Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6a3e1470 by security tracker role at 2022-11-01T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2022-44563
+ RESERVED
+CVE-2022-44562
+ RESERVED
+CVE-2022-44561
+ RESERVED
+CVE-2022-44560
+ RESERVED
+CVE-2022-44559
+ RESERVED
+CVE-2022-44558
+ RESERVED
+CVE-2022-44557
+ RESERVED
+CVE-2022-44556
+ RESERVED
+CVE-2022-44555
+ RESERVED
+CVE-2022-44554
+ RESERVED
+CVE-2022-44553
+ RESERVED
+CVE-2022-44552
+ RESERVED
+CVE-2022-44551
+ RESERVED
+CVE-2022-44550
+ RESERVED
+CVE-2022-44549
+ RESERVED
+CVE-2022-44548
+ RESERVED
+CVE-2022-44547
+ RESERVED
+CVE-2022-44546
+ RESERVED
+CVE-2022-44545
+ RESERVED
+CVE-2022-44544
+ RESERVED
+CVE-2022-44543
+ RESERVED
+CVE-2022-44542 (lesspipe before 2.06 allows attackers to execute code via Perl
Storabl ...)
+ TODO: check
+CVE-2022-44541
+ RESERVED
+CVE-2022-44540
+ RESERVED
+CVE-2022-44539
+ RESERVED
+CVE-2022-44538
+ RESERVED
+CVE-2022-44537
+ RESERVED
+CVE-2022-44536
+ RESERVED
+CVE-2022-44535
+ RESERVED
+CVE-2022-44534
+ RESERVED
+CVE-2022-44533
+ RESERVED
+CVE-2022-44532
+ RESERVED
+CVE-2022-3785 (A vulnerability, which was classified as critical, has been
found in A ...)
+ TODO: check
+CVE-2022-3784 (A vulnerability classified as critical was found in Axiomatic
Bento4 5 ...)
+ TODO: check
+CVE-2022-3783 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2022-3782
+ RESERVED
+CVE-2022-3781
+ RESERVED
+CVE-2021-46852
+ RESERVED
+CVE-2021-46851
+ RESERVED
CVE-2022-44531
RESERVED
CVE-2022-44530
@@ -3504,8 +3582,8 @@ CVE-2022-43754
RESERVED
CVE-2022-43753
RESERVED
-CVE-2022-43752
- RESERVED
+CVE-2022-43752 (** UNSUPPORTED WHEN ASSIGNED ** Oracle Solaris version 10
1/13, when u ...)
+ TODO: check
CVE-2022-43751
RESERVED
CVE-2022-43750 (drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before
5.19.15 ...)
@@ -4687,12 +4765,12 @@ CVE-2022-43357
RESERVED
CVE-2022-43356
RESERVED
-CVE-2022-43355
- RESERVED
-CVE-2022-43354
- RESERVED
-CVE-2022-43353
- RESERVED
+CVE-2022-43355 (Sanitization Management System v1.0 was discovered to contain
a SQL in ...)
+ TODO: check
+CVE-2022-43354 (Sanitization Management System v1.0 was discovered to contain
a SQL in ...)
+ TODO: check
+CVE-2022-43353 (Sanitization Management System v1.0 was discovered to contain
a SQL in ...)
+ TODO: check
CVE-2022-43352
RESERVED
CVE-2022-43351
@@ -5764,12 +5842,12 @@ CVE-2022-42927
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-46/#CVE-2022-42927
CVE-2022-42926
RESERVED
-CVE-2022-42925
- RESERVED
-CVE-2022-42924
- RESERVED
-CVE-2022-42923
- RESERVED
+CVE-2022-42925 (There is a vulnerability on Forma LMS version 3.1.0 and
earlier that c ...)
+ TODO: check
+CVE-2022-42924 (Forma LMS on its 3.1.0 version and earlier is vulnerable to a
SQL inje ...)
+ TODO: check
+CVE-2022-42923 (Forma LMS on its 3.1.0 version and earlier is vulnerable to a
SQL inje ...)
+ TODO: check
CVE-2022-42922
RESERVED
CVE-2022-42921
@@ -5868,8 +5946,8 @@ CVE-2022-42909
RESERVED
CVE-2022-42908
RESERVED
-CVE-2022-3499
- RESERVED
+CVE-2022-3499 (An authenticated attacker could utilize the identical agent and
cluste ...)
+ TODO: check
CVE-2022-3498
RESERVED
CVE-2022-3497 (A vulnerability was found in SourceCodester Human Resource
Management ...)
@@ -8346,8 +8424,7 @@ CVE-2022-3375
RESERVED
CVE-2022-3374 (The Ocean Extra WordPress plugin before 2.0.5 unserialises the
content ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3373
- RESERVED
+CVE-2022-3373 (Out of bounds write in V8 in Google Chrome prior to
106.0.5249.91 allo ...)
{DSA-5245-1}
- chromium 106.0.5249.91-1
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -8355,8 +8432,7 @@ CVE-2022-3372
RESERVED
CVE-2022-3371 (Allocation of Resources Without Limits or Throttling in GitHub
reposit ...)
- rdiffweb <itp> (bug #969974)
-CVE-2022-3370
- RESERVED
+CVE-2022-3370 (Use after free in Custom Elements in Google Chrome prior to
106.0.5249 ...)
{DSA-5245-1}
- chromium 106.0.5249.91-1
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -8465,28 +8541,28 @@ CVE-2022-41810
RESERVED
CVE-2022-41809
RESERVED
-CVE-2022-41779
- RESERVED
+CVE-2022-41779 (Delta Electronics InfraSuite Device Master versions 00.00.01a
and prio ...)
+ TODO: check
CVE-2022-41778
RESERVED
-CVE-2022-41776
- RESERVED
+CVE-2022-41776 (Delta Electronics InfraSuite Device Master versions 00.00.01a
and prio ...)
+ TODO: check
CVE-2022-41773 (The affected product DIAEnergie (versions prior to
v1.9.01.002) is vul ...)
NOT-FOR-US: DIAEnergie
-CVE-2022-41772
- RESERVED
+CVE-2022-41772 (Delta Electronics InfraSuite Device Master Versions 00.00.01a
and prio ...)
+ TODO: check
CVE-2022-41702 (The affected product DIAEnergie (versions prior to
v1.9.01.002) is vul ...)
NOT-FOR-US: DIAEnergie
CVE-2022-41701 (The affected product DIAEnergie (versions prior to
v1.9.01.002) is vul ...)
NOT-FOR-US: DIAEnergie
CVE-2022-41697
RESERVED
-CVE-2022-41688
- RESERVED
+CVE-2022-41688 (Delta Electronics InfraSuite Device Master versions 00.00.01a
and prio ...)
+ TODO: check
CVE-2022-41683
RESERVED
-CVE-2022-41657
- RESERVED
+CVE-2022-41657 (Delta Electronics InfraSuite Device Master Versions 00.00.01a
and prio ...)
+ TODO: check
CVE-2022-41654
RESERVED
CVE-2022-41653
@@ -8495,12 +8571,12 @@ CVE-2022-41651 (The affected product DIAEnergie
(versions prior to v1.9.01.002)
NOT-FOR-US: DIAEnergie
CVE-2022-41648 (The HEIDENHAIN Controller TNC 640, version 340590 07 SP5,
running HERO ...)
NOT-FOR-US: HEIDENHAIN Controller TNC 640
-CVE-2022-41644
- RESERVED
+CVE-2022-41644 (Delta Electronics InfraSuite Device Master versions 00.00.01a
and prio ...)
+ TODO: check
CVE-2022-41636 (Communication traffic involving "Ethernet Q Commands" service
of Haas ...)
NOT-FOR-US: Haas Controller
-CVE-2022-41629
- RESERVED
+CVE-2022-41629 (Delta Electronics InfraSuite Device Master versions 00.00.01a
and prio ...)
+ TODO: check
CVE-2022-41627 (The physical IoT device of the AliveCor's KardiaMobile, a
smartphone-b ...)
TODO: check
CVE-2022-41613
@@ -8521,12 +8597,12 @@ CVE-2022-40703 (CWE-302 Authentication Bypass by
Assumed-Immutable Data in Alive
NOT-FOR-US: AliveCor Kardia App
CVE-2022-40204
RESERVED
-CVE-2022-40202
- RESERVED
+CVE-2022-40202 (The database backup function in Delta Electronics InfraSuite
Device Ma ...)
+ TODO: check
CVE-2022-40201
RESERVED
-CVE-2022-40190
- RESERVED
+CVE-2022-40190 (SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable
to reflec ...)
+ TODO: check
CVE-2022-38355
RESERVED
CVE-2022-38142 (Delta Electronics InfraSuite Device Master versions 00.00.01a
and prio ...)
@@ -8734,12 +8810,12 @@ CVE-2022-41689
RESERVED
CVE-2022-41682
RESERVED
-CVE-2022-41681
- RESERVED
-CVE-2022-41680
- RESERVED
-CVE-2022-41679
- RESERVED
+CVE-2022-41681 (There is a vulnerability on Forma LMS version 3.1.0 and
earlier that c ...)
+ TODO: check
+CVE-2022-41680 (Forma LMS on its 3.1.0 version and earlier is vulnerable to a
SQL inje ...)
+ TODO: check
+CVE-2022-41679 (Forma LMS version 3.1.0 and earlier are affected by an
Cross-Site scri ...)
+ TODO: check
CVE-2022-41678
RESERVED
CVE-2022-41677
@@ -9043,8 +9119,8 @@ CVE-2021-46840 (The HW_KEYMASTER module has an
out-of-bounds access vulnerabilit
NOT-FOR-US: Huawei
CVE-2021-46839 (The HW_KEYMASTER module has a vulnerability of missing bounds
check on ...)
NOT-FOR-US: Huawei
-CVE-2020-36605
- RESERVED
+CVE-2020-36605 (Incorrect Default Permissions vulnerability in Hitachi
Infrastructure ...)
+ TODO: check
CVE-2022-41568
RESERVED
CVE-2022-41567
@@ -9205,10 +9281,10 @@ CVE-2022-3301 (Improper Cleanup on Thrown Exception in
GitHub repository ikus060
- rdiffweb <itp> (bug #969974)
CVE-2022-3300 (The Form Maker by 10Web WordPress plugin before 1.15.6 does not
proper ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-41553
- RESERVED
-CVE-2022-41552
- RESERVED
+CVE-2022-41553 (Insertion of Sensitive Information into Temporary File
vulnerability i ...)
+ TODO: check
+CVE-2022-41552 (Server-Side Request Forgery (SSRF) vulnerability in Hitachi
Infrastruc ...)
+ TODO: check
CVE-2022-41551
RESERVED
CVE-2022-41550 (GNU oSIP v5.3.0 was discovered to contain an integer overflow
via the ...)
@@ -11508,8 +11584,8 @@ CVE-2022-40607
RESERVED
CVE-2022-3192
RESERVED
-CVE-2022-3191
- RESERVED
+CVE-2022-3191 (Insertion of Sensitive Information into Log File vulnerability
in Hita ...)
+ TODO: check
CVE-2022-3190 (Infinite loop in the F5 Ethernet Trailer protocol dissector in
Wiresha ...)
- wireshark 3.6.8-1
[bullseye] - wireshark <no-dsa> (Minor issue)
@@ -12210,26 +12286,26 @@ CVE-2022-40298 (Crestron AirMedia for Windows before
5.5.1.84 has insecure inher
NOT-FOR-US: Crestron
CVE-2022-40297 (** DISPUTED ** UBports Ubuntu Touch 16.04 allows the
screen-unlock pas ...)
NOT-FOR-US: UBports Ubuntu Touch
-CVE-2022-40296
- RESERVED
-CVE-2022-40295
- RESERVED
-CVE-2022-40294
- RESERVED
-CVE-2022-40293
- RESERVED
-CVE-2022-40292
- RESERVED
-CVE-2022-40291
- RESERVED
-CVE-2022-40290
- RESERVED
-CVE-2022-40289
- RESERVED
-CVE-2022-40288
- RESERVED
-CVE-2022-40287
- RESERVED
+CVE-2022-40296 (The application was vulnerable to a Server-Side Request
Forgery attack ...)
+ TODO: check
+CVE-2022-40295 (The application was vulnerable to an authenticated information
disclos ...)
+ TODO: check
+CVE-2022-40294 (The application was identified to have an CSV injection in
data export ...)
+ TODO: check
+CVE-2022-40293 (The application was vulnerable to a session fixation that
could be use ...)
+ TODO: check
+CVE-2022-40292 (The application allowed for Unauthenticated User Enumeration
by intera ...)
+ TODO: check
+CVE-2022-40291 (The application was vulnerable to Cross-Site Request Forgery
(CSRF) at ...)
+ TODO: check
+CVE-2022-40290 (The application was vulnerable to an unauthenticated Reflected
Cross-S ...)
+ TODO: check
+CVE-2022-40289 (The application was vulnerable to an authenticated Stored
Cross-Site S ...)
+ TODO: check
+CVE-2022-40288 (The application was vulnerable to an authenticated Stored
Cross-Site S ...)
+ TODO: check
+CVE-2022-40287 (The application was found to be vulnerable to an authenticated
Stored ...)
+ TODO: check
CVE-2022-40286
RESERVED
CVE-2022-40285
@@ -15244,24 +15320,24 @@ CVE-2022-39022 (U-Office Force Download function has
a path traversal vulnerabil
NOT-FOR-US: U-Office Force
CVE-2022-39021 (U-Office Force login function has an Open Redirect
vulnerability. An u ...)
NOT-FOR-US: U-Office Force
-CVE-2022-39020
- RESERVED
-CVE-2022-39019
- RESERVED
-CVE-2022-39018
- RESERVED
-CVE-2022-39017
- RESERVED
-CVE-2022-39016
- RESERVED
+CVE-2022-39020 (Multiple instances of XSS (stored and reflected) was found in
the appl ...)
+ TODO: check
+CVE-2022-39019 (Broken access controls on PDFtron WebviewerUI in M-Files
Hubshare befo ...)
+ TODO: check
+CVE-2022-39018 (Broken access controls on PDFtron data in M-Files Hubshare
before 3.3. ...)
+ TODO: check
+CVE-2022-39017 (Improper input validation and output encoding in all comments
fields, ...)
+ TODO: check
+CVE-2022-39016 (Javascript injection in PDFtron in M-Files Hubshare before
3.3.10.9 al ...)
+ TODO: check
CVE-2022-38400 (Mailform Pro CGI 4.3.1 and earlier allow a remote
unauthenticated atta ...)
NOT-FOR-US: Mailform Pro CGI
CVE-2022-33941 (PowerCMS XMLRPC API provided by Alfasado Inc. contains a
command injec ...)
NOT-FOR-US: PowerCMS
CVE-2022-3060 (Improper control of a resource identifier in Error Tracking in
GitLab ...)
- gitlab <unfixed>
-CVE-2022-3059
- RESERVED
+CVE-2022-3059 (The application was vulnerable to multiple instances of SQL
injection ...)
+ TODO: check
CVE-2022-3058 (Use after free in Sign-In Flow in Google Chrome prior to
105.0.5195.52 ...)
{DSA-5223-1}
- chromium 105.0.5195.52-1
@@ -19616,7 +19692,7 @@ CVE-2022-37456
CVE-2022-37455
RESERVED
CVE-2022-37454 (The Keccak XKCP SHA-3 reference implementation before fdc6fef
has an i ...)
- {DSA-5267-1 DLA-3174-1}
+ {DSA-5267-1 DLA-3175-1 DLA-3174-1}
- php8.1 8.1.12-1
- php7.4 <removed>
- php7.3 <removed>
@@ -21017,8 +21093,8 @@ CVE-2022-37015
RESERVED
CVE-2022-37014
RESERVED
-CVE-2022-2572
- RESERVED
+CVE-2022-2572 (In affected versions of Octopus Server where access is managed
by an e ...)
+ TODO: check
CVE-2022-2571 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 9.0.0 ...)
- vim 2:9.0.0135-1
NOTE: https://huntr.dev/bounties/2e5a1dc4-2dfb-4e5f-8c70-e1ede21f3571/
@@ -35236,12 +35312,12 @@ CVE-2022-31694
RESERVED
CVE-2022-31693
RESERVED
-CVE-2022-31692
- RESERVED
+CVE-2022-31692 (Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to
5.6.9 co ...)
+ TODO: check
CVE-2022-31691
RESERVED
-CVE-2022-31690
- RESERVED
+CVE-2022-31690 (Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to
5.6.9, ...)
+ TODO: check
CVE-2022-31689
RESERVED
CVE-2022-31688
@@ -43926,8 +44002,8 @@ CVE-2022-28765
RESERVED
CVE-2022-28764
RESERVED
-CVE-2022-28763
- RESERVED
+CVE-2022-28763 (The Zoom Client for Meetings (for Android, iOS, Linux, macOS,
and Wind ...)
+ TODO: check
CVE-2022-28762 (Zoom Client for Meetings for macOS (Standard and for IT Admin)
startin ...)
NOT-FOR-US: Zoom
CVE-2022-28761 (Zoom On-Premise Meeting Connector MMR before version
4.8.20220916.131 ...)
@@ -47521,8 +47597,8 @@ CVE-2022-27585
RESERVED
CVE-2022-27584
RESERVED
-CVE-2022-27583
- RESERVED
+CVE-2022-27583 (A remote unprivileged attacker can interact with the
configuration int ...)
+ TODO: check
CVE-2022-27582
RESERVED
CVE-2022-27581
@@ -52142,8 +52218,8 @@ CVE-2022-25894
RESERVED
CVE-2022-25893
RESERVED
-CVE-2022-25892
- RESERVED
+CVE-2022-25892 (The package muhammara before 2.6.1, from 3.1.0 and before
3.1.1; all v ...)
+ TODO: check
CVE-2022-25891 (The package github.com/containrrr/shoutrrr/pkg/util before
0.6.0 are v ...)
NOT-FOR-US: github.com/containrrr/shoutrrr/pkg/util
CVE-2022-25890
@@ -52157,8 +52233,8 @@ CVE-2022-25887 (The package sanitize-html before 2.7.1
are vulnerable to Regular
NOTE: https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-2957526
CVE-2022-25886
RESERVED
-CVE-2022-25885
- RESERVED
+CVE-2022-25885 (The package muhammara before 2.6.0; all versions of package
hummus are ...)
+ TODO: check
CVE-2022-25884
RESERVED
CVE-2022-25883
@@ -53352,19 +53428,19 @@ CVE-2022-25518 (In CMDBuild from version 3.0 to 3.3.2
payload requests are saved
NOT-FOR-US: CMDBuild
CVE-2022-25517 (MyBatis plus v3.4.3 was discovered to contain a SQL injection
vulnerab ...)
NOT-FOR-US: MyBatis plus
-CVE-2022-25516 (stb_truetype.h v1.26 was discovered to contain a
heap-buffer-overflow ...)
+CVE-2022-25516 (** DISPUTED ** stb_truetype.h v1.26 was discovered to contain
a heap-b ...)
- libstb <unfixed> (unimportant)
NOTE: https://github.com/nothings/stb/issues/1287
NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files
NOTE: Also, the stb_truetype API does not know the length of the input
font file and therefore
NOTE: cannot bounds check it.
-CVE-2022-25515 (stb_truetype.h v1.26 was discovered to contain a
heap-buffer-overflow ...)
+CVE-2022-25515 (** DISPUTED ** stb_truetype.h v1.26 was discovered to contain
a heap-b ...)
- libstb <unfixed> (unimportant)
NOTE: https://github.com/nothings/stb/issues/1288
NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files
NOTE: Also, the stb_truetype API does not know the length of the input
font file and therefore
NOTE: cannot bounds check it.
-CVE-2022-25514 (stb_truetype.h v1.26 was discovered to contain a
heap-buffer-overflow ...)
+CVE-2022-25514 (** DISPUTED ** stb_truetype.h v1.26 was discovered to contain
a heap-b ...)
- libstb <unfixed> (unimportant)
NOTE: https://github.com/nothings/stb/issues/1286
NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files
@@ -57625,7 +57701,7 @@ CVE-2022-24200
RESERVED
CVE-2022-24199
RESERVED
-CVE-2022-24198 (iText v7.1.17 was discovered to contain an out-of-bounds
exception via ...)
+CVE-2022-24198 (** DISPUTED ** iText v7.1.17 was discovered to contain an
out-of-bound ...)
NOT-FOR-US: iText
CVE-2022-24197 (iText v7.1.17 was discovered to contain a stack-based buffer
overflow ...)
NOT-FOR-US: iText
@@ -67445,7 +67521,7 @@ CVE-2021-45348 (An Arbitrary File Deletion
vulnerability exists in SourceCodeste
NOT-FOR-US: SourceCodester
CVE-2021-45347 (An Incorrect Access Control vulnerability exists in zzcms 8.2,
which l ...)
NOT-FOR-US: zzcms
-CVE-2021-45346 (A Memory Leak vulnerabilty exists in SQLite Project SQLite3
3.35.1 and ...)
+CVE-2021-45346 (** DISPUTED ** A Memory Leak vulnerability exists in SQLite
Project SQ ...)
- sqlite3 <unfixed> (bug #1005974)
[bullseye] - sqlite3 <no-dsa> (Minor issue)
[buster] - sqlite3 <no-dsa> (Minor issue)
@@ -70172,7 +70248,8 @@ CVE-2021-44599 (The id parameter from Online Enrollment
Management System 1.0 sy
NOT-FOR-US: Online Enrollment Management System
CVE-2021-44598 (Attendance Management System 1.0 is affected by a Cross Site
Scripting ...)
NOT-FOR-US: Attendance Management System
-CVE-2021-44597 (An Access Control vunerabiity exists in Gerapy v 0.9.7 via the
spider ...)
+CVE-2021-44597
+ REJECTED
NOT-FOR-US: Gerapy
CVE-2021-44596 (Wondershare LTD Dr. Fone as of 2021-12-06 version is affected
by Remot ...)
NOT-FOR-US: Wondershare
@@ -81339,7 +81416,7 @@ CVE-2021-41876
RESERVED
CVE-2021-41875
RESERVED
-CVE-2021-41874 (An unauthorized access vulnerabiitly exists in all versions of
Portain ...)
+CVE-2021-41874 (** DISPUTED ** An unauthorized access vulnerabiitly exists in
all vers ...)
NOT-FOR-US: Portainer
CVE-2021-41873 (Penguin Aurora TV Box 41502 is a high-end network HD set-top
box produ ...)
NOT-FOR-US: Penguin Aurora TV Box 41502
@@ -117368,8 +117445,8 @@ CVE-2021-27786 (Cross-origin resource sharing (CORS)
enables browsers to perform
NOT-FOR-US: HCL
CVE-2021-27785 (HCL Commerce's Remote Store server could allow a local
attacker to obt ...)
NOT-FOR-US: HCL Commerce's Remote Store server
-CVE-2021-27784
- RESERVED
+CVE-2021-27784 (The provided HCL Launch Container images contain non-unique
HTTPS cert ...)
+ TODO: check
CVE-2021-27783 (User generated PPKG file for Bulk Enroll may have unencrypted
sensitiv ...)
NOT-FOR-US: HCL
CVE-2021-27782
@@ -142942,7 +143019,7 @@ CVE-2020-28886
RESERVED
CVE-2020-28885 (** DISPUTED ** Liferay Portal Server tested on 7.3.5 GA6,
7.2.0 GA1 is ...)
NOT-FOR-US: Liferay
-CVE-2020-28884 (Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is
affected by OS ...)
+CVE-2020-28884 (** DISPUTED ** Liferay Portal Server tested on 7.3.5 GA6,
7.2.0 GA1 is ...)
NOT-FOR-US: Liferay
CVE-2020-28883
RESERVED
@@ -159986,7 +160063,7 @@ CVE-2020-23257
CVE-2020-23256
RESERVED
CVE-2020-23255
- RESERVED
+ REJECTED
CVE-2020-23254
RESERVED
CVE-2020-23253
@@ -292422,9 +292499,9 @@ CVE-2018-13329 (Cross-site scripting in ajaxdata.php
in TerraMaster TOS version
NOT-FOR-US: TerraMaster TOS
CVE-2018-13328 (The transfer, transferFrom, and mint functions of a smart
contract imp ...)
NOT-FOR-US: smart contract
-CVE-2018-13327 (The transfer and transferFrom functions of a smart contract
implementa ...)
+CVE-2018-13327 (** DISPUTED ** The transfer and transferFrom functions of a
smart cont ...)
NOT-FOR-US: smart contract
-CVE-2018-13326 (The transfer and transferFrom functions of a smart contract
implementa ...)
+CVE-2018-13326 (** DISPUTED ** The transfer and transferFrom functions of a
smart cont ...)
NOT-FOR-US: smart contract
CVE-2018-13325 (The _sell function of a smart contract implementation for
GROWCHAIN (G ...)
NOT-FOR-US: smart contract
@@ -292826,7 +292903,7 @@ CVE-2018-13146 (The mintToken, buy, and sell
functions of a smart contract imple
NOT-FOR-US: smart contract
CVE-2018-13145 (The mintToken function of a smart contract implementation for
JavaSwap ...)
NOT-FOR-US: smart contract
-CVE-2018-13144 (The transfer and transferFrom functions of a smart contract
implementa ...)
+CVE-2018-13144 (** DISPUTED ** The transfer and transferFrom functions of a
smart cont ...)
NOT-FOR-US: smart contract
CVE-2018-13143
RESERVED
@@ -292895,7 +292972,7 @@ CVE-2018-13115 (Lack of an authentication mechanism
in KERUI Wifi Endoscope Came
NOT-FOR-US: KERUI Wifi Endoscope Camera
CVE-2018-13114 (Missing authentication and improper input validation in KERUI
Wifi End ...)
NOT-FOR-US: KERUI Wifi Endoscope Camera
-CVE-2018-13113 (The transfer and transferFrom functions of a smart contract
implementa ...)
+CVE-2018-13113 (** DISPUTED ** The transfer and transferFrom functions of a
smart cont ...)
NOT-FOR-US: smart contract implementation for Easy Trading Token and
Ethereum token
CVE-2018-13112 (get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows
remote attac ...)
- tcpreplay 4.3.1-1 (low; bug #902952)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a3e14708d0c3d85c64a56ffab804c89a693c5b8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a3e14708d0c3d85c64a56ffab804c89a693c5b8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
