Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c38c374a by security tracker role at 2022-11-08T20:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2022-45058
+ RESERVED
+CVE-2022-45057
+ RESERVED
+CVE-2022-45056
+ RESERVED
+CVE-2022-45055
+ RESERVED
+CVE-2022-45054
+ RESERVED
+CVE-2022-45053
+ RESERVED
+CVE-2022-45052
+ RESERVED
+CVE-2022-45051
+ RESERVED
+CVE-2022-45050
+ RESERVED
+CVE-2022-45049
+ RESERVED
+CVE-2022-45048
+ RESERVED
+CVE-2022-45047
+ RESERVED
+CVE-2022-45046
+ RESERVED
+CVE-2022-3899
+ RESERVED
+CVE-2022-3898
+ RESERVED
+CVE-2022-3897
+ RESERVED
+CVE-2022-3896
+ RESERVED
+CVE-2022-3895
+ RESERVED
+CVE-2022-3894
+ RESERVED
+CVE-2022-3893
+ RESERVED
+CVE-2022-3892
+ RESERVED
+CVE-2022-3891
+ RESERVED
CVE-2022-45045
RESERVED
CVE-2022-3890
@@ -676,8 +720,8 @@ CVE-2022-44743
RESERVED
CVE-2022-44742
RESERVED
-CVE-2022-44741
- RESERVED
+CVE-2022-44741 (Cross-Site Request Forgery (CSRF) vulnerability leading to
Cross-Site ...)
+ TODO: check
CVE-2022-44740
RESERVED
CVE-2022-44739
@@ -2358,8 +2402,8 @@ CVE-2022-44558
RESERVED
CVE-2022-44557
RESERVED
-CVE-2022-44556
- RESERVED
+CVE-2022-44556 (Missing parameter type validation in the DRM module.
Successful exploi ...)
+ TODO: check
CVE-2022-44555
RESERVED
CVE-2022-44554
@@ -2570,8 +2614,8 @@ CVE-2022-44459
RESERVED
CVE-2022-44458
RESERVED
-CVE-2022-44457
- RESERVED
+CVE-2022-44457 (A vulnerability has been identified in Mendix SAML Module
(Mendix 7 co ...)
+ TODO: check
CVE-2022-43506
RESERVED
CVE-2022-43495 (OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability
in distr ...)
@@ -2893,28 +2937,28 @@ CVE-2022-44323
RESERVED
CVE-2022-44322
RESERVED
-CVE-2022-44321
- RESERVED
-CVE-2022-44320
- RESERVED
-CVE-2022-44319
- RESERVED
-CVE-2022-44318
- RESERVED
-CVE-2022-44317
- RESERVED
-CVE-2022-44316
- RESERVED
-CVE-2022-44315
- RESERVED
-CVE-2022-44314
- RESERVED
-CVE-2022-44313
- RESERVED
-CVE-2022-44312
- RESERVED
-CVE-2022-44311
- RESERVED
+CVE-2022-44321 (PicoC Version 3.2.2 was discovered to contain a heap buffer
overflow i ...)
+ TODO: check
+CVE-2022-44320 (PicoC Version 3.2.2 was discovered to contain a heap buffer
overflow i ...)
+ TODO: check
+CVE-2022-44319 (PicoC Version 3.2.2 was discovered to contain a heap buffer
overflow i ...)
+ TODO: check
+CVE-2022-44318 (PicoC Version 3.2.2 was discovered to contain a heap buffer
overflow i ...)
+ TODO: check
+CVE-2022-44317 (PicoC Version 3.2.2 was discovered to contain a heap buffer
overflow i ...)
+ TODO: check
+CVE-2022-44316 (PicoC Version 3.2.2 was discovered to contain a heap buffer
overflow i ...)
+ TODO: check
+CVE-2022-44315 (PicoC Version 3.2.2 was discovered to contain a heap buffer
overflow i ...)
+ TODO: check
+CVE-2022-44314 (PicoC Version 3.2.2 was discovered to contain a heap buffer
overflow i ...)
+ TODO: check
+CVE-2022-44313 (PicoC Version 3.2.2 was discovered to contain a heap buffer
overflow i ...)
+ TODO: check
+CVE-2022-44312 (PicoC Version 3.2.2 was discovered to contain a heap buffer
overflow i ...)
+ TODO: check
+CVE-2022-44311 (html2xhtml v1.3 was discovered to contain an Out-Of-Bounds
read in the ...)
+ TODO: check
CVE-2022-44310
RESERVED
CVE-2022-44309
@@ -5416,8 +5460,8 @@ CVE-2023-0002
RESERVED
CVE-2023-0001
RESERVED
-CVE-2022-43958
- RESERVED
+CVE-2022-43958 (A vulnerability has been identified in QMS Automotive (All
versions). ...)
+ TODO: check
CVE-2022-43957
RESERVED
CVE-2022-43956
@@ -5877,6 +5921,7 @@ CVE-2022-43762
CVE-2022-43761
RESERVED
CVE-2022-3705 (A vulnerability was found in vim and classified as problematic.
Affect ...)
+ {DLA-3182-1}
- vim 2:9.0.0813-1
NOTE:
https://github.com/vim/vim/commit/d0fab10ed2a86698937e3c3fed2f10bd9bb5e731
(v9.0.0805)
CVE-2022-3704 (A vulnerability classified as problematic has been found in
Ruby on Ra ...)
@@ -6479,10 +6524,10 @@ CVE-2022-43548 [DNS rebinding in --inspect via invalid
octal IP address]
NOTE:
https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548
CVE-2022-43547
RESERVED
-CVE-2022-43546
- RESERVED
-CVE-2022-43545
- RESERVED
+CVE-2022-43546 (A vulnerability has been identified in POWER METER SICAM Q100
(All ver ...)
+ TODO: check
+CVE-2022-43545 (A vulnerability has been identified in POWER METER SICAM Q100
(All ver ...)
+ TODO: check
CVE-2022-43542
RESERVED
CVE-2022-43541
@@ -6547,16 +6592,16 @@ CVE-2022-43499
RESERVED
CVE-2022-43492
RESERVED
-CVE-2022-43491
- RESERVED
+CVE-2022-43491 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced
Dynamic Pr ...)
+ TODO: check
CVE-2022-43490
RESERVED
CVE-2022-43488
RESERVED
CVE-2022-43482
RESERVED
-CVE-2022-43481
- RESERVED
+CVE-2022-43481 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced
Coupons fo ...)
+ TODO: check
CVE-2022-43480
RESERVED
CVE-2022-43479
@@ -6587,8 +6632,8 @@ CVE-2022-43445
RESERVED
CVE-2022-43441
RESERVED
-CVE-2022-43439
- RESERVED
+CVE-2022-43439 (A vulnerability has been identified in POWER METER SICAM Q100
(All ver ...)
+ TODO: check
CVE-2022-43438
RESERVED
CVE-2022-43437
@@ -6611,8 +6656,8 @@ CVE-2022-42698
RESERVED
CVE-2022-42497
RESERVED
-CVE-2022-42494
- RESERVED
+CVE-2022-42494 (Server Side Request Forgery (SSRF) vulnerability in All in One
SEO Pro ...)
+ TODO: check
CVE-2022-42485
RESERVED
CVE-2022-42479
@@ -6635,8 +6680,8 @@ CVE-2022-41990
RESERVED
CVE-2022-41987
RESERVED
-CVE-2022-41980
- RESERVED
+CVE-2022-41980 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in
Mantenimien ...)
+ TODO: check
CVE-2022-41978
RESERVED
CVE-2022-41840
@@ -6967,10 +7012,10 @@ CVE-2022-3592 [Wide links protection broken]
NOTE: https://www.samba.org/samba/security/CVE-2022-3592.html
CVE-2022-43399
RESERVED
-CVE-2022-43398
- RESERVED
-CVE-2022-43397
- RESERVED
+CVE-2022-43398 (A vulnerability has been identified in POWER METER SICAM Q100
(All ver ...)
+ TODO: check
+CVE-2022-43397 (A vulnerability has been identified in Parasolid V34.0 (All
versions & ...)
+ TODO: check
CVE-2022-43396
RESERVED
CVE-2022-3591
@@ -7141,8 +7186,8 @@ CVE-2022-43345
RESERVED
CVE-2022-43344
RESERVED
-CVE-2022-43343
- RESERVED
+CVE-2022-43343 (N-Prolog v1.91 was discovered to contain a global buffer
overflow vuln ...)
+ TODO: check
CVE-2022-43342
RESERVED
CVE-2022-43341
@@ -8608,10 +8653,12 @@ CVE-2022-42826
CVE-2022-42825 (This issue was addressed by removing additional entitlements.
This iss ...)
NOT-FOR-US: Apple
CVE-2022-42824 (A logic issue was addressed with improved state management.
This issue ...)
+ {DSA-5274-1 DSA-5273-1}
- webkit2gtk 2.38.2-1
- wpewebkit 2.38.2-1
NOTE: https://webkitgtk.org/security/WSA-2022-0010.html
CVE-2022-42823 (A type confusion issue was addressed with improved memory
handling. Th ...)
+ {DSA-5274-1 DSA-5273-1}
- webkit2gtk 2.38.2-1
- wpewebkit 2.38.2-1
NOTE: https://webkitgtk.org/security/WSA-2022-0010.html
@@ -8662,6 +8709,7 @@ CVE-2022-42801 (A logic issue was addressed with improved
checks. This issue is
CVE-2022-42800 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
CVE-2022-42799 (The issue was addressed with improved UI handling. This issue
is fixed ...)
+ {DSA-5274-1 DSA-5273-1}
- webkit2gtk 2.38.2-1
- wpewebkit 2.38.2-1
NOTE: https://webkitgtk.org/security/WSA-2022-0010.html
@@ -11135,8 +11183,8 @@ CVE-2022-41759
RESERVED
CVE-2022-41758
RESERVED
-CVE-2022-41757
- RESERVED
+CVE-2022-41757 (An issue was discovered in the Arm Mali GPU Kernel Driver. A
non-privi ...)
+ TODO: check
CVE-2022-41756
RESERVED
CVE-2022-41755
@@ -11361,16 +11409,16 @@ CVE-2022-41666 (A CWE-347: Improper Verification of
Cryptographic Signature vuln
NOT-FOR-US: EcoStruxure Operator Terminal Expert and Pro-face BLUE
CVE-2022-41665 (A vulnerability has been identified in SICAM P850 (All
versions < V ...)
NOT-FOR-US: Siemens
-CVE-2022-41664
- RESERVED
-CVE-2022-41663
- RESERVED
-CVE-2022-41662
- RESERVED
-CVE-2022-41661
- RESERVED
-CVE-2022-41660
- RESERVED
+CVE-2022-41664 (A vulnerability has been identified in JT2Go (All versions
< V14.1. ...)
+ TODO: check
+CVE-2022-41663 (A vulnerability has been identified in JT2Go (All versions
< V14.1. ...)
+ TODO: check
+CVE-2022-41662 (A vulnerability has been identified in JT2Go (All versions
< V14.1. ...)
+ TODO: check
+CVE-2022-41661 (A vulnerability has been identified in JT2Go (All versions
< V14.1. ...)
+ TODO: check
+CVE-2022-41660 (A vulnerability has been identified in JT2Go (All versions
< V14.1. ...)
+ TODO: check
CVE-2022-41656
RESERVED
CVE-2022-41655
@@ -11488,8 +11536,8 @@ CVE-2022-41315
RESERVED
CVE-2022-41155
RESERVED
-CVE-2022-41136
- RESERVED
+CVE-2022-41136 (Cross-Site Request Forgery (CSRF) vulnerability leading to
Stored Cros ...)
+ TODO: check
CVE-2022-41135
RESERVED
CVE-2022-41134
@@ -11524,8 +11572,8 @@ CVE-2022-40192
RESERVED
CVE-2022-40130
RESERVED
-CVE-2022-40128
- RESERVED
+CVE-2022-40128 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced
Order Expo ...)
+ TODO: check
CVE-2022-39044
RESERVED
CVE-2022-38467
@@ -11650,6 +11698,7 @@ CVE-2022-3326 (Weak Password Requirements in GitHub
repository ikus060/rdiffweb
CVE-2022-3325 (Improper access control in the GitLab CE/EE API affecting all
versions ...)
- gitlab <unfixed>
CVE-2022-3324 (Stack-based Buffer Overflow in GitHub repository vim/vim prior
to 9.0. ...)
+ {DLA-3182-1}
- vim 2:9.0.0626-1
NOTE: https://huntr.dev/bounties/e414e55b-f332-491f-863b-c18dca97403c/
NOTE:
https://github.com/vim/vim/commit/8279af514ca7e5fd3c31cf13b0864163d1a0bfeb
(v9.0.0598)
@@ -13597,6 +13646,7 @@ CVE-2022-40755 (JasPer 3.0.6 allows denial of service
via a reachable assertion
- jasper <removed>
NOTE: https://github.com/jasper-software/jasper/issues/338
CVE-2022-3234 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 9.0.0 ...)
+ {DLA-3182-1}
- vim 2:9.0.0626-1
NOTE: https://huntr.dev/bounties/90fdf374-bf04-4386-8a23-38c83b88f0da/
NOTE:
https://github.com/vim/vim/commit/c249913edc35c0e666d783bfc21595cf9f7d9e0d
(v9.0.0483)
@@ -13771,14 +13821,14 @@ CVE-2022-40672 (Authenticated (admin+) Stored
Cross-Site Scripting (XSS) vulnera
NOT-FOR-US: WordPress plugin
CVE-2022-40671 (Cross-Site Request Forgery (CSRF) vulnerability in Rate my
Post – ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-40632
- RESERVED
+CVE-2022-40632 (Cross-Site Request Forgery (CSRF) vulnerability in gVectors
Team wpFor ...)
+ TODO: check
CVE-2022-40312
RESERVED
CVE-2022-40310 (Authenticated (subscriber+) Race Condition vulnerability in
Rate my Po ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-40223
- RESERVED
+CVE-2022-40223 (Nonce token leakage and missing authorization in SearchWP
premium plug ...)
+ TODO: check
CVE-2022-40219 (Cross-Site Request Forgery (CSRF) vulnerability in SedLex
FavIcon Swit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40217 (Authenticated (admin+) Arbitrary File Edit/Upload
vulnerability in Xpl ...)
@@ -13789,10 +13839,10 @@ CVE-2022-40213 (Multiple Authenticated (contributor+)
Stored Cross-Site Scriptin
NOT-FOR-US: WordPress plugin
CVE-2022-40211
RESERVED
-CVE-2022-40206
- RESERVED
-CVE-2022-40205
- RESERVED
+CVE-2022-40206 (Insecure direct object references (IDOR) vulnerability in the
wpForo F ...)
+ TODO: check
+CVE-2022-40205 (Insecure direct object references (IDOR) vulnerability in the
wpForo F ...)
+ TODO: check
CVE-2022-40193 (Unauthenticated Stored Cross-Site Scripting (XSS)
vulnerability in Awe ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40131 (Cross-Site Request Forgery (CSRF) vulnerability in a3rev
Software Page ...)
@@ -13839,8 +13889,8 @@ CVE-2022-3212 (<bytes::Bytes as
axum_core::extract::FromRequest>::from_req
NOT-FOR-US: axum_core rust crate
CVE-2022-3211 (Cross-site Scripting (XSS) - Stored in GitHub repository
pimcore/pimco ...)
NOT-FOR-US: pimcore
-CVE-2022-30545
- RESERVED
+CVE-2022-30545 (Auth. Reflected Cross-Site Scripting (XSS) vulnerability in 5
Anker Co ...)
+ TODO: check
CVE-2020-36603 (The HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys
1.0.0.0 an ...)
NOT-FOR-US: HoYoVerse (formerly miHoYo) Genshin Impact
CVE-2022-40674 (libexpat before 2.4.9 has a use-after-free in the doContent
function i ...)
@@ -14952,8 +15002,8 @@ CVE-2022-38140
RESERVED
CVE-2022-38139 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in
RD Stati ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-38137
- RESERVED
+CVE-2022-38137 (Cross-Site Request Forgery (CSRF) vulnerability in Analytify
plugin &l ...)
+ TODO: check
CVE-2022-38135 (Broken Access Control vulnerability in Dean Oakley's
Photospace Galler ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38134 (Authenticated (subscriber+) Broken Access Control
vulnerability in Cus ...)
@@ -15559,6 +15609,7 @@ CVE-2022-39960 (The Netic Group Export add-on before
1.0.3 for Atlassian Jira do
CVE-2022-3135 (The SEO Smart Links WordPress plugin through 3.0.1 does not
sanitise a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3134 (Use After Free in GitHub repository vim/vim prior to 9.0.0389.
...)
+ {DLA-3182-1}
- vim 2:9.0.0626-1 (bug #1019590)
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc
@@ -16911,8 +16962,8 @@ CVE-2022-39354 (SputnikVM, also called evm, is a Rust
implementation of Ethereum
NOT-FOR-US: Rust crate evm
CVE-2022-39353 (xmldom is a pure JavaScript W3C standard-based (XML DOM Level
2 Core) ...)
TODO: check
-CVE-2022-39352
- RESERVED
+CVE-2022-39352 (OpenFGA is a high-performance authorization/permission engine
inspired ...)
+ TODO: check
CVE-2022-39351 (Dependency-Track is a Component Analysis platform that allows
organiza ...)
NOT-FOR-US: Dependency-Track
CVE-2022-39350 (@dependencytrack/frontend is a Single Page Application (SPA)
used in D ...)
@@ -16933,8 +16984,8 @@ CVE-2022-39345 (Gin-vue-admin is a backstage management
system based on vue and
NOT-FOR-US: Gin-vue-admin
CVE-2022-39344 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG)
embedded st ...)
NOT-FOR-US: Azure RTOS USBX
-CVE-2022-39343
- RESERVED
+CVE-2022-39343 (Azure RTOS FileX is a FAT-compatible file system that’s
fully in ...)
+ TODO: check
CVE-2022-39342 (OpenFGA is an authorization/permission engine. Versions prior
to versi ...)
NOT-FOR-US: OpenFGA
CVE-2022-39341 (OpenFGA is an authorization/permission engine. Versions prior
to versi ...)
@@ -17328,6 +17379,7 @@ CVE-2022-39199
CVE-2022-39198 (A deserialization vulnerability existed in dubbo hessian-lite
3.2.12 a ...)
NOT-FOR-US: Apache Dubbo
CVE-2022-3099 (Use After Free in GitHub repository vim/vim prior to 9.0.0360.
...)
+ {DLA-3182-1}
- vim 2:9.0.0626-1 (bug #1019590)
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e
@@ -17473,10 +17525,10 @@ CVE-2022-39188 (An issue was discovered in
include/asm-generic/tlb.h in the Linu
NOTE:
https://git.kernel.org/linus/b67fbebd4cf980aecbcc750e1462128bffe8ae15
CVE-2022-39159
RESERVED
-CVE-2022-39158 (A vulnerability has been identified in RUGGEDCOM ROS RMC8388
(All vers ...)
+CVE-2022-39158 (A vulnerability has been identified in RUGGEDCOM ROS RMC30
V4.X (All v ...)
NOT-FOR-US: Siemens
-CVE-2022-39157
- RESERVED
+CVE-2022-39157 (A vulnerability has been identified in Parasolid V34.0 (All
versions & ...)
+ TODO: check
CVE-2022-39156 (A vulnerability has been identified in Parasolid V33.1 (All
versions & ...)
NOT-FOR-US: Siemens
CVE-2022-39155 (A vulnerability has been identified in Parasolid V33.1 (All
versions & ...)
@@ -17517,8 +17569,8 @@ CVE-2022-39138 (A vulnerability has been identified in
Parasolid V33.1 (All vers
NOT-FOR-US: Siemens
CVE-2022-39137 (A vulnerability has been identified in Parasolid V33.1 (All
versions & ...)
NOT-FOR-US: Siemens
-CVE-2022-39136
- RESERVED
+CVE-2022-39136 (A vulnerability has been identified in JT2Go (All versions
< V14.1. ...)
+ TODO: check
CVE-2022-39135 (In Apache Calcite prior to version 1.32.0 the SQL operators
EXISTS_NOD ...)
NOT-FOR-US: Apache Calcite
CVE-2022-39134
@@ -17705,8 +17757,8 @@ CVE-2022-39071
RESERVED
CVE-2022-39070
RESERVED
-CVE-2022-39069
- RESERVED
+CVE-2022-39069 (There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to
lack of ...)
+ TODO: check
CVE-2022-39068
RESERVED
CVE-2022-39067
@@ -19010,6 +19062,7 @@ CVE-2022-38648 (Server-Side Request Forgery (SSRF)
vulnerability in Batik of Apa
NOTE: https://issues.apache.org/jira/browse/BATIK-1333
NOTE: http://svn.apache.org/viewvc?view=revision&revision=1903625
CVE-2022-2946 (Use After Free in GitHub repository vim/vim prior to 9.0.0246.
...)
+ {DLA-3182-1}
- vim 2:9.0.0626-1 (bug #1019590)
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5
@@ -22881,6 +22934,7 @@ CVE-2022-2600 (The Auto-hyperlink URLs WordPress plugin
through 5.4.1 does not s
CVE-2022-2599 (The Anti-Malware Security and Brute-Force Firewall WordPress
plugin be ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2598 (Undefined Behavior for Input to API in GitHub repository
vim/vim prior ...)
+ {DLA-3182-1}
- vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/2f08363a-47a2-422d-a7de-ce96a89ad08e/
NOTE:
https://github.com/vim/vim/commit/4e677b9c40ccbc5f090971b31dc2fe07bf05541d
(v9.0.0101)
@@ -26012,8 +26066,8 @@ CVE-2022-36079 (Parse Server is an open source backend
that can be deployed to a
NOT-FOR-US: Node parse-server
CVE-2022-36078 (Binary provides encoding/decoding in Borsh and other formats.
The vuln ...)
NOT-FOR-US: gagliardetto/Binary (tool to provide encoding/decoding in
Borsh and other formats)
-CVE-2022-36077
- RESERVED
+CVE-2022-36077 (The Electron framework enables writing cross-platform desktop
applicat ...)
+ TODO: check
CVE-2022-36076 (NodeBB Forum Software is powered by Node.js and supports
either Redis, ...)
NOT-FOR-US: NodeBB
CVE-2022-36075 (Nextcloud files access control is a nextcloud app to manage
access con ...)
@@ -29067,6 +29121,7 @@ CVE-2022-2306 (Old session tokens can be used to
authenticate to the application
CVE-2022-2305 (The WordPress Popup WordPress plugin through 1.9.3.8 does not
sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2304 (Stack-based Buffer Overflow in GitHub repository vim/vim prior
to 9.0. ...)
+ {DLA-3182-1}
- vim 2:9.0.0135-1 (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/eb7402f3-025a-402f-97a7-c38700d9548a/
@@ -29209,6 +29264,7 @@ CVE-2022-34895
CVE-2022-34894 (In JetBrains Hub before 2022.2.14799, insufficient access
control allo ...)
NOT-FOR-US: JetBrains Hub
CVE-2022-2285 (Integer Overflow or Wraparound in GitHub repository vim/vim
prior to 9 ...)
+ {DLA-3182-1}
- vim 2:9.0.0135-1 (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/64574b28-1779-458d-a221-06c434042736/
@@ -29338,10 +29394,10 @@ CVE-2022-33177 (Cross-Site Request Forgery (CSRF)
vulnerability in WPdevelop/Opl
NOT-FOR-US: WordPress plugin
CVE-2022-32970
RESERVED
-CVE-2022-32776
- RESERVED
-CVE-2022-32587
- RESERVED
+CVE-2022-32776 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Adva ...)
+ TODO: check
+CVE-2022-32587 (Cross-Site Request Forgery (CSRF) vulnerability in CodeAndMore
WP Page ...)
+ TODO: check
CVE-2022-30998 (Multiple Authenticated (subscriber or higher user role) SQL
Injection ...)
NOT-FOR-US: WordPress plugin
CVE-2022-30705
@@ -36352,7 +36408,7 @@ CVE-2022-1970
CVE-2022-1969 (The Mobile browser color select plugin for WordPress is
vulnerable to ...)
NOT-FOR-US: Mobile browser color select plugin for WordPress
CVE-2022-1968 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
- {DLA-3053-1}
+ {DLA-3182-1 DLA-3053-1}
- vim 2:9.0.0135-1 (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/949090e5-f4ea-4edf-bd79-cd98f0498a5b
@@ -37738,7 +37794,7 @@ CVE-2022-1899 (Out-of-bounds Read in GitHub repository
radareorg/radare2 prior t
NOTE: https://huntr.dev/bounties/8a3dc5cb-08b3-4807-82b2-77f08c137a04
NOTE:
https://github.com/radareorg/radare2/commit/193f4fe01d7f626e2ea937450f2e0c4604420e9d
CVE-2022-1898 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
- {DLA-3053-1}
+ {DLA-3182-1 DLA-3053-1}
- vim 2:9.0.0135-1 (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/45aad635-c2f1-47ca-a4f9-db5b25979cea
@@ -38345,7 +38401,7 @@ CVE-2022-1852 (A NULL pointer dereference flaw was
found in the Linux kernelR
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/fee060cd52d69c114b62d1a2948ea9648b5131f9
CVE-2022-1851 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
...)
- {DLA-3053-1}
+ {DLA-3182-1 DLA-3053-1}
- vim 2:9.0.0135-1 (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/f8af901a-9a46-440d-942a-8f815b59394d
@@ -40296,7 +40352,7 @@ CVE-2022-1722 (SSRF in editor's proxy via IPv6
link-local address in GitHub repo
CVE-2022-1721 (Path Traversal in WellKnownServlet in GitHub repository
jgraph/drawio ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-1720 (Buffer Over-read in function grab_file_name in GitHub
repository vim/v ...)
- {DLA-3053-1}
+ {DLA-3182-1 DLA-3053-1}
- vim 2:9.0.0135-1 (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/5ccfb386-7eb9-46e5-98e5-243ea4b358a8
@@ -40756,8 +40812,8 @@ CVE-2022-30696 (Local privilege escalation due to a DLL
hijacking vulnerability.
NOT-FOR-US: Acronis
CVE-2022-30695 (Local privilege escalation due to excessive permissions
assigned to ch ...)
NOT-FOR-US: Acronis
-CVE-2022-30694
- RESERVED
+CVE-2022-30694 (A vulnerability has been identified in SIMATIC Drive
Controller family ...)
+ TODO: check
CVE-2022-30543
RESERVED
CVE-2022-29485 (Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to
v1.14.2, and ...)
@@ -41989,7 +42045,7 @@ CVE-2022-30321 (go-getter up to 1.5.11 and 2.0.2
allowed arbitrary host access v
NOTE: https://github.com/hashicorp/go-getter/pull/359
NOTE:
https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45
(v1.6.0)
CVE-2022-1616 (Use after free in append_command in GitHub repository vim/vim
prior to ...)
- {DLA-3011-1}
+ {DLA-3182-1 DLA-3011-1}
- vim 2:9.0.0135-1 (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2
@@ -48482,7 +48538,7 @@ CVE-2022-1156 (The Books & Papers WordPress plugin
through 0.20210223 does n
CVE-2022-1155 (Old sessions are not blocked by the login enable function. in
GitHub r ...)
- snipe-it <itp> (bug #1005172)
CVE-2022-1154 (Use after free in utf_ptr2char in GitHub repository vim/vim
prior to 8 ...)
- {DLA-3011-1}
+ {DLA-3182-1 DLA-3011-1}
- vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/7f0ec6bc-ea0e-45b0-8128-caac72d23425
@@ -49213,8 +49269,8 @@ CVE-2022-27916
RESERVED
CVE-2022-27915
RESERVED
-CVE-2022-27914
- RESERVED
+CVE-2022-27914 (An issue was discovered in Joomla! 4.0.0 through 4.2.4.
Inadequate fil ...)
+ TODO: check
CVE-2022-27913 (An issue was discovered in Joomla! 4.2.0 through 4.2.3.
Inadequate fil ...)
NOT-FOR-US: Joomla!
CVE-2022-27912 (An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites
with pub ...)
@@ -49417,14 +49473,14 @@ CVE-2022-27860 (Cross-Site Request Forgery (CSRF)
leading to Cross-Site Scriptin
NOT-FOR-US: WordPress plugin
CVE-2022-27859 (Multiple Authenticated (contributor or higher user role)
Stored Cross- ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-27858
- RESERVED
+CVE-2022-27858 (CSV Injection vulnerability in Activity Log Team Activity Log
<= 2. ...)
+ TODO: check
CVE-2022-27857
RESERVED
CVE-2022-27856
RESERVED
-CVE-2022-27855
- RESERVED
+CVE-2022-27855 (Cross-Site Request Forgery (CSRF) vulnerability in Fatcat Apps
Analyti ...)
+ TODO: check
CVE-2022-27854 (Stored Cross-Site Scripting (XSS) vulnerability in Alexander
Ustimenko ...)
NOT-FOR-US: WordPress plugin
CVE-2022-27853 (Authenticated (author or higher role) Stored Cross-Site
Scripting (XSS ...)
@@ -51910,7 +51966,7 @@ CVE-2022-0945 (Stored XSS viva axd and cshtml file
upload in star7th/showdoc in
CVE-2022-0944 (Template injection in connection test endpoint leads to RCE in
GitHub ...)
NOT-FOR-US: sqlpad
CVE-2022-0943 (Heap-based Buffer Overflow occurs in vim in GitHub repository
vim/vim ...)
- {DLA-3053-1}
+ {DLA-3182-1 DLA-3053-1}
- vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/9e4de32f-ad5f-4830-b3ae-9467b5ab90a1
@@ -55568,7 +55624,7 @@ CVE-2022-0730 (Under certain ldap conditions, Cacti
authentication can be bypass
NOTE:
https://github.com/Cacti/cacti/commit/8694bf28edad723585915a97b95fbf5b1816a02b
(1.2.x)
NOTE:
https://github.com/Cacti/cacti/commit/0bb77ee9b4d1c7a99e0140b88789e050e523e628
(1.2.x)
CVE-2022-0729 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim
prior ...)
- {DLA-2947-1}
+ {DLA-3182-1 DLA-2947-1}
- vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/f3f3d992-7bd6-4ee5-a502-ae0e5f8016ea
@@ -55677,7 +55733,7 @@ CVE-2022-0716
CVE-2022-0715 (A CWE-287: Improper Authentication vulnerability exists that
could cau ...)
NOT-FOR-US: Schneider Electric
CVE-2022-0714 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 8.2.4 ...)
- {DLA-2947-1}
+ {DLA-3182-1 DLA-2947-1}
- vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/db70e8db-f309-4f3c-986c-e69d2415c3b3
@@ -56313,7 +56369,7 @@ CVE-2022-0686 (Authorization Bypass Through
User-Controlled Key in NPM url-parse
NOTE: https://huntr.dev/bounties/55fd06cd-9054-4d80-83be-eb5a454be78c
NOTE:
https://github.com/unshiftio/url-parse/commit/d5c64791ef496ca5459ae7f2176a31ea53b127e5
(1.5.8)
CVE-2022-0685 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim
prior ...)
- {DLA-2947-1}
+ {DLA-3182-1 DLA-2947-1}
- vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/27230da3-9b1a-4d5d-8cdf-4b1e62fcd782
@@ -57615,7 +57671,7 @@ CVE-2022-0574 (Improper Access Control in GitHub
repository publify/publify prio
CVE-2022-0573 (JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to
Insecure ...)
NOT-FOR-US: JFrog Artifactory
CVE-2022-0572 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 8.2. ...)
- {DLA-3011-1}
+ {DLA-3182-1 DLA-3011-1}
- vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/bf3e0643-03e9-4436-a1c8-74e7111c32bf
@@ -58554,7 +58610,7 @@ CVE-2022-0556 (A local privilege escalation
vulnerability caused by incorrect pe
CVE-2022-0555
RESERVED
CVE-2022-0554 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim
prior ...)
- {DLA-2947-1}
+ {DLA-3182-1 DLA-2947-1}
- vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/7e8f6cd0-b5ee-48a2-8255-6a86f4c46c71/
@@ -59889,7 +59945,7 @@ CVE-2022-0445 (The WordPress Real Cookie Banner: GDPR
(DSGVO) & ePrivacy Coo
CVE-2022-0444 (The Backup, Restore and Migrate WordPress Sites With the
XCloner Plugi ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0443 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
- {DLA-3011-1}
+ {DLA-3182-1 DLA-3011-1}
- vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/b987c8cb-bbbe-4601-8a6c-54ff907c6b51
@@ -60368,7 +60424,7 @@ CVE-2022-0419 (NULL Pointer Dereference in GitHub
repository radareorg/radare2 p
CVE-2022-0418 (The Event List WordPress plugin before 0.8.8 does not sanitise
and esc ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0417 (Heap-based Buffer Overflow GitHub repository vim/vim prior to
8.2. ...)
- {DLA-3053-1}
+ {DLA-3182-1 DLA-3053-1}
- vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/fc86bc8d-c866-4ade-8b7f-e49cec306d1a/
@@ -60431,7 +60487,7 @@ CVE-2021-46657 (get_sort_by_table in MariaDB before
10.6.2 allows an application
CVE-2022-0414 (Business Logic Errors in Packagist dolibarr/dolibarr prior to
16.0. ...)
- dolibarr <removed>
CVE-2022-0413 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
- {DLA-3011-1}
+ {DLA-3182-1 DLA-3011-1}
- vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/563d1e8f-5c3d-4669-941c-3216f4a87c38
@@ -60468,7 +60524,7 @@ CVE-2022-24113 (Local privilege escalation due to
excessive permissions assigned
CVE-2022-0409 (Unrestricted Upload of File with Dangerous Type in Packagist
showdoc/s ...)
NOT-FOR-US: ShowDoc
CVE-2022-0408 (Stack-based Buffer Overflow in GitHub repository vim/vim prior
to 8.2. ...)
- {DLA-2947-1}
+ {DLA-3182-1 DLA-2947-1}
- vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/5e635bad-5cf6-46cd-aeac-34ef224e179d
@@ -61240,7 +61296,7 @@ CVE-2022-23942 (Apache Doris, prior to 1.0.0, used a
hardcoded key and IV to ini
CVE-2022-21184 (An information disclosure vulnerability exists in the License
registra ...)
NOT-FOR-US: Bachmann Visutec GmbH Atvise
CVE-2022-0368 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
...)
- {DLA-2947-1}
+ {DLA-3182-1 DLA-2947-1}
- vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/bca9ce1f-400a-4bf9-9207-3f3187cb3fa9/
@@ -61263,7 +61319,7 @@ CVE-2022-0363 (The myCred WordPress plugin before 2.4.4
does not have any author
CVE-2022-0362 (SQL Injection in Packagist showdoc/showdoc prior to 2.10.3. ...)
NOT-FOR-US: ShowDoc
CVE-2022-0361 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 8.2. ...)
- {DLA-2947-1}
+ {DLA-3182-1 DLA-2947-1}
- vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/a055618c-0311-409c-a78a-99477121965b
@@ -61271,7 +61327,7 @@ CVE-2022-0361 (Heap-based Buffer Overflow in GitHub
repository vim/vim prior to
CVE-2022-0360 (The Easy Drag And drop All Import : WP Ultimate CSV Importer
WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0359 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 8.2. ...)
- {DLA-2947-1}
+ {DLA-3182-1 DLA-2947-1}
- vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def
@@ -61472,7 +61528,7 @@ CVE-2022-23865 (Nyron 1.0 is affected by a SQL
injection vulnerability through N
CVE-2022-0352 (Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior
to 0.6 ...)
NOT-FOR-US: calibre-web
CVE-2022-0351 (Access of Memory Location Before Start of Buffer in GitHub
repository ...)
- {DLA-3011-1}
+ {DLA-3182-1 DLA-3011-1}
- vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/8b36db58-b65c-4298-be7f-40b9e37fd161
@@ -62163,7 +62219,7 @@ CVE-2022-0321 (The WP Voting Contest WordPress plugin
before 3.0 does not saniti
CVE-2022-0320 (The Essential Addons for Elementor WordPress plugin before
5.0.5 does ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0319 (Out-of-bounds Read in vim/vim prior to 8.2. ...)
- {DLA-2947-1}
+ {DLA-3182-1 DLA-2947-1}
- vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/ba622fd2-e6ef-4ad9-95b4-17f87b68755b
@@ -63686,7 +63742,7 @@ CVE-2022-0263 (Unrestricted Upload of File with
Dangerous Type in Packagist pimc
CVE-2022-0262 (Cross-site Scripting (XSS) - Stored in Packagist
pimcore/pimcore prior ...)
NOT-FOR-US: pimcore
CVE-2022-0261 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 8.2. ...)
- {DLA-3011-1}
+ {DLA-3182-1 DLA-3011-1}
- vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/fa795954-8775-4f23-98c6-d4d4d3fe8a82
@@ -64082,7 +64138,7 @@ CVE-2022-0215 (The Login/Signup Popup, Waitlist
Woocommerce ( Back in stock noti
CVE-2022-0214 (The Popup | Custom Popup Builder WordPress plugin before 1.3.1
autoloa ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0213 (vim is vulnerable to Heap-based Buffer Overflow ...)
- {DLA-2947-1}
+ {DLA-3182-1 DLA-2947-1}
- vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/f3afe1a5-e6f8-4579-b68a-6e5c7e39afed
@@ -67871,13 +67927,13 @@ CVE-2021-44466 (Bitmask Riseup VPN 0.21.6 contains a
local privilege escalation
CVE-2021-4194 (bookstack is vulnerable to Improper Access Control ...)
NOT-FOR-US: bookstack
CVE-2021-4193 (vim is vulnerable to Out-of-bounds Read ...)
- {DLA-2947-1}
+ {DLA-3182-1 DLA-2947-1}
- vim 2:8.2.3995-1
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/92c1940d-8154-473f-84ce-0de43b0c2eb0
NOTE: Fixed by:
https://github.com/vim/vim/commit/94f3192b03ed27474db80b4d3a409e107140738b
(v8.2.3950)
CVE-2021-4192 (vim is vulnerable to Use After Free ...)
- {DLA-2947-1}
+ {DLA-3182-1 DLA-2947-1}
- vim 2:8.2.3995-1
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/6dd9cb2e-a940-4093-856e-59b502429f22
@@ -72875,7 +72931,7 @@ CVE-2021-4070 (Off-by-one Error in GitHub repository
v2fly/v2ray-core prior to 4
CVE-2021-44549 (Apache Sling Commons Messaging Mail provides a simple layer on
top of ...)
NOT-FOR-US: Apache Sling
CVE-2021-4069 (vim is vulnerable to Use After Free ...)
- {DLA-2947-1}
+ {DLA-3182-1 DLA-2947-1}
- vim 2:8.2.3995-1
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/0efd6d23-2259-4081-9ff1-3ade26907d74/
@@ -74102,7 +74158,7 @@ CVE-2021-4020 (janus-gateway is vulnerable to Improper
Neutralization of Input D
NOTE:
https://github.com/meetecho/janus-gateway/commit/ba166e9adebfe5343f826c6a9e02299d35414ffd
NOTE: Issues only in janus-demos built from src:janus
CVE-2021-4019 (vim is vulnerable to Heap-based Buffer Overflow ...)
- {DLA-2947-1}
+ {DLA-3182-1 DLA-2947-1}
- vim 2:8.2.3995-1
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/d8798584-a6c9-4619-b18f-001b9a6fca92
@@ -74644,7 +74700,7 @@ CVE-2021-44041 (UiPath Assistant 21.4.4 will load and
execute attacker controlle
CVE-2021-3985 (kimai2 is vulnerable to Improper Neutralization of Input During
Web Pa ...)
NOT-FOR-US: kimai2
CVE-2021-3984 (vim is vulnerable to Heap-based Buffer Overflow ...)
- {DLA-2947-1}
+ {DLA-3182-1 DLA-2947-1}
- vim 2:8.2.3995-1 (bug #1001896)
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/b114b5a2-18e2-49f0-b350-15994d71426a
@@ -74882,7 +74938,7 @@ CVE-2021-43961 (Sonatype Nexus Repository Manager
3.36.0 allows HTML Injection.
CVE-2021-43960 (** DISPUTED ** Lorensbergs Connect2 3.13.7647.20190 is
affected by an ...)
NOT-FOR-US: Lorensbergs Connect2
CVE-2021-3974 (vim is vulnerable to Use After Free ...)
- {DLA-2947-1}
+ {DLA-3182-1 DLA-2947-1}
- vim 2:8.2.3995-1 (bug #1001897)
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/e402cb2c-8ec4-4828-a692-c95f8e0de6d4
@@ -77843,13 +77899,13 @@ CVE-2021-43359 (Sunnet eHRD has broken access control
vulnerability, which allow
CVE-2021-43358 (Sunnet eHRD has inadequate filtering for special characters in
URLs, w ...)
NOT-FOR-US: Sunnet eHRD
CVE-2021-3928 (vim is vulnerable to Use of Uninitialized Variable ...)
- {DLA-2947-1}
+ {DLA-3182-1 DLA-2947-1}
- vim 2:8.2.3995-1
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/29c3ebd2-d601-481c-bf96-76975369d0cd
NOTE: Fixed by:
https://github.com/vim/vim/commit/15d9890eee53afc61eb0a03b878a19cb5672f732
(v8.2.3582)
CVE-2021-3927 (vim is vulnerable to Heap-based Buffer Overflow ...)
- {DLA-2947-1}
+ {DLA-3182-1 DLA-2947-1}
- vim 2:8.2.3995-1
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/9c2b2c82-48bb-4be9-ab8f-a48ea252d1b0
@@ -88087,8 +88143,8 @@ CVE-2021-40305
RESERVED
CVE-2021-40304
RESERVED
-CVE-2021-40303
- RESERVED
+CVE-2021-40303 (perfex crm 1.10 is vulnerable to Cross Site Scripting (XSS)
via /clien ...)
+ TODO: check
CVE-2021-40302
RESERVED
CVE-2021-40301
@@ -95894,7 +95950,7 @@ CVE-2021-37211 (The bulletin function of Flygo does not
filter special character
NOT-FOR-US: Flygo
CVE-2021-37210
RESERVED
-CVE-2021-37209 (A vulnerability has been identified in RUGGEDCOM ROS M2100
(All versio ...)
+CVE-2021-37209 (A vulnerability has been identified in RUGGEDCOM ROS M2100,
RUGGEDCOM ...)
NOT-FOR-US: Siemens
CVE-2021-37208 (A vulnerability has been identified in RUGGEDCOM ROS M2100
(All versio ...)
NOT-FOR-US: Siemens
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c38c374a089f5fd61d02651f0e894cd01740644d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c38c374a089f5fd61d02651f0e894cd01740644d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
