Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
64f4e7e3 by security tracker role at 2022-05-13T20:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2022-30703
+ RESERVED
+CVE-2022-30702
+ RESERVED
+CVE-2022-30701
+ RESERVED
+CVE-2022-30700
+ RESERVED
+CVE-2022-30699
+ RESERVED
+CVE-2022-30698
+ RESERVED
+CVE-2022-30697
+ RESERVED
+CVE-2022-30696
+ RESERVED
+CVE-2022-30695
+ RESERVED
+CVE-2022-30694
+ RESERVED
+CVE-2022-30543
+ RESERVED
+CVE-2022-29485
+ RESERVED
+CVE-2022-29481
+ RESERVED
+CVE-2022-28689
+ RESERVED
+CVE-2022-26023
+ RESERVED
+CVE-2022-1715 (Account Takeover in GitHub repository neorazorx/facturascripts
prior t ...)
+ TODO: check
+CVE-2022-1714 (Heap-based Buffer Overflow in GitHub repository
radareorg/radare2 prio ...)
+ TODO: check
+CVE-2022-1713
+ RESERVED
+CVE-2022-1712
+ RESERVED
+CVE-2022-1711
+ RESERVED
+CVE-2022-1710
+ RESERVED
+CVE-2022-1709
+ RESERVED
+CVE-2022-1708
+ RESERVED
+CVE-2022-1707
+ RESERVED
+CVE-2022-1706
+ RESERVED
+CVE-2021-46279
+ RESERVED
+CVE-2021-45925
+ RESERVED
+CVE-2021-44776
+ RESERVED
+CVE-2021-44769
+ RESERVED
+CVE-2021-44467
+ RESERVED
+CVE-2021-4228
+ RESERVED
CVE-2022-30689
RESERVED
CVE-2022-30688
@@ -650,8 +712,8 @@ CVE-2022-30491
RESERVED
CVE-2022-30490
RESERVED
-CVE-2022-30489
- RESERVED
+CVE-2022-30489 (WAVLINK WN535 G3 was discovered to contain a cross-site
scripting (XSS ...)
+ TODO: check
CVE-2022-30488
RESERVED
CVE-2022-30487
@@ -794,108 +856,108 @@ CVE-2022-30419
RESERVED
CVE-2022-30418
RESERVED
-CVE-2022-30417
- RESERVED
+CVE-2022-30417 (Covid-19 Travel Pass Management System v1.0 is vulnerable to
SQL Injec ...)
+ TODO: check
CVE-2022-30416
RESERVED
-CVE-2022-30415
- RESERVED
-CVE-2022-30414
- RESERVED
-CVE-2022-30413
- RESERVED
-CVE-2022-30412
- RESERVED
-CVE-2022-30411
- RESERVED
+CVE-2022-30415 (Covid-19 Travel Pass Management System v1.0 is vulnerable to
SQL Injec ...)
+ TODO: check
+CVE-2022-30414 (Covid-19 Travel Pass Management System v1.0 is vulnerable to
SQL Injec ...)
+ TODO: check
+CVE-2022-30413 (Covid-19 Travel Pass Management System v1.0 is vulnerable to
SQL Injec ...)
+ TODO: check
+CVE-2022-30412 (Covid-19 Travel Pass Management System v1.0 is vulnerable to
SQL Injec ...)
+ TODO: check
+CVE-2022-30411 (Covid-19 Travel Pass Management System v1.0 is vulnerable to
SQL Injec ...)
+ TODO: check
CVE-2022-30410
RESERVED
CVE-2022-30409
RESERVED
-CVE-2022-30408
- RESERVED
-CVE-2022-30407
- RESERVED
+CVE-2022-30408 (Covid-19 Travel Pass Management System v1.0 is vulnerable to
file dele ...)
+ TODO: check
+CVE-2022-30407 (Pharmacy Sales And Inventory System v1.0 is vulnerable to SQL
Injectio ...)
+ TODO: check
CVE-2022-30406
RESERVED
CVE-2022-30405
RESERVED
-CVE-2022-30404
- RESERVED
-CVE-2022-30403
- RESERVED
-CVE-2022-30402
- RESERVED
-CVE-2022-30401
- RESERVED
-CVE-2022-30400
- RESERVED
-CVE-2022-30399
- RESERVED
-CVE-2022-30398
- RESERVED
+CVE-2022-30404 (College Management System v1.0 is vulnerable to SQL Injection
via /Col ...)
+ TODO: check
+CVE-2022-30403 (Merchandise Online Store v1.0 is vulnerable to SQL Injection
via /vlog ...)
+ TODO: check
+CVE-2022-30402 (Merchandise Online Store v1.0 is vulnerable to SQL Injection
via /vlog ...)
+ TODO: check
+CVE-2022-30401 (Merchandise Online Store v1.0 is vulnerable to SQL Injection
via /vlog ...)
+ TODO: check
+CVE-2022-30400 (Merchandise Online Store v1.0 is vulnerable to SQL Injection
via /vlog ...)
+ TODO: check
+CVE-2022-30399 (Merchandise Online Store v1.0 is vulnerable to SQL Injection
via /vlog ...)
+ TODO: check
+CVE-2022-30398 (Merchandise Online Store v1.0 is vulnerable to SQL Injection
via /vlog ...)
+ TODO: check
CVE-2022-30397
RESERVED
-CVE-2022-30396
- RESERVED
-CVE-2022-30395
- RESERVED
+CVE-2022-30396 (Merchandise Online Store v1.0 is vulnerable to SQL Injection
via /vlog ...)
+ TODO: check
+CVE-2022-30395 (Merchandise Online Store v1.0 is vulnerable to SQL Injection
via /vlog ...)
+ TODO: check
CVE-2022-30394
RESERVED
-CVE-2022-30393
- RESERVED
-CVE-2022-30392
- RESERVED
-CVE-2022-30391
- RESERVED
+CVE-2022-30393 (Merchandise Online Store v1.0 is vulnerable to SQL Injection
via /vlog ...)
+ TODO: check
+CVE-2022-30392 (Merchandise Online Store v1.0 is vulnerable to SQL Injection
via /vlog ...)
+ TODO: check
+CVE-2022-30391 (Merchandise Online Store v1.0 is vulnerable to SQL Injection
via /vlog ...)
+ TODO: check
CVE-2022-30390
RESERVED
CVE-2022-30389
RESERVED
CVE-2022-30388
RESERVED
-CVE-2022-30387
- RESERVED
-CVE-2022-30386
- RESERVED
-CVE-2022-30385
- RESERVED
-CVE-2022-30384
- RESERVED
+CVE-2022-30387 (Merchandise Online Store v1.0 is vulnerable to SQL Injection
via /vlog ...)
+ TODO: check
+CVE-2022-30386 (Merchandise Online Store v1.0 is vulnerable to SQL Injection
via /vlog ...)
+ TODO: check
+CVE-2022-30385 (Merchandise Online Store v1.0 is vulnerable to SQL Injection
via /vlog ...)
+ TODO: check
+CVE-2022-30384 (Merchandise Online Store v1.0 is vulnerable to SQL Injection
via /vlog ...)
+ TODO: check
CVE-2022-30383
RESERVED
CVE-2022-30382
RESERVED
-CVE-2022-30381
- RESERVED
+CVE-2022-30381 (Merchandise Online Store v1.0 is vulnerable to file deletion
via /vlog ...)
+ TODO: check
CVE-2022-30380
RESERVED
-CVE-2022-30379
- RESERVED
-CVE-2022-30378
- RESERVED
+CVE-2022-30379 (Sourcecodester Simple Social Networking Site v1.0 is
vulnerable to SQL ...)
+ TODO: check
+CVE-2022-30378 (Sourcecodester Simple Social Networking Site v1.0 is
vulnerable to SQL ...)
+ TODO: check
CVE-2022-30377
RESERVED
-CVE-2022-30376
- RESERVED
-CVE-2022-30375
- RESERVED
-CVE-2022-30374
- RESERVED
-CVE-2022-30373
- RESERVED
-CVE-2022-30372
- RESERVED
-CVE-2022-30371
- RESERVED
-CVE-2022-30370
- RESERVED
+CVE-2022-30376 (Sourcecodester Simple Social Networking Site v1.0 is
vulnerable to SQL ...)
+ TODO: check
+CVE-2022-30375 (Sourcecodester Simple Social Networking Site v1.0 is
vulnerable to fil ...)
+ TODO: check
+CVE-2022-30374 (Air Cargo Management System 1.0 is vulnerable to SQL Injection
via /ac ...)
+ TODO: check
+CVE-2022-30373 (Air Cargo Management System 1.0 is vulnerable to SQL Injection
via /ac ...)
+ TODO: check
+CVE-2022-30372 (Air Cargo Management System 1.0 is vulnerable to SQL Injection
via /ac ...)
+ TODO: check
+CVE-2022-30371 (Air Cargo Management System 1.0 is vulnerable to SQL Injection
via /ac ...)
+ TODO: check
+CVE-2022-30370 (Air Cargo Management System 1.0 is vulnerable to SQL Injection
via /ac ...)
+ TODO: check
CVE-2022-30369
RESERVED
CVE-2022-30368
RESERVED
-CVE-2022-30367
- RESERVED
+CVE-2022-30367 (Air Cargo Management System v1.0 is vulnerable to file
deletion via /a ...)
+ TODO: check
CVE-2022-30366
RESERVED
CVE-2022-30365
@@ -2340,8 +2402,8 @@ CVE-2022-29856 (A hardcoded cryptographic key in
Automation360 22 allows an atta
NOT-FOR-US: Automation360
CVE-2022-29855 (Mitel 6800 and 6900 Series SIP phone devices through
2022-04-27 have " ...)
NOT-FOR-US: Mitel
-CVE-2022-29854
- RESERVED
+CVE-2022-29854 (A vulnerability in Mitel 6900 Series IP (MiNet) phones
excluding 6970, ...)
+ TODO: check
CVE-2022-29853
RESERVED
CVE-2022-29852
@@ -2675,22 +2737,22 @@ CVE-2022-29798
RESERVED
CVE-2022-29797
RESERVED
-CVE-2022-29796
- RESERVED
-CVE-2022-29795
- RESERVED
-CVE-2022-29794
- RESERVED
-CVE-2022-29793
- RESERVED
-CVE-2022-29792
- RESERVED
-CVE-2022-29791
- RESERVED
-CVE-2022-29790
- RESERVED
-CVE-2022-29789
- RESERVED
+CVE-2022-29796 (The HiAIserver has a vulnerability in verifying the validity
of the we ...)
+ TODO: check
+CVE-2022-29795 (The frame scheduling module has a null pointer dereference
vulnerabili ...)
+ TODO: check
+CVE-2022-29794 (The frame scheduling module has a Use After Free (UAF)
vulnerability.S ...)
+ TODO: check
+CVE-2022-29793 (There is a configuration defect in the activation lock of
mobile phone ...)
+ TODO: check
+CVE-2022-29792 (The chip component has a vulnerability of disclosing CPU
SNs.Successfu ...)
+ TODO: check
+CVE-2022-29791 (The HiAIserver has a vulnerability in verifying the validity
of the we ...)
+ TODO: check
+CVE-2022-29790 (The graphics acceleration service has a vulnerability in
multi-thread ...)
+ TODO: check
+CVE-2022-29789 (The HiAIserver has a vulnerability in verifying the validity
of the pr ...)
+ TODO: check
CVE-2022-27174
RESERVED
CVE-2022-1465
@@ -2713,16 +2775,16 @@ CVE-2022-1457 (Store XSS in title parameter executing
at EditUser Page & Edi
NOT-FOR-US: facturascripts
CVE-2022-1456
RESERVED
-CVE-2021-46789
- RESERVED
-CVE-2021-46788
- RESERVED
-CVE-2021-46787
- RESERVED
-CVE-2021-46786
- RESERVED
-CVE-2021-46785
- RESERVED
+CVE-2021-46789 (Configuration defects in the secure OS module.Successful
exploitation ...)
+ TODO: check
+CVE-2021-46788 (Third-party pop-up window coverage vulnerability in the
iConnect modul ...)
+ TODO: check
+CVE-2021-46787 (The AMS module has a vulnerability of improper permission
control.Succ ...)
+ TODO: check
+CVE-2021-46786 (The audio module has a vulnerability in verifying the
parameters passe ...)
+ TODO: check
+CVE-2021-46785 (The Property module has a vulnerability in permission
control.This vul ...)
+ TODO: check
CVE-2022-29788
RESERVED
CVE-2022-29787
@@ -3647,8 +3709,8 @@ CVE-2022-29435
RESERVED
CVE-2022-29434
RESERVED
-CVE-2022-29433
- RESERVED
+CVE-2022-29433 (Authenticated (contributor or higher role) Cross-Site
Scripting (XSS) ...)
+ TODO: check
CVE-2022-29432
RESERVED
CVE-2022-29431
@@ -3773,8 +3835,8 @@ CVE-2022-29385
RESERVED
CVE-2022-29384
RESERVED
-CVE-2022-29383
- RESERVED
+CVE-2022-29383 (NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was
discovere ...)
+ TODO: check
CVE-2022-29382
RESERVED
CVE-2022-29381
@@ -5217,26 +5279,26 @@ CVE-2022-28832
RESERVED
CVE-2022-28831
RESERVED
-CVE-2022-28830
- RESERVED
-CVE-2022-28829
- RESERVED
-CVE-2022-28828
- RESERVED
-CVE-2022-28827
- RESERVED
-CVE-2022-28826
- RESERVED
-CVE-2022-28825
- RESERVED
-CVE-2022-28824
- RESERVED
-CVE-2022-28823
- RESERVED
-CVE-2022-28822
- RESERVED
-CVE-2022-28821
- RESERVED
+CVE-2022-28830 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and
earlier ...)
+ TODO: check
+CVE-2022-28829 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and
earlier ...)
+ TODO: check
+CVE-2022-28828 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and
earlier ...)
+ TODO: check
+CVE-2022-28827 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and
earlier ...)
+ TODO: check
+CVE-2022-28826 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and
earlier ...)
+ TODO: check
+CVE-2022-28825 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and
earlier ...)
+ TODO: check
+CVE-2022-28824 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and
earlier ...)
+ TODO: check
+CVE-2022-28823 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and
earlier ...)
+ TODO: check
+CVE-2022-28822 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and
earlier ...)
+ TODO: check
+CVE-2022-28821 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and
earlier ...)
+ TODO: check
CVE-2022-28820 (ACS Commons version 5.1.x (and earlier) suffers from a
Reflected Cross ...)
NOT-FOR-US: Adobe
CVE-2022-28819 (Adobe Character Animator versions 4.4.2 (and earlier) and 22.3
(and ea ...)
@@ -9671,8 +9733,8 @@ CVE-2022-27249 (An unrestricted file upload vulnerability
in IdeaRE RefTree befo
NOT-FOR-US: IdeaRE RefTree
CVE-2022-27248 (A directory traversal vulnerability in IdeaRE RefTree before
2021.09.1 ...)
NOT-FOR-US: IdeaRE RefTree
-CVE-2022-27247
- RESERVED
+CVE-2022-27247 (onlinetolls in cdSoft Onlinetools-Smart Winhotel.MX 2021
allows an att ...)
+ TODO: check
CVE-2022-27246 (An issue was discovered in MISP before 2.4.156. An SVG org
logo (which ...)
NOT-FOR-US: MISP
CVE-2022-27245 (An issue was discovered in MISP before 2.4.156.
app/Model/Server.php d ...)
@@ -10269,6 +10331,7 @@ CVE-2022-27116
CVE-2022-27115 (In Studio-42 elFinder 2.1.60, there is a vulnerability that
causes rem ...)
NOT-FOR-US: Studio-42 elFinder
CVE-2022-27114 (There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg
functio ...)
+ {DLA-3004-1}
- htmldoc 1.9.15-2
[bullseye] - htmldoc <no-dsa> (Minor issue)
[buster] - htmldoc <no-dsa> (Minor issue)
@@ -13427,6 +13490,7 @@ CVE-2022-25648 (The package git before 1.11.0 are
vulnerable to Command Injectio
NOTE: Fixed by:
https://github.com/ruby-git/ruby-git/commit/291ca0946bec7164b90ad5c572ac147f512c7159
(v1.11.0)
NOTE: https://security.snyk.io/vuln/SNYK-RUBY-GIT-2421270
CVE-2022-25647 (The package com.google.code.gson:gson before 2.8.9 are
vulnerable to D ...)
+ {DLA-3001-1}
- libgoogle-gson-java 2.9.0-1 (bug #1010670)
NOTE: https://github.com/google/gson/pull/1991
NOTE:
https://github.com/google/gson/commit/e6fae590cf2a758c47cd5a17f9bf3780ce62c986
(gson-parent-2.8.9)
@@ -13840,8 +13904,7 @@ CVE-2022-26874 (lib/Horde/Mime/Viewer/Ooo.php in Horde
Mime_Viewer before 2.2.4
NOTE:
https://blog.sonarsource.com/horde-webmail-account-takeover-via-email/
NOTE: Introduced by:
https://github.com/horde/Mime_Viewer/commit/325a7ae2663dd9c50e85fe515033454669f16f28
NOTE: Fixed by:
https://github.com/horde/Mime_Viewer/commit/02b46cec1a7e8f1a6835b628850cd56b85963bb5
(2.2.4)
-CVE-2022-25762
- RESERVED
+CVE-2022-25762 (If a web application sends a WebSocket message concurrently
with the W ...)
- tomcat9 9.0.22-1
- tomcat8 <removed>
NOTE:
https://github.com/apache/tomcat/commit/e2d5a040b962a904db5264b3cb3282c6b05f823c
(9.0.21)
@@ -14313,8 +14376,8 @@ CVE-2022-25593
RESERVED
CVE-2022-25592
RESERVED
-CVE-2022-25591
- RESERVED
+CVE-2022-25591 (BlogEngine.NET v3.3.8.0 was discovered to contain an arbitrary
file de ...)
+ TODO: check
CVE-2022-25590 (SurveyKing v0.2.0 was discovered to retain users' session
cookies afte ...)
NOT-FOR-US: SurveyKing
CVE-2022-25589
@@ -16482,6 +16545,7 @@ CVE-2022-24838 (Nextcloud Calendar is a calendar
application for the nextcloud f
CVE-2022-24837 (HedgeDoc is an open-source, web-based, self-hosted,
collaborative mark ...)
NOT-FOR-US: HedgeDoc
CVE-2022-24836 (Nokogiri is an open source XML and HTML library for Ruby.
Nokogiri `&l ...)
+ {DLA-3003-1}
- ruby-nokogiri 1.13.5+dfsg-1 (bug #1009787)
NOTE:
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8
NOTE:
https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd
@@ -17713,7 +17777,7 @@ CVE-2022-24411 (Dell PowerScale OneFS 8.2.2 and above
contain an elevation of pr
NOT-FOR-US: Dell PowerScale OneFS
CVE-2022-24410
RESERVED
-CVE-2022-24409 (Only customers with active BSAFE maintenance contracts can
receive det ...)
+CVE-2022-24409 (Dell BSAFE SSL-J contains remediation for a covert timing
channel vuln ...)
NOT-FOR-US: Dell
CVE-2022-24380
RESERVED
@@ -25278,8 +25342,8 @@ CVE-2022-22395
RESERVED
CVE-2022-22394 (The IBM Spectrum Protect 8.1.14.000 server could allow a
remote attack ...)
NOT-FOR-US: IBM
-CVE-2022-22393
- RESERVED
+CVE-2022-22393 (IBM WebSphere Application Server Liberty 17.0.0.3 through
22.0.0.5 , w ...)
+ TODO: check
CVE-2022-22392 (IBM Planning Analytics Local 2.0 could allow an attacker to
upload arb ...)
NOT-FOR-US: IBM
CVE-2022-22391 (IBM Aspera High-Speed Transfer 4.3.1 and earlier could allow
an authen ...)
@@ -25414,8 +25478,8 @@ CVE-2022-22327 (IBM UrbanCode Deploy (UCD) 7.0.5,
7.1.0, 7.1.1, and 7.1.2 uses w
NOT-FOR-US: IBM
CVE-2022-22326
RESERVED
-CVE-2022-22325
- RESERVED
+CVE-2022-22325 (IBM MQ (IBM MQ for HPE NonStop 8.1.0) can inadvertently
disclose sensi ...)
+ TODO: check
CVE-2022-22324
RESERVED
CVE-2022-22323 (IBM Security Identity Manager (IBM Security Verify Password
Synchroniz ...)
@@ -27552,10 +27616,10 @@ CVE-2021-4155
NOTE: https://www.openwall.com/lists/oss-security/2022/01/10/1
CVE-2020-36510 (The 15Zine WordPress theme before 3.3.0 does not sanitise and
escape t ...)
NOT-FOR-US: WordPress theme
-CVE-2022-22261
- RESERVED
-CVE-2022-22260
- RESERVED
+CVE-2022-22261 (The HiAIserver has a vulnerability in verifying the validity
of the we ...)
+ TODO: check
+CVE-2022-22260 (The kernel module has a UAF vulnerability.Successful
exploitation of t ...)
+ TODO: check
CVE-2022-22259
RESERVED
CVE-2022-22258 (The Wi-Fi module has an event notification
vulnerability.Successful ex ...)
@@ -27570,8 +27634,8 @@ CVE-2022-22254 (A permission bypass vulnerability
exists when the NFC CAs access
NOT-FOR-US: Harmony OS
CVE-2022-22253 (The DFX module has a vulnerability of improper validation of
integrity ...)
NOT-FOR-US: Harmony OS
-CVE-2022-22252
- RESERVED
+CVE-2022-22252 (The DFX module has a UAF vulnerability.Successful exploitation
of this ...)
+ TODO: check
CVE-2022-22251
RESERVED
CVE-2022-22250
@@ -37811,6 +37875,7 @@ CVE-2021-43010 (In Safedog Apache v4.0.30255, attackers
can bypass this product
CVE-2021-43009 (A Cross Site Scripting (XSS) vulnerability exists in
OpServices OpMon ...)
NOT-FOR-US: OpServices OpMon
CVE-2021-43008 (Improper Access Control in Adminer versions 1.12.0 to 4.6.2
(fixed in ...)
+ {DLA-3002-1}
- adminer 4.6.3-1
NOTE: https://github.com/vrana/adminer/releases/tag/v4.6.3
NOTE: https://podalirius.net/en/cves/2021-43008/
@@ -37891,12 +37956,12 @@ CVE-2021-42971
RESERVED
CVE-2021-42970 (Cross Site Scripting (XSS) vulnerability exists in cxuucms v3
via the ...)
NOT-FOR-US: cxuucms
-CVE-2021-42969
- RESERVED
+CVE-2021-42969 (Certain Anaconda3 2021.05 are affected by OS command
injection. When a ...)
+ TODO: check
CVE-2021-42968
RESERVED
-CVE-2021-42967
- RESERVED
+CVE-2021-42967 (Unrestricted file upload in
/novel-admin/src/main/java/com/java2nb/com ...)
+ TODO: check
CVE-2021-42966
RESERVED
CVE-2021-42965
@@ -46541,7 +46606,7 @@ CVE-2021-40012
RESERVED
CVE-2021-40011 (There is an uncontrolled resource consumption vulnerability in
the dis ...)
NOT-FOR-US: Huawei
-CVE-2021-40010 (The bone voice ID trusted application (TA) has a heap overflow
vulnera ...)
+CVE-2021-40010 (The bone voice ID TA has a heap overflow
vulnerability.Successful expl ...)
NOT-FOR-US: Huawei
CVE-2021-40009 (There is an Out-of-bounds write vulnerability in the AOD
module in sma ...)
NOT-FOR-US: Huawei
@@ -46793,7 +46858,7 @@ CVE-2021-39906 (Improper validation of ipynb files in
GitLab CE/EE version 13.5
- gitlab <unfixed>
CVE-2021-39905 (An information disclosure vulnerability in the GitLab CE/EE
API since ...)
- gitlab <unfixed>
-CVE-2021-39904 (An Improper Access Control vulnerability in the GraphQL API in
GitLab ...)
+CVE-2021-39904 (An Improper Access Control vulnerability in the GraphQL API in
all ver ...)
- gitlab <unfixed>
CVE-2021-39903 (In all versions of GitLab CE/EE since version 13.0, a
privileged user, ...)
- gitlab <unfixed>
@@ -46827,7 +46892,7 @@ CVE-2021-39890 (It was possible to bypass 2FA for LDAP
users and access some spe
- gitlab <unfixed>
CVE-2021-39889 (In all versions of GitLab EE since version 14.1, due to an
insecure di ...)
- gitlab <not-affected> (Specific to Enterprise Edition)
-CVE-2021-39888 (In all versions of GitLab EE since version 13.10, a specific
API endpo ...)
+CVE-2021-39888 (In all versions of GitLab EE starting from 13.10 before
14.1.7, all ve ...)
- gitlab <not-affected> (Specific to Enterprise Edition)
CVE-2021-39887 (A stored Cross-Site Scripting vulnerability in the GitLab
Flavored Mar ...)
- gitlab <unfixed>
@@ -63742,24 +63807,24 @@ CVE-2021-33015 (Cscape (All Versions prior to 9.90
SP5) lacks proper validation
NOT-FOR-US: Cscape
CVE-2021-33014
RESERVED
-CVE-2021-33013
- RESERVED
+CVE-2021-33013 (mySCADA myPRO versions prior to 8.20.0 does not restrict
unauthorized ...)
+ TODO: check
CVE-2021-33012 (Rockwell Automation MicroLogix 1100, all versions, allows a
remote, un ...)
NOT-FOR-US: Rockwell
CVE-2021-33011 (All versions of the afffected TOYOPUC-PC10 Series,TOYOPUC-Plus
Series, ...)
NOT-FOR-US: JTEKT Corporation
CVE-2021-33010 (An exception is thrown from a function in AVEVA System
Platform versio ...)
NOT-FOR-US: AVEVA
-CVE-2021-33009
- RESERVED
+CVE-2021-33009 (mySCADA myPRO versions prior to 8.20.0 allows an
unauthenticated remot ...)
+ TODO: check
CVE-2021-33008 (AVEVA System Platform versions 2017 through 2020 R2 P01 does
not perfo ...)
NOT-FOR-US: AVEVA
CVE-2021-33007 (A heap-based buffer overflow in Delta Electronics TPEditor:
v1.98.06 a ...)
NOT-FOR-US: Delta Electronics
CVE-2021-33006
RESERVED
-CVE-2021-33005
- RESERVED
+CVE-2021-33005 (mySCADA myPRO versions prior to 8.20.0 allows an
unauthenticated remot ...)
+ TODO: check
CVE-2021-33004 (The affected product is vulnerable to memory corruption
condition due ...)
NOT-FOR-US: WebAccess HMI Designer
CVE-2021-33003 (Delta Electronics DIAEnergie Version 1.7.5 and prior may allow
an atta ...)
@@ -78183,8 +78248,8 @@ CVE-2021-27507
RESERVED
CVE-2021-27506 (The ClamAV Engine (version 0.103.1 and below) component
embedded in St ...)
NOT-FOR-US: Stormshield Network Security (SNS)
-CVE-2021-27505
- RESERVED
+CVE-2021-27505 (mySCADA myPRO versions prior to 8.20.0 does not restrict
unauthorized ...)
+ TODO: check
CVE-2021-27504
RESERVED
CVE-2021-27503 (Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed
mylife Cloud: ...)
@@ -90806,8 +90871,8 @@ CVE-2021-22277 (Improper Input Validation vulnerability
in ABB 800xA, Control So
NOT-FOR-US: ABB AC 800M
CVE-2021-22276 (The vulnerability allows a successful attacker to bypass the
integrity ...)
NOT-FOR-US: ABB
-CVE-2021-22275
- RESERVED
+CVE-2021-22275 (Buffer Overflow vulnerability in B&R Automation Runtime
webserver ...)
+ TODO: check
CVE-2021-22274
RESERVED
CVE-2021-22273
@@ -120679,8 +120744,8 @@ CVE-2020-22985 (Cross-Site Scripting (XSS)
vulnerability in MicroStrategy Web SD
NOT-FOR-US: Microstrategy Web
CVE-2020-22984 (Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web
SDK 10.1 ...)
NOT-FOR-US: Microstrategy Web
-CVE-2020-22983
- RESERVED
+CVE-2020-22983 (A Server-Side Request Forgery (SSRF) vulnerability exists in
MicroStra ...)
+ TODO: check
CVE-2020-22982
RESERVED
CVE-2020-22981
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64f4e7e313dbe77b0090f36f003bd55234609b84
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64f4e7e313dbe77b0090f36f003bd55234609b84
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
