Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
af978f01 by security tracker role at 2022-05-17T20:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,86 +1,92 @@
-CVE-2022-30972
+CVE-2022-30973
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-30971
+CVE-2022-1770
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-30970
+CVE-2022-1769 (Buffer Over-read in GitHub repository vim/vim prior to 8.2. ...)
+ TODO: check
+CVE-2022-1768
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-30969
+CVE-2022-1767
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-30968
+CVE-2022-1766
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-30967
+CVE-2022-1765
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-30966
+CVE-2022-1764
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-30965
+CVE-2022-1763
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-30964
+CVE-2022-1762
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-30963
+CVE-2022-1761
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-30962
+CVE-2022-1760
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-30961
+CVE-2022-1759
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-30960
+CVE-2022-1758
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-30959
+CVE-2022-1757
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-30958
+CVE-2022-1756
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-30957
+CVE-2022-1755
RESERVED
+CVE-2022-30972 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Storable ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-30956
- RESERVED
+CVE-2022-30971 (Jenkins Storable Configs Plugin 1.0 and earlier does not
configure its ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-30955
- RESERVED
+CVE-2022-30970 (Jenkins Autocomplete Parameter Plugin 1.1 and earlier
references Dropd ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-30954
- RESERVED
+CVE-2022-30969 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Autocompl ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-30953
- RESERVED
+CVE-2022-30968 (Jenkins vboxwrapper Plugin 1.3 and earlier does not escape the
name an ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-30952
- RESERVED
+CVE-2022-30967 (Jenkins Selection tasks Plugin 1.0 and earlier does not escape
the nam ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-30951
- RESERVED
+CVE-2022-30966 (Jenkins Random String Parameter Plugin 1.0 and earlier does
not escape ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-30950
- RESERVED
+CVE-2022-30965 (Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does
not escap ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-30949
- RESERVED
+CVE-2022-30964 (Jenkins Multiselect parameter Plugin 1.3 and earlier does not
escape t ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-30948
- RESERVED
+CVE-2022-30963 (Jenkins JDK Parameter Plugin 1.0 and earlier does not escape
the name ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-30947
- RESERVED
+CVE-2022-30962 (Jenkins Global Variable String Parameter Plugin 1.2 and
earlier does n ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-30946
- RESERVED
+CVE-2022-30961 (Jenkins Autocomplete Parameter Plugin 1.1 and earlier does not
escape ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-30945
- RESERVED
+CVE-2022-30960 (Jenkins Application Detector Plugin 1.0.8 and earlier does not
escape ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-30959 (A missing permission check in Jenkins SSH Plugin 2.6.1 and
earlier all ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-30958 (A cross-site request forgery (CSRF) vulnerability in Jenkins
SSH Plugi ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-30957 (A missing permission check in Jenkins SSH Plugin 2.6.1 and
earlier all ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-30956 (Jenkins Rundeck Plugin 3.6.10 and earlier does not restrict
URL scheme ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-30955 (Jenkins GitLab Plugin 1.5.31 and earlier does not perform a
permission ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-30954 (Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform
a permis ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-30953 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Blue Ocea ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-30952 (Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and
earlier allo ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-30951 (Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the
Windows ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-30950 (Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the
Windows ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-30949 (Jenkins REPO Plugin 1.14.0 and earlier allows attackers able
to config ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-30948 (Jenkins Mercurial Plugin 2.16 and earlier allows attackers
able to con ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-30947 (Jenkins Git Plugin 4.11.1 and earlier allows attackers able to
configu ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-30946 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Script Se ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-30945 (Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and
earlier allow ...)
NOT-FOR-US: Jenkins plugin
CVE-2022-1754
RESERVED
@@ -118,8 +124,8 @@ CVE-2022-1738
RESERVED
CVE-2022-1737
RESERVED
-CVE-2013-10001
- RESERVED
+CVE-2013-10001 (A vulnerability was found in HTC One/Sense 4.x. It has been
rated as p ...)
+ TODO: check
CVE-2022-30942
RESERVED
CVE-2022-30941
@@ -248,15 +254,15 @@ CVE-2022-1736
NOTE: default (https://wiki.ubuntu.com/Security/Features#ports) and the
fact that the user
NOTE: service was enabled by default (and not automatically enabled
anymore since 42.1.1-2)
TODO: check, if we want to threat this as unimportant severity issue
-CVE-2022-1735
- RESERVED
+CVE-2022-1735 (Classic Buffer Overflow in GitHub repository vim/vim prior to
8.2. ...)
+ TODO: check
CVE-2022-1734
RESERVED
- linux <unfixed> (unimportant)
NOTE:
https://git.kernel.org/linus/d270453a0d9ec10bb8a802a142fb1b3601a83098 (5.18-rc6)
NOTE: Support for Marvell NFC devices (CONFIG_NFC_MRVL) not enabled
-CVE-2022-1733
- RESERVED
+CVE-2022-1733 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 8.2. ...)
+ TODO: check
CVE-2022-1732
RESERVED
CVE-2022-1731 (Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is
vulnerable to ...)
@@ -278,8 +284,8 @@ CVE-2022-1725 (NULL Pointer Dereference in GitHub
repository vim/vim prior to 8.
NOTE: Negligible security impact; crash in CLI tool
CVE-2022-1724
RESERVED
-CVE-2022-1723
- RESERVED
+CVE-2022-1723 (Server-Side Request Forgery (SSRF) in GitHub repository
jgraph/drawio ...)
+ TODO: check
CVE-2022-1722 (SSRF in editor's proxy via IPv6 link-local address in GitHub
repositor ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-1721 (Path Traversal in WellKnownServlet in GitHub repository
jgraph/drawio ...)
@@ -700,8 +706,8 @@ CVE-2022-1713 (SSRF on /proxy in GitHub repository
jgraph/drawio prior to 18.0.4
NOT-FOR-US: jgraph/drawio
CVE-2022-1712
RESERVED
-CVE-2022-1711
- RESERVED
+CVE-2022-1711 (Server-Side Request Forgery (SSRF) in GitHub repository
jgraph/drawio ...)
+ TODO: check
CVE-2022-1710
RESERVED
CVE-2022-1709
@@ -710,8 +716,7 @@ CVE-2022-1708
RESERVED
CVE-2022-1707
RESERVED
-CVE-2022-1706
- RESERVED
+CVE-2022-1706 (A vulnerability was found in Ignition where ignition configs
are acces ...)
- ignition <unfixed>
NOTE: https://github.com/coreos/ignition/issues/1300
NOTE: https://github.com/coreos/ignition/pull/1350
@@ -727,10 +732,10 @@ CVE-2021-44467
RESERVED
CVE-2021-4228
RESERVED
-CVE-2022-30689
- RESERVED
-CVE-2022-30688 [local privilege escalation]
- RESERVED
+CVE-2022-30689 (HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did
not cor ...)
+ TODO: check
+CVE-2022-30688 (needrestart 0.8 through 3.5 before 3.6 is prone to local
privilege esc ...)
+ {DSA-5137-1}
- needrestart 3.6-1 (bug #1011154)
NOTE:
https://github.com/liske/needrestart/commit/e6e58136e1e3c92296e2e810cb8372a5fe0dbd30
(v3.6)
NOTE: https://www.openwall.com/lists/oss-security/2022/05/17/9
@@ -2415,8 +2420,8 @@ CVE-2022-30112
RESERVED
CVE-2022-30111
RESERVED
-CVE-2022-30110
- RESERVED
+CVE-2022-30110 (The file preview functionality in Jirafeau < 4.4.0, which
is enable ...)
+ TODO: check
CVE-2022-30109
RESERVED
CVE-2022-30108
@@ -2489,10 +2494,10 @@ CVE-2022-30075
RESERVED
CVE-2022-30074
RESERVED
-CVE-2022-30073
- RESERVED
-CVE-2022-30072
- RESERVED
+CVE-2022-30073 (WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via
/admin/ ...)
+ TODO: check
+CVE-2022-30072 (WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via
\admin\ ...)
+ TODO: check
CVE-2022-30071
RESERVED
CVE-2022-30070
@@ -2501,8 +2506,8 @@ CVE-2022-30069
RESERVED
CVE-2022-30068
RESERVED
-CVE-2022-30067
- RESERVED
+CVE-2022-30067 (GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow.
Through a ...)
+ TODO: check
CVE-2022-30066
RESERVED
CVE-2022-30065
@@ -2621,8 +2626,8 @@ CVE-2022-30009
RESERVED
CVE-2022-30008
RESERVED
-CVE-2022-30007
- RESERVED
+CVE-2022-30007 (GXCMS V1.5 has a file upload vulnerability in the background.
The vuln ...)
+ TODO: check
CVE-2022-30006
RESERVED
CVE-2022-30005
@@ -3930,8 +3935,8 @@ CVE-2022-29584 (Mahara before 20.10.5, 21.04.4, 21.10.2,
and 22.04.0 allows stor
CVE-2022-29583 (service_windows.go in the kardianos service package for Go
omits quoti ...)
- golang-github-kardianos-service <not-affected> (Windows-specific
issue)
NOTE: https://github.com/kardianos/service/pull/290
-CVE-2022-29581
- RESERVED
+CVE-2022-29581 (Improper Update of Reference Count vulnerability in net/sched
of Linux ...)
+ TODO: check
CVE-2022-29580
RESERVED
CVE-2022-29579
@@ -4407,8 +4412,8 @@ CVE-2022-29431
RESERVED
CVE-2022-29430
RESERVED
-CVE-2022-29429
- RESERVED
+CVE-2022-29429 (Remote Code Execution (RCE) in Alexander Stokmann's Code
Snippets Exte ...)
+ TODO: check
CVE-2022-29428
RESERVED
CVE-2022-29427
@@ -4636,8 +4641,8 @@ CVE-2022-29334
RESERVED
CVE-2022-29333
RESERVED
-CVE-2022-29332
- RESERVED
+CVE-2022-29332 (D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal.
An atta ...)
+ TODO: check
CVE-2022-29331
RESERVED
CVE-2022-29330
@@ -5549,7 +5554,7 @@ CVE-2022-1294
CVE-2022-1293
RESERVED
CVE-2022-1292 (The c_rehash script does not properly sanitise shell
metacharacters to ...)
- {DLA-3008-1}
+ {DSA-5139-1 DLA-3008-1}
- openssl 1.1.1o-1
NOTE: https://www.openssl.org/news/secadv/20220503.txt
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2
(openssl-3.0.3)
@@ -8242,8 +8247,8 @@ CVE-2022-1118
CVE-2022-1117
RESERVED
NOT-FOR-US: fapolicyd
-CVE-2022-1116
- RESERVED
+CVE-2022-1116 (Integer Overflow or Wraparound vulnerability in io_uring of
Linux Kern ...)
+ TODO: check
CVE-2022-1115
RESERVED
- imagemagick <unfixed>
@@ -12279,8 +12284,8 @@ CVE-2022-25943 (The installer of WPS Office for Windows
versions prior to v11.2.
NOT-FOR-US: WPS Office for Windows
CVE-2022-0880 (Cross-site Scripting (XSS) - Stored in GitHub repository
star7th/showd ...)
NOT-FOR-US: ShowDoc
-CVE-2022-26650
- RESERVED
+CVE-2022-26650 (In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java
uses Pat ...)
+ TODO: check
CVE-2022-26649
RESERVED
CVE-2022-26648
@@ -17188,8 +17193,8 @@ CVE-2022-24891 (ESAPI (The OWASP Enterprise Security
API) is a free, open source
NOTE:
https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-q77q-vx4q-xx6q
NOTE:
https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin8.pdf
NOTE:
https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.3.0.0-release-notes.txt
-CVE-2022-24890
- RESERVED
+CVE-2022-24890 (Nextcloud Talk is a video and audio conferencing app for
Nextcloud. In ...)
+ TODO: check
CVE-2022-24889 (Nextcloud Server is the file server software for Nextcloud, a
self-hos ...)
- nextcloud-server <itp> (bug #941708)
CVE-2022-24888 (Nextcloud Server is the file server software for Nextcloud, a
self-hos ...)
@@ -17273,8 +17278,8 @@ CVE-2022-24858 (next-auth v3 users before version
3.29.2 are impacted. next-auth
NOT-FOR-US: NextAuth.js
CVE-2022-24857 (django-mfa3 is a library that implements multi factor
authentication f ...)
NOT-FOR-US: django-mfa3
-CVE-2022-24856
- RESERVED
+CVE-2022-24856 (FlyteConsole is the web user interface for the Flyte platform.
FlyteCo ...)
+ TODO: check
CVE-2022-24855 (Metabase is an open source business intelligence and analytics
applica ...)
NOT-FOR-US: Metabase
CVE-2022-24854 (Metabase is an open source business intelligence and analytics
applica ...)
@@ -17568,7 +17573,7 @@ CVE-2022-24763 (PJSIP is a free and open source
multimedia communication library
CVE-2022-24762 (sysend.js is a library that allows a user to send messages
between pag ...)
NOT-FOR-US: sysend.js
CVE-2022-24761 (Waitress is a Web Server Gateway Interface server for Python 2
and 3. ...)
- {DLA-3000-1}
+ {DSA-5138-1 DLA-3000-1}
- waitress 2.1.1-1 (bug #1008013)
NOTE:
https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36
NOTE:
https://github.com/Pylons/waitress/commit/9e0b8c801e4d505c2ffc91b891af4ba48af715e0
(v2.1.1)
@@ -18156,8 +18161,8 @@ CVE-2022-24613 (metadata-extractor up to 2.16.0 can
throw various uncaught excep
NOTE: https://github.com/drewnoakes/metadata-extractor/issues/561
CVE-2022-24612 (An authenticated user can upload an XML file containing an XSS
via the ...)
NOT-FOR-US: EyesOfNetwork (EON) eonweb
-CVE-2022-24611
- RESERVED
+CVE-2022-24611 (Denial of Service (DoS) in the Z-Wave S0 NonceGet protocol
specificati ...)
+ TODO: check
CVE-2022-24610 (Settings/network settings/wireless settings on the Alecto
DVC-215IP ca ...)
NOT-FOR-US: Alecto
CVE-2022-24609 (Luocms v2.0 is affected by an incorrect access control
vulnerability. ...)
@@ -19765,8 +19770,8 @@ CVE-2022-24110 (Kiteworks MFT 7.5 may allow an
unauthorized user to reset other
NOT-FOR-US: Kiteworks managed file transfer
CVE-2022-24109
RESERVED
-CVE-2022-24108
- RESERVED
+CVE-2022-24108 (The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows
a remot ...)
+ TODO: check
CVE-2022-24107
RESERVED
CVE-2022-24106
@@ -21609,20 +21614,20 @@ CVE-2022-23677 (A remote execution of arbitrary code
vulnerability was discovere
NOT-FOR-US: Aruba
CVE-2022-23676 (A remote execution of arbitrary code vulnerability was
discovered in A ...)
NOT-FOR-US: Aruba
-CVE-2022-23675
- RESERVED
-CVE-2022-23674
- RESERVED
-CVE-2022-23673
- RESERVED
-CVE-2022-23672
- RESERVED
-CVE-2022-23671
- RESERVED
+CVE-2022-23675 (A remote authenticated stored cross-site scripting (xss)
vulnerability ...)
+ TODO: check
+CVE-2022-23674 (A remote authenticated stored cross-site scripting (xss)
vulnerability ...)
+ TODO: check
+CVE-2022-23673 (A authenticated remote command injection vulnerability was
discovered ...)
+ TODO: check
+CVE-2022-23672 (A authenticated remote command injection vulnerability was
discovered ...)
+ TODO: check
+CVE-2022-23671 (A remote authenticated information disclosure vulnerability
was discov ...)
+ TODO: check
CVE-2022-23670 (A remote authenticated information disclosure vulnerability
was discov ...)
TODO: check
-CVE-2022-23669
- RESERVED
+CVE-2022-23669 (A remote authorization bypass vulnerability was discovered in
Aruba Cl ...)
+ TODO: check
CVE-2022-23668 (A remote authenticated server-side request forgery (ssrf)
vulnerabilit ...)
TODO: check
CVE-2022-23667 (A authenticated remote command injection vulnerability was
discovered ...)
@@ -24817,12 +24822,12 @@ CVE-2022-22777
RESERVED
CVE-2022-22776
RESERVED
-CVE-2022-22775
- RESERVED
+CVE-2022-22775 (The Workspace client component of TIBCO Software Inc.'s TIBCO
BPM Ente ...)
+ TODO: check
CVE-2022-22774 (The DOM XML parser and SAX XML parser components of TIBCO
Software Inc ...)
NOT-FOR-US: TIBCO
-CVE-2022-22773
- RESERVED
+CVE-2022-22773 (The REST API component of TIBCO Software Inc.'s TIBCO
JasperReports Se ...)
+ TODO: check
CVE-2022-22772 (The cfsend, cfrecv, and CyberResp components of TIBCO Software
Inc.'s ...)
NOT-FOR-US: TIBCO Managed File Transfer Platform
CVE-2022-22771 (The Server component of TIBCO Software Inc.'s TIBCO
JasperReports Libr ...)
@@ -25939,12 +25944,12 @@ CVE-2022-22486
RESERVED
CVE-2022-22485
RESERVED
-CVE-2022-22484
- RESERVED
+CVE-2022-22484 (IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could
allow a ...)
+ TODO: check
CVE-2022-22483
RESERVED
-CVE-2022-22482
- RESERVED
+CVE-2022-22482 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through
6.0.3.5 a ...)
+ TODO: check
CVE-2022-22481 (IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could
allow a ...)
NOT-FOR-US: IBM
CVE-2022-22480
@@ -25957,8 +25962,8 @@ CVE-2022-22477
RESERVED
CVE-2022-22476
RESERVED
-CVE-2022-22475
- RESERVED
+CVE-2022-22475 (IBM WebSphere Application Server Liberty 17.0.0.3 through
22.0.0.5 and ...)
+ TODO: check
CVE-2022-22474
RESERVED
CVE-2022-22473
@@ -38798,8 +38803,8 @@ CVE-2021-42945 (A SQL Injection vulnerability exists in
ZZCMS 2021 via the askbi
NOT-FOR-US: ZZCMS
CVE-2021-42944
RESERVED
-CVE-2021-42943
- RESERVED
+CVE-2021-42943 (Stored cross-site scripting (XSS) in admin/usermanager.php
over IPPlan ...)
+ TODO: check
CVE-2021-42942
RESERVED
CVE-2021-42941
@@ -39533,10 +39538,10 @@ CVE-2021-42646 (XML External Entity (XXE)
vulnerability in the file based servic
NOT-FOR-US: carbon-identity-framework
CVE-2021-42645 (CMSimple_XH 1.7.4 is affected by a remote code execution (RCE)
vulnera ...)
NOT-FOR-US: CMSimple
-CVE-2021-42644
- RESERVED
-CVE-2021-42643
- RESERVED
+CVE-2021-42644 (cmseasy V7.7.5_20211012 is affected by an arbitrary file read
vulnerab ...)
+ TODO: check
+CVE-2021-42643 (cmseasy V7.7.5_20211012 is affected by an arbitrary file write
vulnera ...)
+ TODO: check
CVE-2021-42642 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are
vulnerable ...)
NOT-FOR-US: PrinterLogic Web Stack
CVE-2021-42641 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are
vulnerable ...)
@@ -50156,8 +50161,8 @@ CVE-2021-38874 (IBM QRadar SIEM 7.3, 7.4, and 7.5
allows for users to access inf
NOT-FOR-US: IBM
CVE-2021-38873 (IBM Planning Analytics 2.0 is potentially vulnerable to CSV
Injection. ...)
NOT-FOR-US: IBM
-CVE-2021-38872
- RESERVED
+CVE-2021-38872 (IBM DataPower Gateway 10.0.2.0, 10.0.3.0, 10.0.1.0 through
10.0.1.4, a ...)
+ TODO: check
CVE-2021-38871
RESERVED
CVE-2021-38870 (IBM Aspera Cloud is vulnerable to stored cross-site scripting.
This vu ...)
@@ -73473,8 +73478,8 @@ CVE-2021-29728 (IBM Sterling Secure Proxy 6.0.1, 6.0.2,
2.4.3.2, and 3.4.3.2 con
NOT-FOR-US: IBM
CVE-2021-29727 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to
exploit a v ...)
NOT-FOR-US: IBM
-CVE-2021-29726
- RESERVED
+CVE-2021-29726 (IBM Sterling Secure Proxy 6.0.3 and IBM Secure External
Authentication ...)
+ TODO: check
CVE-2021-29725 (IBM Secure External Authentication Server 2.4.3.2, 6.0.1,
6.0.2 and IB ...)
NOT-FOR-US: IBM
CVE-2021-29724
@@ -167320,8 +167325,8 @@ CVE-2020-4996 (IBM Security Identity Governance and
Intelligence 5.2.6 could all
NOT-FOR-US: IBM
CVE-2020-4995 (IBM Security Identity Governance and Intelligence 5.2.6 does
not inval ...)
NOT-FOR-US: IBM
-CVE-2020-4994
- RESERVED
+CVE-2020-4994 (IBM DataPower Gateway 10.0.1.0 through 10.0.1.4 and 2018.4.1.0
through ...)
+ TODO: check
CVE-2020-4993 (IBM QRadar SIEM 7.3 and 7.4 when decompressing or verifying
signature ...)
NOT-FOR-US: IBM
CVE-2020-4992 (IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.16 is
vulnerable to ...)
@@ -167394,8 +167399,8 @@ CVE-2020-4959
RESERVED
CVE-2020-4958 (IBM Security Identity Governance and Intelligence 5.2.6 does
not perfo ...)
NOT-FOR-US: IBM
-CVE-2020-4957
- RESERVED
+CVE-2020-4957 (IBM Security Identity Governance and Intelligence 5.2.6 could
disclose ...)
+ TODO: check
CVE-2020-4956 (IBM Spectrum Protect Operations Center 7.1 and 8.1 is
vulnerable to a ...)
NOT-FOR-US: IBM
CVE-2020-4955 (IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a
remote ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af978f01e072adf6746909bbafb7bc93d29d1463
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af978f01e072adf6746909bbafb7bc93d29d1463
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
