Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6d0430c6 by security tracker role at 2022-11-22T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2022-45797
+ RESERVED
+CVE-2022-45796
+ RESERVED
+CVE-2022-45795
+ RESERVED
+CVE-2022-45794
+ RESERVED
+CVE-2022-45793
+ RESERVED
+CVE-2022-45792
+ RESERVED
+CVE-2022-45791
+ RESERVED
+CVE-2022-45790
+ RESERVED
+CVE-2022-45789
+ RESERVED
+CVE-2022-45788
+ RESERVED
+CVE-2022-45787
+ RESERVED
+CVE-2022-45786
+ RESERVED
+CVE-2022-4121
+ RESERVED
+CVE-2022-4120
+ RESERVED
+CVE-2022-4119
+ RESERVED
+CVE-2022-4118
+ RESERVED
+CVE-2022-4117
+ RESERVED
+CVE-2022-4116 (A vulnerability was found in quarkus. This security flaw
happens in De ...)
+ TODO: check
+CVE-2022-4115
+ RESERVED
CVE-2022-XXXX [rust-atty: Potential unaligned read]
- rust-atty <not-affected> (Windows-specific)
NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0145.html
@@ -1417,8 +1455,8 @@ CVE-2022-45365
RESERVED
CVE-2022-45364
RESERVED
-CVE-2022-45363
- RESERVED
+CVE-2022-45363 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) in
Muffingroup B ...)
+ TODO: check
CVE-2022-45362
RESERVED
CVE-2022-45361
@@ -2196,8 +2234,8 @@ CVE-2022-3912
RESERVED
CVE-2022-3911
RESERVED
-CVE-2022-3910
- RESERVED
+CVE-2022-3910 (Use After Free vulnerability in Linux Kernel allows Privilege
Escalati ...)
+ TODO: check
CVE-2022-3909
RESERVED
CVE-2022-45063 (xterm before 375 allows code execution via font ops, e.g.,
because an ...)
@@ -2828,22 +2866,22 @@ CVE-2022-44810
RESERVED
CVE-2022-44809
RESERVED
-CVE-2022-44808
- RESERVED
-CVE-2022-44807
- RESERVED
-CVE-2022-44806
- RESERVED
+CVE-2022-44808 (A command injection vulnerability has been found on D-Link
DIR-823G de ...)
+ TODO: check
+CVE-2022-44807 (D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer
Overflow vi ...)
+ TODO: check
+CVE-2022-44806 (D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer
Overflow. ...)
+ TODO: check
CVE-2022-44805
RESERVED
-CVE-2022-44804
- RESERVED
+CVE-2022-44804 (D-Link DIR-882 1.10B02 and1.20B06 is vulnerable to Buffer
Overflow via ...)
+ TODO: check
CVE-2022-44803
RESERVED
CVE-2022-44802
RESERVED
-CVE-2022-44801
- RESERVED
+CVE-2022-44801 (D-Link DIR-878 1.02B05 is vulnerable to Incorrect Access
Control. ...)
+ TODO: check
CVE-2022-44800
RESERVED
CVE-2022-44799
@@ -2998,8 +3036,8 @@ CVE-2022-44739
RESERVED
CVE-2022-44738
RESERVED
-CVE-2022-44737
- RESERVED
+CVE-2022-44737 (Multiple Cross-Site Request Forgery vulnerabilities in
All-In-One Secu ...)
+ TODO: check
CVE-2022-44736 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Cham ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44735
@@ -4280,6 +4318,7 @@ CVE-2022-44641 (In Linaro Automated Validation
Architecture (LAVA) before 2022.1
NOTE:
https://git.lavasoftware.org/lava/lava/-/commit/1bee0f8957741582c2bed800974f31439c6f3ff5
(2022.11)
CVE-2022-44640 [Invalid free in ASN.1 codec]
RESERVED
+ {DSA-5287-1}
- heimdal <unfixed> (bug #1024187)
NOTE:
https://github.com/heimdal/heimdal/security/advisories/GHSA-88pm-hfmq-7vv4
NOTE:
https://github.com/heimdal/heimdal/commit/ea5ec8f174920cb80ce2b168b49195378420449e
(heimdal-7.7.1)
@@ -4587,7 +4626,7 @@ CVE-2022-44579
RESERVED
CVE-2022-44578
RESERVED
-CVE-2022-44577 (Auth. CSV Injection vulnerability in Export Users With Meta
plugin < ...)
+CVE-2022-44577 (This CVE ID has been rejected or withdrawn by its CVE
Numbering Author ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44576 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Agen ...)
NOT-FOR-US: WordPress plugin
@@ -5463,44 +5502,44 @@ CVE-2022-44204 (D-Link DIR3060 DIR3060A1_FW111B04.bin
is vulnerable to Buffer Ov
NOT-FOR-US: D-Link
CVE-2022-44203
RESERVED
-CVE-2022-44202
- RESERVED
-CVE-2022-44201
- RESERVED
-CVE-2022-44200
- RESERVED
-CVE-2022-44199
- RESERVED
-CVE-2022-44198
- RESERVED
-CVE-2022-44197
- RESERVED
-CVE-2022-44196
- RESERVED
+CVE-2022-44202 (D-Link DIR878 1.02B04 and 1.02B05 are vulnerable to Buffer
Overflow. ...)
+ TODO: check
+CVE-2022-44201 (D-Link DIR823G 1.02B05 is vulnerable to Commad Injection. ...)
+ TODO: check
+CVE-2022-44200 (Netgear R7000P V1.3.0.8, V1.3.1.64 is vulnerable to Buffer
Overflow vi ...)
+ TODO: check
+CVE-2022-44199 (Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via
paramete ...)
+ TODO: check
+CVE-2022-44198 (Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via
paramete ...)
+ TODO: check
+CVE-2022-44197 (Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via
parameter ...)
+ TODO: check
+CVE-2022-44196 (Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via
parameter ...)
+ TODO: check
CVE-2022-44195
RESERVED
-CVE-2022-44194
- RESERVED
-CVE-2022-44193
- RESERVED
+CVE-2022-44194 (Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via
parameter ...)
+ TODO: check
+CVE-2022-44193 (Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in
/usr/sbin ...)
+ TODO: check
CVE-2022-44192
RESERVED
-CVE-2022-44191
- RESERVED
-CVE-2022-44190
- RESERVED
+CVE-2022-44191 (Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via
paramete ...)
+ TODO: check
+CVE-2022-44190 (Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via
paramete ...)
+ TODO: check
CVE-2022-44189
RESERVED
-CVE-2022-44188
- RESERVED
-CVE-2022-44187
- RESERVED
-CVE-2022-44186
- RESERVED
+CVE-2022-44188 (Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in
/usr/sbin/ ...)
+ TODO: check
+CVE-2022-44187 (Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via
wan_dns1_ ...)
+ TODO: check
+CVE-2022-44186 (Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in
/usr/sbin ...)
+ TODO: check
CVE-2022-44185
RESERVED
-CVE-2022-44184
- RESERVED
+CVE-2022-44184 (Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in
/usr/sbin/ ...)
+ TODO: check
CVE-2022-44183 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via
function ...)
NOT-FOR-US: Tenda
CVE-2022-44182
@@ -9767,8 +9806,8 @@ CVE-2022-43214 (Billing System Project v1.0 was
discovered to contain a SQL inje
NOT-FOR-US: Billing System Project
CVE-2022-43213
RESERVED
-CVE-2022-43212
- RESERVED
+CVE-2022-43212 (Billing System Project v1.0 was discovered to contain a SQL
injection ...)
+ TODO: check
CVE-2022-43211
RESERVED
CVE-2022-43210
@@ -10240,8 +10279,8 @@ CVE-2022-42991 (A stored cross-site scripting (XSS)
vulnerability in Simple Onli
NOT-FOR-US: Simple Online Public Access Catalog
CVE-2022-42990 (Food Ordering Management System v1.0 was discovered to contain
a SQL i ...)
NOT-FOR-US: Food Ordering Management System
-CVE-2022-42989
- RESERVED
+CVE-2022-42989 (ERP Sankhya before v4.11b81 was discovered to contain a
cross-site scr ...)
+ TODO: check
CVE-2022-42988
RESERVED
CVE-2022-42987
@@ -10644,8 +10683,7 @@ CVE-2022-3502 (A vulnerability was found in Human
Resource Management System 1.0
CVE-2022-3501 (Article template contents with sensitive data could be accessed
from a ...)
NOT-FOR-US: OTRS
NOTE: Issue is listed as specific to 8.x, so won't affect Znuny which
forked from 6.x
-CVE-2022-3500
- RESERVED
+CVE-2022-3500 (A vulnerability was found in keylime. This security issue
happens in s ...)
NOT-FOR-US: keylime
CVE-2022-42918
RESERVED
@@ -10746,7 +10784,7 @@ CVE-2022-42899 (Bentley MicroStation and
MicroStation-based applications may be
NOT-FOR-US: Bentley
CVE-2022-42898 [krb5_pac_parse() buffer parsing vulnerability]
RESERVED
- {DSA-5286-1}
+ {DSA-5287-1 DSA-5286-1}
- heimdal <unfixed> (bug #1024187)
- krb5 1.20.1-1 (bug #1024267)
- samba 2:4.17.3+dfsg-1
@@ -11296,6 +11334,7 @@ CVE-2022-42704
RESERVED
CVE-2022-3437 [Buffer overflow in Heimdal unwrap_des3()]
RESERVED
+ {DSA-5287-1}
- samba 2:4.16.6+dfsg-1
- heimdal <unfixed> (bug #1024187)
NOTE: https://www.samba.org/samba/security/CVE-2022-3437.html
@@ -12690,16 +12729,16 @@ CVE-2022-42100
RESERVED
CVE-2022-42099
RESERVED
-CVE-2022-42098
- RESERVED
-CVE-2022-42097
- RESERVED
+CVE-2022-42098 (KLiK SocialMediaWebsite version v1.0.1 is vulnerable to SQL
Injection ...)
+ TODO: check
+CVE-2022-42097 (Backdrop CMS version 1.23.0 was discovered to contain a stored
cross-s ...)
+ TODO: check
CVE-2022-42096 (Backdrop CMS version 1.23.0 was discovered to contain a stored
cross-s ...)
- backdrop <itp> (bug #914257)
CVE-2022-42095
RESERVED
-CVE-2022-42094
- RESERVED
+CVE-2022-42094 (Backdrop CMS version 1.23.0 was discovered to contain a stored
cross-s ...)
+ TODO: check
CVE-2022-42093
RESERVED
CVE-2022-42092 (Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability
via 'th ...)
@@ -13007,12 +13046,12 @@ CVE-2022-41954
RESERVED
CVE-2022-41953
RESERVED
-CVE-2022-41952
- RESERVED
+CVE-2022-41952 (Synapse before 1.52.0 with URL preview functionality enabled
will atte ...)
+ TODO: check
CVE-2022-41951
RESERVED
-CVE-2022-41950
- RESERVED
+CVE-2022-41950 (super-xray is the GUI alternative for vulnerability scanning
tool xray ...)
+ TODO: check
CVE-2022-41949
RESERVED
CVE-2022-41948
@@ -13025,10 +13064,10 @@ CVE-2022-41945 (super-xray is a vulnerability scanner
(xray) GUI launcher. In ve
TODO: check
CVE-2022-41944
RESERVED
-CVE-2022-41943
- RESERVED
-CVE-2022-41942
- RESERVED
+CVE-2022-41943 (sourcegraph is a code intelligence platform. As a site admin
it was po ...)
+ TODO: check
+CVE-2022-41942 (Sourcegraph is a code intelligence platform. In versions prior
to 4.1. ...)
+ TODO: check
CVE-2022-41941
RESERVED
CVE-2022-41940 (Engine.IO is the implementation of transport-based
cross-browser/cross ...)
@@ -13080,6 +13119,7 @@ CVE-2022-41918 (OpenSearch is a community-driven, open
source fork of Elasticsea
CVE-2022-41917 (OpenSearch is a community-driven, open source fork of
Elasticsearch an ...)
NOT-FOR-US: OpenSearch
CVE-2022-41916 (Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos.
Version ...)
+ {DSA-5287-1}
- heimdal <unfixed> (bug #1024187)
NOTE:
https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx
NOTE:
https://github.com/heimdal/heimdal/commit/eb87af0c2d189c25294c7daf483a47b03af80c2c
(heimdal-7.7.1)
@@ -14349,8 +14389,8 @@ CVE-2022-41447
RESERVED
CVE-2022-41446
RESERVED
-CVE-2022-41445
- RESERVED
+CVE-2022-41445 (A cross-site scripting (XSS) vulnerability in Record
Management System ...)
+ TODO: check
CVE-2022-41444
RESERVED
CVE-2022-41443 (phpipam v1.5.0 was discovered to contain a header injection
vulnerabil ...)
@@ -15174,8 +15214,7 @@ CVE-2017-20147 (In the ebuild package through
smokeping-2.7.3-r1 for SmokePing o
NOT-FOR-US: ebuild package for SmokePing on Gentoo
CVE-2016-20015 (In the ebuild package through smokeping-2.7.3-r1 for SmokePing
on Gent ...)
NOT-FOR-US: ebuild package for SmokePing on Gentoo
-CVE-2022-41131
- RESERVED
+CVE-2022-41131 (Improper Neutralization of Special Elements used in an OS
Command ('OS ...)
- airflow <itp> (bug #819700)
CVE-2022-41130
RESERVED
@@ -15545,8 +15584,7 @@ CVE-2022-40956
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-40956
CVE-2022-40955 (In versions of Apache InLong prior to 1.3.0, an attacker with
sufficie ...)
NOT-FOR-US: Apache InLong
-CVE-2022-40954
- RESERVED
+CVE-2022-40954 (Improper Neutralization of Special Elements used in an OS
Command ('OS ...)
- airflow <itp> (bug #819700)
CVE-2022-40701
RESERVED
@@ -17305,8 +17343,8 @@ CVE-2022-40230 ("IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3
CD, and LTS 9.3 does not
NOT-FOR-US: IBM
CVE-2022-40229
RESERVED
-CVE-2022-40228
- RESERVED
+CVE-2022-40228 (IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0
through 10.0 ...)
+ TODO: check
CVE-2022-40227 (A vulnerability has been identified in SIMATIC HMI Comfort
Panels (inc ...)
NOT-FOR-US: Siemens
CVE-2022-40226 (A vulnerability has been identified in SICAM P850 (All
versions < V ...)
@@ -17325,8 +17363,7 @@ CVE-2022-40194 (Unauthenticated Sensitive Information
Disclosure vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2022-40191 (Authenticated (subscriber+) Stored Cross-Site Scripting (XSS)
vulnerab ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-40189
- RESERVED
+CVE-2022-40189 (Improper Neutralization of Special Elements used in an OS
Command ('OS ...)
- airflow <itp> (bug #819700)
CVE-2022-40132 (Cross-Site Request Forgery (CSRF) vulnerability in Seriously
Simple Po ...)
NOT-FOR-US: WordPress plugin
@@ -20129,16 +20166,16 @@ CVE-2022-39072
RESERVED
CVE-2022-39071
RESERVED
-CVE-2022-39070
- RESERVED
+CVE-2022-39070 (There is an access control vulnerability in some ZTE PON OLT
products. ...)
+ TODO: check
CVE-2022-39069 (There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to
lack of ...)
NOT-FOR-US: ZTE
CVE-2022-39068
RESERVED
-CVE-2022-39067
- RESERVED
-CVE-2022-39066
- RESERVED
+CVE-2022-39067 (There is a buffer overflow vulnerability in ZTE MF286R. Due to
lack of ...)
+ TODO: check
+CVE-2022-39066 (There is a SQL injection vulnerability in ZTE MF286R. Due to
insuffici ...)
+ TODO: check
CVE-2022-39065 (A single malformed IEEE 802.15.4 (Zigbee) frame makes the
TRÅDFRI ...)
NOT-FOR-US: Ikea
CVE-2022-39064 (An attacker sending a single malformed IEEE 802.15.4 (Zigbee)
frame ma ...)
@@ -21432,8 +21469,7 @@ CVE-2022-38651 (** UNSUPPORTED WHEN ASSIGNED ** A
security filter misconfigurati
NOT-FOR-US: VMware
CVE-2022-38650 (** UNSUPPORTED WHEN ASSIGNED ** A remote unauthenticated
insecure dese ...)
NOT-FOR-US: VMware
-CVE-2022-38649
- RESERVED
+CVE-2022-38649 (Improper Neutralization of Special Elements used in an OS
Command ('OS ...)
- airflow <itp> (bug #819700)
CVE-2022-38648 (Server-Side Request Forgery (SSRF) vulnerability in Batik of
Apache XM ...)
- batik 1.15+dfsg-1 (bug #1020589)
@@ -22012,8 +22048,8 @@ CVE-2022-38464
RESERVED
CVE-2022-38463 (ServiceNow through San Diego Patch 4b and Patch 6 allows
reflected XSS ...)
NOT-FOR-US: ServiceNow
-CVE-2022-38462
- RESERVED
+CVE-2022-38462 (Silverstripe silverstripe/framework through 4.11 is vulnerable
to XSS ...)
+ TODO: check
CVE-2022-38450 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and
20.005.30 ...)
NOT-FOR-US: Adobe
CVE-2022-38449 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and
20.005.30 ...)
@@ -25314,8 +25350,8 @@ CVE-2022-37303
RESERVED
CVE-2022-37302 (A CWE-119: Improper Restriction of Operations within the
Bounds of a M ...)
NOT-FOR-US: EcoStruxure Control Expert
-CVE-2022-37301
- RESERVED
+CVE-2022-37301 (A CWE-191: Integer Underflow (Wrap or Wraparound)
vulnerability exists ...)
+ TODO: check
CVE-2022-37300 (A CWE-640: Weak Password Recovery Mechanism for Forgotten
Password vul ...)
NOT-FOR-US: EcoStruxure Control Expert, EcoStruxure Process Expert, and
Modicon Controllers M580 and M340
CVE-2022-2601
@@ -27566,8 +27602,8 @@ CVE-2022-2514 (The time and filter parameters in Fava
prior to v1.22 are vulnera
[buster] - fava <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/dbf77139-4384-4dc5-9994-45a5e0747429
NOTE:
https://github.com/beancount/fava/commit/ca9e3882c7b5fbf5273ba52340b9fea6a99f3711
(v1.22)
-CVE-2022-2513
- RESERVED
+CVE-2022-2513 (A vulnerability exists in the Intelligent Electronic Device
(IED) Conn ...)
+ TODO: check
CVE-2022-2512 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <unfixed>
CVE-2022-2511 (Cross-site Scripting (XSS) vulnerability in the
"commonuserinterface" ...)
@@ -36571,8 +36607,8 @@ CVE-2022-33014
REJECTED
CVE-2022-33013
RESERVED
-CVE-2022-33012
- RESERVED
+CVE-2022-33012 (Microweber v1.2.15 was discovered to allow attackers to
perform an acc ...)
+ TODO: check
CVE-2022-33011 (Known v1.3.1+2020120201 was discovered to allow attackers to
perform a ...)
NOT-FOR-US: Known
CVE-2022-33010
@@ -66568,8 +66604,8 @@ CVE-2022-0224 (dolibarr is vulnerable to Improper
Neutralization of Special Elem
- dolibarr <removed>
CVE-2022-0223
RESERVED
-CVE-2022-0222
- RESERVED
+CVE-2022-0222 (A CWE-269: Improper Privilege Management vulnerability exists
that cou ...)
+ TODO: check
CVE-2022-0221 (A CWE-611: Improper Restriction of XML External Entity
Reference vulne ...)
NOT-FOR-US: Schneider Electric
CVE-2022-0220 (The check_privacy_settings AJAX action of the WordPress GDPR
WordPress ...)
@@ -73412,14 +73448,14 @@ CVE-2021-45105 (Apache Log4j2 versions 2.0-alpha1
through 2.16.0 (excluding 2.12
NOTE: https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45105
NOTE: https://issues.apache.org/jira/browse/LOG4J2-3230
CVE-2021-31566 (An improper link resolution flaw can occur while extracting an
archive ...)
- {DLA-2987-1}
+ {DLA-3202-1 DLA-2987-1}
- libarchive 3.5.2-1 (bug #1001990)
[bullseye] - libarchive 3.4.3-2+deb11u1
NOTE: https://github.com/libarchive/libarchive/issues/1566
NOTE:
https://github.com/libarchive/libarchive/commit/b41daecb5ccb4c8e3b2c53fd6147109fc12c3043
(v3.5.2)
NOTE:
https://github.com/libarchive/libarchive/commit/e2ad1a2c3064fa9eba6274b3641c4c1beed25c0b
(v3.5.2)
CVE-2021-23177 (An improper link resolution flaw while extracting an archive
can lead ...)
- {DLA-2987-1}
+ {DLA-3202-1 DLA-2987-1}
- libarchive 3.5.2-1 (bug #1001986)
[bullseye] - libarchive 3.4.3-2+deb11u1
NOTE: https://github.com/libarchive/libarchive/issues/1565
@@ -74808,6 +74844,7 @@ CVE-2021-4081 (pimcore is vulnerable to Improper
Neutralization of Input During
NOT-FOR-US: Pimcore
CVE-2021-44758 [spnego: send_reject when no mech selected]
RESERVED
+ {DSA-5287-1}
- heimdal <unfixed> (bug #1024187)
NOTE:
https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv
NOTE:
https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580
(heimdal-7.7.1)
@@ -97188,6 +97225,7 @@ CVE-2021-37716 (A remote buffer overflow vulnerability
was discovered in Aruba S
CVE-2021-37715 (A remote cross-site scripting (XSS) vulnerability was
discovered in Ar ...)
NOT-FOR-US: Aruba
CVE-2021-3671 (A null pointer de-reference was found in the way samba kerberos
server ...)
+ {DSA-5287-1}
- heimdal 7.7.0+dfsg-3 (bug #996586)
[buster] - heimdal <no-dsa> (Minor issue)
[stretch] - heimdal <no-dsa> (Minor issue)
@@ -107043,8 +107081,8 @@ CVE-2021-33622 (Sylabs Singularity 3.5.x and 3.6.x,
and SingularityPRO before 3.
[experimental] - singularity-container 3.9.4+ds2-1
- singularity-container 3.9.5+ds1-2 (bug #990201)
NOTE:
https://support.sylabs.io/support/solutions/articles/42000087130-3-5-8-security-release-cve-2021-33622-
-CVE-2021-33621
- REJECTED
+CVE-2021-33621 (The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x
before 0.3.5 ...)
+ TODO: check
CVE-2021-33619
RESERVED
CVE-2021-33618 (Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as
demonstr ...)
@@ -221416,7 +221454,7 @@ CVE-2019-19223 (A Broken Access Control vulnerability
in the D-Link DSL-2680 web
CVE-2019-19222 (A Stored XSS issue in the D-Link DSL-2680 web administration
interface ...)
NOT-FOR-US: D-Link
CVE-2019-19221 (In Libarchive 3.4.0, archive_wstring_append_from_mbs in
archive_string ...)
- {DLA-2987-1}
+ {DLA-3202-1 DLA-2987-1}
- libarchive 3.4.2-1 (bug #945287)
[jessie] - libarchive <no-dsa> (Minor issue)
NOTE:
https://github.com/libarchive/libarchive/commit/22b1db9d46654afc6f0c28f90af8cdc84a199f41
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d0430c670ad566bf17d0466fecdce0f279df718
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d0430c670ad566bf17d0466fecdce0f279df718
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
