021-40414
- RESERVED
-CVE-2021-40413
- RESERVED
-CVE-2021-40412
- RESERVED
-CVE-2021-40411
- RESERVED
-CVE-2021-40410
- RESERVED
-CVE-2021-40409
- RESERVED
-CVE-2021-40408
- RESERVED
-CVE-2021-40407
- RESERVED
-CVE-2021-40406
- RESERVED
+CVE-2021-40416 (An incorrect default permission vulnerability exists in the
cgiserver. ...)
+ TODO: check
+CVE-2021-40415 (An incorrect default permission vulnerability exists in the
cgiserver. ...)
+ TODO: check
+CVE-2021-40414 (An incorrect default permission vulnerability exists in the
cgiserver. ...)
+ TODO: check
+CVE-2021-40413 (An incorrect default permission vulnerability exists in the
cgiserver. ...)
+ TODO: check
+CVE-2021-40412 (An OScommand injection vulnerability exists in the device
network sett ...)
+ TODO: check
+CVE-2021-40411 (An OS command injection vulnerability exists in the device
network set ...)
+ TODO: check
+CVE-2021-40410 (An OS command injection vulnerability exists in the device
network set ...)
+ TODO: check
+CVE-2021-40409 (An OS command injection vulnerability exists in the device
network set ...)
+ TODO: check
+CVE-2021-40408 (An OS command injection vulnerability exists in the device
network set ...)
+ TODO: check
+CVE-2021-40407 (An OS command injection vulnerability exists in the device
network set ...)
+ TODO: check
+CVE-2021-40406 (A denial of service vulnerability exists in the cgiserver.cgi
session ...)
+ TODO: check
CVE-2021-40405
RESERVED
-CVE-2021-40404
- RESERVED
+CVE-2021-40404 (An authentication bypass vulnerability exists in the
cgiserver.cgi Log ...)
+ TODO: check
CVE-2021-40403
RESERVED
CVE-2021-40402
@@ -25405,10 +25425,10 @@ CVE-2021-40399
RESERVED
CVE-2021-40398
RESERVED
-CVE-2021-40397
- RESERVED
-CVE-2021-40396
- RESERVED
+CVE-2021-40397 (A privilege escalation vulnerability exists in the
installation of Adv ...)
+ TODO: check
+CVE-2021-40396 (A privilege escalation vulnerability exists in the
installation of Adv ...)
+ TODO: check
CVE-2021-40395
REJECTED
CVE-2021-40394 (An out-of-bounds write vulnerability exists in the RS-274X
aperture ma ...)
@@ -25439,10 +25459,10 @@ CVE-2021-40391 (An out-of-bounds write vulnerability
exists in the drill format
NOTE: https://github.com/gerbv/gerbv/issues/30
CVE-2021-40390
RESERVED
-CVE-2021-40389
- RESERVED
-CVE-2021-40388
- RESERVED
+CVE-2021-40389 (A privilege escalation vulnerability exists in the
installation of Adv ...)
+ TODO: check
+CVE-2021-40388 (A privilege escalation vulnerability exists in Advantech SQ
Manager Se ...)
+ TODO: check
CVE-2021-40387 (An issue was discovered in the server software in Kaseya
Unitrends Bac ...)
NOT-FOR-US: Kaseya Unitrends Backup Software
CVE-2021-40386
@@ -25558,12 +25578,12 @@ CVE-2021-40342
RESERVED
CVE-2021-40341
RESERVED
-CVE-2021-40340
- RESERVED
-CVE-2021-40339
- RESERVED
-CVE-2021-40338
- RESERVED
+CVE-2021-40340 (Information Exposure vulnerability in Hitachi Energy LinkOne
applicati ...)
+ TODO: check
+CVE-2021-40339 (Configuration vulnerability in Hitachi Energy LinkOne
application due ...)
+ TODO: check
+CVE-2021-40338 (Hitachi Energy LinkOne product, has a vulnerability due to a
web serve ...)
+ TODO: check
CVE-2021-40337 (Cross-site Scripting (XSS) vulnerability in Hitachi Energy
LinkOne all ...)
NOT-FOR-US: Hitachi
CVE-2021-40336
@@ -57463,8 +57483,8 @@ CVE-2021-27656 (A vulnerability in exacqVision Web
Service 20.12.2.0 and prior c
NOT-FOR-US: exacqVision Web Service
CVE-2021-27655
RESERVED
-CVE-2021-27654
- RESERVED
+CVE-2021-27654 (Forgotten password reset functionality for local accounts can
be used ...)
+ TODO: check
CVE-2021-27653 (Misconfiguration of the Pega Chat Access Group portal in Pega
platform ...)
NOT-FOR-US: Pega
CVE-2021-27652
@@ -66687,8 +66707,8 @@ CVE-2021-23865
RESERVED
CVE-2021-23864
RESERVED
-CVE-2021-23863
- RESERVED
+CVE-2021-23863 (HTML code injection vulnerability in Android Application,
Bosch Video ...)
+ TODO: check
CVE-2021-23862 (A crafted configuration packet sent by an authenticated
administrative ...)
NOT-FOR-US: Bosch
CVE-2021-23861 (By executing a special command, an user with administrative
rights can ...)
@@ -66955,8 +66975,8 @@ CVE-2021-23762
RESERVED
CVE-2021-23761
RESERVED
-CVE-2021-23760
- RESERVED
+CVE-2021-23760 (The package keyget from 0.0.0 are vulnerable to Prototype
Pollution vi ...)
+ TODO: check
CVE-2021-23759
RESERVED
CVE-2021-23758 (All versions of package ajaxpro.2 are vulnerable to
Deserialization of ...)
@@ -67364,8 +67384,8 @@ CVE-2021-23560
RESERVED
CVE-2021-23559
RESERVED
-CVE-2021-23558
- RESERVED
+CVE-2021-23558 (The package bmoor before 0.10.1 are vulnerable to Prototype
Pollution ...)
+ TODO: check
CVE-2021-23557
RESERVED
CVE-2021-23556
@@ -67515,8 +67535,8 @@ CVE-2021-23486
RESERVED
CVE-2021-23485
RESERVED
-CVE-2021-23484
- RESERVED
+CVE-2021-23484 (The package zip-local before 0.3.5 are vulnerable to Arbitrary
File Wr ...)
+ TODO: check
CVE-2021-23483
RESERVED
CVE-2021-23482
@@ -69042,48 +69062,48 @@ CVE-2021-22829
RESERVED
CVE-2021-22828
RESERVED
-CVE-2021-22827
- RESERVED
-CVE-2021-22826
- RESERVED
-CVE-2021-22825
- RESERVED
+CVE-2021-22827 (A CWE-20: Improper Input Validation vulnerability exists that
could ca ...)
+ TODO: check
+CVE-2021-22826 (A CWE-20: Improper Input Validation vulnerability exists that
could ca ...)
+ TODO: check
+CVE-2021-22825 (A CWE-200: Exposure of Sensitive Information to an
Unauthorized Actor ...)
+ TODO: check
CVE-2021-22824
RESERVED
CVE-2021-22823
RESERVED
-CVE-2021-22822
- RESERVED
-CVE-2021-22821
- RESERVED
-CVE-2021-22820
- RESERVED
-CVE-2021-22819
- RESERVED
-CVE-2021-22818
- RESERVED
+CVE-2021-22822 (A CWE-79 Improper Neutralization of Input During Web Page
Generation ( ...)
+ TODO: check
+CVE-2021-22821 (A CWE-918 Server-Side Request Forgery (SSRF) vulnerability
exists that ...)
+ TODO: check
+CVE-2021-22820 (A CWE-614 Insufficient Session Expiration vulnerability exists
that co ...)
+ TODO: check
+CVE-2021-22819 (A CWE-1021 Improper Restriction of Rendered UI Layers or
Frames vulner ...)
+ TODO: check
+CVE-2021-22818 (A CWE-307 Improper Restriction of Excessive Authentication
Attempts vu ...)
+ TODO: check
CVE-2021-22817
RESERVED
-CVE-2021-22816
- RESERVED
-CVE-2021-22815
- RESERVED
-CVE-2021-22814
- RESERVED
-CVE-2021-22813
- RESERVED
-CVE-2021-22812
- RESERVED
-CVE-2021-22811
- RESERVED
-CVE-2021-22810
- RESERVED
-CVE-2021-22809
- RESERVED
-CVE-2021-22808
- RESERVED
-CVE-2021-22807
- RESERVED
+CVE-2021-22816 (A CWE-754: Improper Check for Unusual or Exceptional
Conditions vulner ...)
+ TODO: check
+CVE-2021-22815 (A CWE-200: Information Exposure vulnerability exists which
could cause ...)
+ TODO: check
+CVE-2021-22814 (A CWE-79: Improper Neutralization of Input During Web Page
Generation ...)
+ TODO: check
+CVE-2021-22813 (A CWE-79: Improper Neutralization of Input During Web Page
Generation ...)
+ TODO: check
+CVE-2021-22812 (A CWE-79: Improper Neutralization of Input During Web Page
Generation ...)
+ TODO: check
+CVE-2021-22811 (A CWE-79: Improper Neutralization of Input During Web Page
Generation ...)
+ TODO: check
+CVE-2021-22810 (A CWE-79: Improper Neutralization of Input During Web Page
Generation ...)
+ TODO: check
+CVE-2021-22809 (A CWE-125:Out-of-Bounds Read vulnerability exists that could
cause uni ...)
+ TODO: check
+CVE-2021-22808 (A CWE-416: Use After Free vulnerability exists that could
cause arbitr ...)
+ TODO: check
+CVE-2021-22807 (A CWE-787: Out-of-bounds Write vulnerability exists that could
cause a ...)
+ TODO: check
CVE-2021-22806
RESERVED
CVE-2021-22805
@@ -69098,8 +69118,8 @@ CVE-2021-22801
RESERVED
CVE-2021-22800
RESERVED
-CVE-2021-22799
- RESERVED
+CVE-2021-22799 (A CWE-331: Insufficient Entropy vulnerability exists that
could cause ...)
+ TODO: check
CVE-2021-22798
RESERVED
CVE-2021-22797
@@ -69246,10 +69266,10 @@ CVE-2021-22727 (A CWE-331: Insufficient Entropy
vulnerability exists in EVlink C
NOT-FOR-US: Schneider Electric
CVE-2021-22726 (A CWE-918: Server-Side Request Forgery (SSRF) vulnerability
exists in ...)
NOT-FOR-US: Schneider Electric
-CVE-2021-22725
- RESERVED
-CVE-2021-22724
- RESERVED
+CVE-2021-22725 (A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability
exists that ...)
+ TODO: check
+CVE-2021-22724 (A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability
exists that ...)
+ TODO: check
CVE-2021-22723 (A CWE-79: Improper Neutralization of Input During Web Page
Generation ...)
NOT-FOR-US: Schneider Electric
CVE-2021-22722 (A CWE-79: Improper Neutralization of Input During Web Page
Generation ...)
@@ -142773,7 +142793,7 @@ CVE-2020-6062 (An exploitable denial-of-service
vulnerability exists in the way
[jessie] - coturn <not-affected> (Vulnerable code introduced later)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2020-0985
NOTE:
https://github.com/coturn/coturn/commit/e09bcd9f7af5b32c81b37f51835b384b5a7d03a8
-CVE-2020-6061 (An exploitable heap overflow vulnerability exists in the way
CoTURN 4. ...)
+CVE-2020-6061 (An exploitable heap out-of-bounds read vulnerability exists in
the way ...)
{DSA-4711-1}
- coturn 4.5.1.1-1.2 (bug #951876)
[jessie] - coturn <not-affected> (Vulnerable code introduced later)
@@ -339887,8 +339907,8 @@ CVE-2016-3737 (The server in Red Hat JBoss Operations
Network (JON) before 3.3.6
NOT-FOR-US: Red Hat / JBoss Operations Network server
CVE-2016-3736
REJECTED
-CVE-2016-3735
- RESERVED
+CVE-2016-3735 (Piwigo is image gallery software written in PHP. When a
criteria is no ...)
+ TODO: check
CVE-2016-3734 (Cross-site request forgery (CSRF) vulnerability in
markposts.php in Mo ...)
- moodle 2.7.14+dfsg-1
NOTE:
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53755
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c258f029c0ff10c2d14d6a2d21085292ceecc7e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c258f029c0ff10c2d14d6a2d21085292ceecc7e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
