diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2022-05-26 20:10:28 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2022-05-26 20:10:28 +0000 |
| commit | ce9f4063b6be3608ed9fa14b1061f0f40b365b5f (patch) | |
| tree | 30d1675aeea5e549f3f2051aca17be34b59fd7af /data | |
| parent | e20d6152d1824a9bc31055d756d6aa3e0aa581d0 (diff) | |
automatic update
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/list | 436 |
1 files changed, 236 insertions, 200 deletions
diff --git a/data/CVE/list b/data/CVE/list index 678d02ce0c..018b600b10 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,45 @@ +CVE-2022-31749 + RESERVED +CVE-2022-31748 + RESERVED +CVE-2022-31747 + RESERVED +CVE-2022-31746 + RESERVED +CVE-2022-31745 + RESERVED +CVE-2022-31744 + RESERVED +CVE-2022-31743 + RESERVED +CVE-2022-31742 + RESERVED +CVE-2022-31741 + RESERVED +CVE-2022-31740 + RESERVED +CVE-2022-31739 + RESERVED +CVE-2022-31738 + RESERVED +CVE-2022-31737 + RESERVED +CVE-2022-31736 + RESERVED +CVE-2022-1899 (Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7 ...) + TODO: check +CVE-2022-1898 + RESERVED +CVE-2022-1897 + RESERVED +CVE-2022-1896 + RESERVED +CVE-2022-1895 + RESERVED +CVE-2022-1894 + RESERVED +CVE-2021-4232 (A vulnerability classified as problematic has been found in Zoo Manage ...) + TODO: check CVE-2022-31733 RESERVED CVE-2022-31732 @@ -242,22 +284,21 @@ CVE-2022-1889 RESERVED CVE-2022-1888 RESERVED -CVE-2021-4231 - RESERVED +CVE-2021-4231 (A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It ha ...) + TODO: check CVE-2022-31619 RESERVED CVE-2022-1887 RESERVED -CVE-2022-1886 - RESERVED +CVE-2022-1886 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...) + TODO: check CVE-2022-1885 RESERVED CVE-2022-1884 RESERVED CVE-2022-1883 (SQL Injection in GitHub repository camptocamp/terraboard prior to 2.2. ...) NOT-FOR-US: camptocamp/terraboard -CVE-2022-1882 - RESERVED +CVE-2022-1882 (A flaw use after free in the Linux kernel pipes functionality was foun ...) - linux <unfixed> [buster] - linux <not-affected> (Vulnerable code not present) [stretch] - linux <not-affected> (Vulnerable code not present) @@ -1234,8 +1275,8 @@ CVE-2022-31267 (Gitblit 1.9.2 allows privilege escalation via the Config User Se NOT-FOR-US: Gitblit CVE-2022-31266 RESERVED -CVE-2022-31265 - RESERVED +CVE-2022-31265 (The replay feature in the client in Wargaming World of Warships 0.11.4 ...) + TODO: check CVE-2022-31264 (Solana solana_rbpf before 0.2.29 has an addition integer overflow via ...) NOT-FOR-US: Solana rBPF CVE-2022-31263 (app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail ...) @@ -2542,38 +2583,31 @@ CVE-2022-30793 RESERVED CVE-2022-30790 RESERVED -CVE-2022-30789 - RESERVED +CVE-2022-30789 (A crafted NTFS image can cause a heap-based buffer overflow in ntfs_ch ...) - ntfs-3g <unfixed> (bug #1011770) NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x -CVE-2022-30788 - RESERVED +CVE-2022-30788 (A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mf ...) - ntfs-3g <unfixed> (bug #1011770) NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x -CVE-2022-30787 - RESERVED +CVE-2022-30787 (An integer underflow in fuse_lib_readdir enables arbitrary memory read ...) - ntfs-3g <unfixed> (bug #1011770) NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/2 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58 -CVE-2022-30786 - RESERVED +CVE-2022-30786 (A crafted NTFS image can cause a heap-based buffer overflow in ntfs_na ...) - ntfs-3g <unfixed> (bug #1011770) NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x -CVE-2022-30785 - RESERVED +CVE-2022-30785 (A file handle created in fuse_lib_opendir, and later used in fuse_lib_ ...) - ntfs-3g <unfixed> (bug #1011770) NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/2 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58 -CVE-2022-30784 - RESERVED +CVE-2022-30784 (A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_v ...) - ntfs-3g <unfixed> (bug #1011770) NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x -CVE-2022-30783 - RESERVED +CVE-2022-30783 (An invalid return code in fuse_kern_mount enables intercepting of libf ...) - ntfs-3g <unfixed> (bug #1011770) NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/2 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58 @@ -3155,8 +3189,7 @@ CVE-2022-1666 RESERVED CVE-2022-1665 RESERVED -CVE-2022-1664 [directory traversal for in-place extracts with untrusted v2 and v3 source packages with debian.tar] - RESERVED +CVE-2022-1664 (Dpkg::Source::Archive in dpkg, the Debian package management system, b ...) {DSA-5147-1 DLA-3022-1} - dpkg 1.21.8 NOTE: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b (1.21.8) @@ -3327,8 +3360,8 @@ CVE-2022-30518 (ChatBot Application with a Suggestion Feature 1.0 was discovered TODO: check CVE-2022-30517 RESERVED -CVE-2022-30516 - RESERVED +CVE-2022-30516 (In Hospital-Management-System v1.0, the editid parameter in the doctor ...) + TODO: check CVE-2022-30515 RESERVED CVE-2022-30514 @@ -3343,8 +3376,8 @@ CVE-2022-30510 RESERVED CVE-2022-30509 RESERVED -CVE-2022-30508 - RESERVED +CVE-2022-30508 (DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vuln ...) + TODO: check CVE-2022-30507 RESERVED CVE-2022-30506 @@ -3359,8 +3392,8 @@ CVE-2022-30502 RESERVED CVE-2022-30501 RESERVED -CVE-2022-30500 - RESERVED +CVE-2022-30500 (Jfinal cms 5.1.0 is vulnerable to SQL Injection. ...) + TODO: check CVE-2022-30499 RESERVED CVE-2022-30498 @@ -3369,12 +3402,12 @@ CVE-2022-30497 RESERVED CVE-2022-30496 RESERVED -CVE-2022-30495 - RESERVED -CVE-2022-30494 - RESERVED -CVE-2022-30493 - RESERVED +CVE-2022-30495 (In oretnom23 Automotive Shop Management System v1.0, the name id param ...) + TODO: check +CVE-2022-30494 (In oretnom23 Automotive Shop Management System v1.0, the first and las ...) + TODO: check +CVE-2022-30493 (In oretnom23 Automotive Shop Management System v1.0, the product id pa ...) + TODO: check CVE-2022-30492 RESERVED CVE-2022-30491 @@ -3405,18 +3438,18 @@ CVE-2022-30479 RESERVED CVE-2022-30478 RESERVED -CVE-2022-30477 - RESERVED -CVE-2022-30476 - RESERVED -CVE-2022-30475 - RESERVED -CVE-2022-30474 - RESERVED -CVE-2022-30473 - RESERVED -CVE-2022-30472 - RESERVED +CVE-2022-30477 (Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to conta ...) + TODO: check +CVE-2022-30476 (Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to conta ...) + TODO: check +CVE-2022-30475 (Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to conta ...) + TODO: check +CVE-2022-30474 (Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to conta ...) + TODO: check +CVE-2022-30473 (Tenda AC Series Router AC18_V15.03.05.19(6318) has a stack-based buffe ...) + TODO: check +CVE-2022-30472 (Tenda AC Seris Router AC18_V15.03.05.19(6318) has a stack-based buffer ...) + TODO: check CVE-2022-30471 RESERVED CVE-2022-30470 @@ -5629,10 +5662,10 @@ CVE-2022-29723 RESERVED CVE-2022-29722 RESERVED -CVE-2022-29721 - RESERVED -CVE-2022-29720 - RESERVED +CVE-2022-29721 (74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability ...) + TODO: check +CVE-2022-29720 (74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulner ...) + TODO: check CVE-2022-29719 RESERVED CVE-2022-29718 @@ -5693,34 +5726,34 @@ CVE-2022-29691 RESERVED CVE-2022-29690 RESERVED -CVE-2022-29689 - RESERVED -CVE-2022-29688 - RESERVED -CVE-2022-29687 - RESERVED -CVE-2022-29686 - RESERVED -CVE-2022-29685 - RESERVED -CVE-2022-29684 - RESERVED -CVE-2022-29683 - RESERVED -CVE-2022-29682 - RESERVED -CVE-2022-29681 - RESERVED -CVE-2022-29680 - RESERVED +CVE-2022-29689 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...) + TODO: check +CVE-2022-29688 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...) + TODO: check +CVE-2022-29687 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...) + TODO: check +CVE-2022-29686 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...) + TODO: check +CVE-2022-29685 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...) + TODO: check +CVE-2022-29684 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...) + TODO: check +CVE-2022-29683 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...) + TODO: check +CVE-2022-29682 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...) + TODO: check +CVE-2022-29681 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...) + TODO: check +CVE-2022-29680 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...) + TODO: check CVE-2022-29679 RESERVED CVE-2022-29678 RESERVED CVE-2022-29677 RESERVED -CVE-2022-29676 - RESERVED +CVE-2022-29676 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...) + TODO: check CVE-2022-29675 RESERVED CVE-2022-29674 @@ -5731,28 +5764,28 @@ CVE-2022-29672 RESERVED CVE-2022-29671 RESERVED -CVE-2022-29670 - RESERVED -CVE-2022-29669 - RESERVED +CVE-2022-29670 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...) + TODO: check +CVE-2022-29669 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...) + TODO: check CVE-2022-29668 RESERVED -CVE-2022-29667 - RESERVED -CVE-2022-29666 - RESERVED -CVE-2022-29665 - RESERVED -CVE-2022-29664 - RESERVED -CVE-2022-29663 - RESERVED -CVE-2022-29662 - RESERVED -CVE-2022-29661 - RESERVED -CVE-2022-29660 - RESERVED +CVE-2022-29667 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...) + TODO: check +CVE-2022-29666 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...) + TODO: check +CVE-2022-29665 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...) + TODO: check +CVE-2022-29664 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...) + TODO: check +CVE-2022-29663 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...) + TODO: check +CVE-2022-29662 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...) + TODO: check +CVE-2022-29661 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...) + TODO: check +CVE-2022-29660 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...) + TODO: check CVE-2022-29659 RESERVED CVE-2022-29658 @@ -7346,8 +7379,8 @@ CVE-2022-29093 RESERVED CVE-2022-29092 RESERVED -CVE-2022-29091 - RESERVED +CVE-2022-29091 (Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0. ...) + TODO: check CVE-2022-29090 RESERVED CVE-2022-29089 @@ -7364,8 +7397,8 @@ CVE-2022-29084 RESERVED CVE-2022-29083 RESERVED -CVE-2022-29082 - RESERVED +CVE-2022-29082 (Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0 ...) + TODO: check CVE-2022-1332 (One of the API in Mattermost version 6.4.1 and earlier fails to proper ...) - mattermost-server <itp> (bug #823556) CVE-2022-1331 (In four instances DMARS (All versions prior to v2.1.10.24) does not pr ...) @@ -8481,8 +8514,8 @@ CVE-2022-1264 RESERVED CVE-2022-1262 (A command injection vulnerability in the protest binary allows an atta ...) NOT-FOR-US: D-Link Routers -CVE-2022-1261 - RESERVED +CVE-2022-1261 (Matrikon, a subsidary of Honeywell Matrikon OPC Server (all versions) ...) + TODO: check CVE-2022-1260 RESERVED CVE-2022-1259 @@ -11287,8 +11320,8 @@ CVE-2022-27778 [curl: removes wrong file on error] NOTE: https://www.openwall.com/lists/oss-security/2022/05/11/1 NOTE: https://curl.se/docs/CVE-2022-27778.html NOTE: Fixed by: https://github.com/curl/curl/commit/8c7ee9083d0d719d0a77ab20d9cc2ae84eeea7f3 (curl-7_83_1) -CVE-2022-27777 - RESERVED +CVE-2022-27777 (A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5. ...) + TODO: check CVE-2022-27776 [Auth/cookie leak on redirect] RESERVED - curl 7.83.0-1 (bug #1010252) @@ -13806,8 +13839,8 @@ CVE-2022-26867 RESERVED CVE-2022-26866 RESERVED -CVE-2022-26865 - RESERVED +CVE-2022-26865 (Dell Support Assist OS Recovery versions before 5.5.2 contain an Authe ...) + TODO: check CVE-2022-26864 RESERVED CVE-2022-26863 @@ -13822,8 +13855,8 @@ CVE-2022-26859 RESERVED CVE-2022-26858 RESERVED -CVE-2022-26857 - RESERVED +CVE-2022-26857 (Dell OpenManage Enterprise Versions 3.8.3 and prior contain an imprope ...) + TODO: check CVE-2022-26856 (Dell EMC Repository Manager version 3.4.0 contains a plain-text passwo ...) NOT-FOR-US: EMC CVE-2022-26855 (Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect d ...) @@ -14276,17 +14309,17 @@ CVE-2022-26693 RESERVED CVE-2022-26692 RESERVED -CVE-2022-26691 - RESERVED +CVE-2022-26691 (A logic issue was addressed with improved state management. This issue ...) + {DSA-5149-1} - cups <unfixed> (bug #1011769) NOTE: Fixed by: https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444 (v2.4.2) NOTE: Followup (fix comment): https://github.com/OpenPrinting/cups/commit/411b6136f450a583ee08c3880fa09dbe837eb3f1 -CVE-2022-26690 - RESERVED +CVE-2022-26690 (Description: A race condition was addressed with additional validation ...) + TODO: check CVE-2022-26689 RESERVED -CVE-2022-26688 - RESERVED +CVE-2022-26688 (An issue in the handling of symlinks was addressed with improved valid ...) + TODO: check CVE-2022-26687 RESERVED CVE-2022-26686 @@ -20672,24 +20705,24 @@ CVE-2022-24424 (Dell EMC AppSync versions from 3.9 to 4.3 contain a path travers NOT-FOR-US: EMC CVE-2022-24423 (Dell EMC iDRAC8 versions 2.81.81 and earlier contain a denial of servi ...) NOT-FOR-US: EMC -CVE-2022-24422 - RESERVED +CVE-2022-24422 (Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, con ...) + TODO: check CVE-2022-24421 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2022-24420 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2022-24419 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell -CVE-2022-24418 - RESERVED -CVE-2022-24417 - RESERVED +CVE-2022-24418 (Dell BIOS contains an improper input validation vulnerability. A local ...) + TODO: check +CVE-2022-24417 (Dell BIOS contains an improper input validation vulnerability. A local ...) + TODO: check CVE-2022-24416 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2022-24415 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell -CVE-2022-24414 - RESERVED +CVE-2022-24414 (Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is expos ...) + TODO: check CVE-2022-24413 (Dell PowerScale OneFS, versions 8.2.2-9.3.x, contain a time-of-check-t ...) NOT-FOR-US: Dell PowerScale OneFS CVE-2022-24412 (Dell EMC PowerScale OneFS 8.2.x - 9.3.0.x contain an improper handling ...) @@ -27495,16 +27528,16 @@ CVE-2021-4200 (A Improper Privilege Management vulnerability in SUSE Rancher all NOT-FOR-US: Rancher CVE-2022-22677 RESERVED -CVE-2022-22676 - RESERVED -CVE-2022-22675 - RESERVED -CVE-2022-22674 - RESERVED -CVE-2022-22673 - RESERVED -CVE-2022-22672 - RESERVED +CVE-2022-22676 (An event handler validation issue in the XPC Services API was addresse ...) + TODO: check +CVE-2022-22675 (An out-of-bounds write issue was addressed with improved bounds checki ...) + TODO: check +CVE-2022-22674 (An out-of-bounds read issue existed that led to the disclosure of kern ...) + TODO: check +CVE-2022-22673 (This issue was addressed with improved checks. This issue is fixed in ...) + TODO: check +CVE-2022-22672 (A memory corruption issue was addressed with improved memory handling. ...) + TODO: check CVE-2022-22671 (An authentication issue was addressed with improved state management. ...) NOT-FOR-US: Apple CVE-2022-22670 (An access issue was addressed with improved access restrictions. This ...) @@ -27521,10 +27554,10 @@ CVE-2022-22665 (A logic issue was addressed with improved validation. This issue NOT-FOR-US: Apple CVE-2022-22664 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple -CVE-2022-22663 - RESERVED -CVE-2022-22662 - RESERVED +CVE-2022-22663 (This issue was addressed with improved checks to prevent unauthorized ...) + TODO: check +CVE-2022-22662 (A cookie management issue was addressed with improved state management ...) + TODO: check CVE-2022-22661 (A type confusion issue was addressed with improved state handling. Thi ...) NOT-FOR-US: Apple CVE-2022-22660 (This issue was addressed with a new entitlement. This issue is fixed i ...) @@ -27639,8 +27672,8 @@ CVE-2022-22618 (This issue was addressed with improved checks. This issue is fix NOT-FOR-US: Apple CVE-2022-22617 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple -CVE-2022-22616 - RESERVED +CVE-2022-22616 (This issue was addressed with improved checks. This issue is fixed in ...) + TODO: check CVE-2022-22615 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2022-22614 (A use after free issue was addressed with improved memory management. ...) @@ -27721,10 +27754,9 @@ CVE-2022-22579 (An information disclosure issue was addressed with improved stat NOT-FOR-US: Apple CVE-2022-22578 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple -CVE-2022-22577 - RESERVED -CVE-2022-22576 [OAUTH2 bearer bypass in connection re-use] - RESERVED +CVE-2022-22577 (An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that co ...) + TODO: check +CVE-2022-22576 (An improper authentication vulnerability exists in curl 7.33.0 to and ...) - curl 7.83.0-1 (bug #1010295) NOTE: https://curl.se/docs/CVE-2022-22576.html NOTE: Fixed by: https://github.com/curl/curl/commit/852aa5ad351ea53e5f01d2f44b5b4370c2bf5425 (curl-7_83_0) @@ -33219,16 +33251,16 @@ CVE-2021-44832 (Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding secur NOTE: Fixed in 2.17.1, 2.12.4 and 2.3.2 CVE-2022-21832 RESERVED -CVE-2022-21831 - RESERVED +CVE-2022-21831 (A code injection vulnerability exists in the Active Storage >= v5.2 ...) + TODO: check CVE-2022-21830 (A blind self XSS vulnerability exists in RocketChat LiveChat <v1.9 ...) NOT-FOR-US: Rocket.Chat.Livechat CVE-2022-21829 RESERVED CVE-2022-21828 (A user with high privilege access to the Incapptic Connect web console ...) NOT-FOR-US: Ivanti -CVE-2022-21827 - RESERVED +CVE-2022-21827 (An improper privilege vulnerability has been discovered in Citrix Gate ...) + TODO: check CVE-2022-21826 RESERVED CVE-2022-21825 (An Improper Access Control vulnerability exists in Citrix Workspace Ap ...) @@ -39802,8 +39834,8 @@ CVE-2022-20823 RESERVED CVE-2022-20822 RESERVED -CVE-2022-20821 - RESERVED +CVE-2022-20821 (A vulnerability in the health check RPM of Cisco IOS XR Software could ...) + TODO: check CVE-2022-20820 RESERVED CVE-2022-20819 @@ -39826,8 +39858,8 @@ CVE-2022-20811 RESERVED CVE-2022-20810 RESERVED -CVE-2022-20809 - RESERVED +CVE-2022-20809 (Multiple vulnerabilities in the API and web-based management interface ...) + TODO: check CVE-2022-20808 RESERVED CVE-2022-20807 @@ -41188,10 +41220,10 @@ CVE-2021-42862 RESERVED CVE-2021-42861 RESERVED -CVE-2021-42860 - RESERVED -CVE-2021-42859 - RESERVED +CVE-2021-42860 (A stack buffer overflow exists in Mini-XML v3.2. When inputting an unf ...) + TODO: check +CVE-2021-42859 (A memory leak issue was discovered in Mini-XML v3.2 that could cause a ...) + TODO: check CVE-2021-42858 RESERVED CVE-2021-42857 (It was discovered that the SteelCentral AppInternals Dynamic Sampling ...) @@ -41653,8 +41685,8 @@ CVE-2021-42694 (** DISPUTED ** An issue was discovered in the character definiti NOT-FOR-US: Unicode spec CVE-2021-42693 RESERVED -CVE-2021-42692 - RESERVED +CVE-2021-42692 (There is a stack-overflow vulnerability in tinytoml v0.4 that can caus ...) + TODO: check CVE-2021-42691 RESERVED CVE-2021-42690 @@ -48923,8 +48955,8 @@ CVE-2021-40319 RESERVED CVE-2021-40318 RESERVED -CVE-2021-40317 - RESERVED +CVE-2021-40317 (Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.p ...) + TODO: check CVE-2021-40316 RESERVED CVE-2021-40315 @@ -49468,7 +49500,7 @@ CVE-2021-40087 (An issue was discovered in PrimeKey EJBCA before 7.6.0. When aud CVE-2021-40086 (An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the ...) NOT-FOR-US: PrimeKey CVE-2021-40085 (An issue was discovered in OpenStack Neutron before 16.4.1, 17.x befor ...) - {DSA-4983-1} + {DSA-4983-1 DLA-3027-1} - neutron 2:18.1.0-3 (bug #993398) NOTE: https://www.openwall.com/lists/oss-security/2021/08/31/2 NOTE: https://launchpad.net/bugs/1939733 @@ -50310,7 +50342,8 @@ CVE-2021-39707 (In onReceive of AppRestrictionsFragment.java, there is a possibl NOT-FOR-US: Android CVE-2021-39706 (In onResume of CredentialStorage.java, there is a possible way to clea ...) NOT-FOR-US: Android -CVE-2021-39705 (In getNotificationTag of LegacyVoicemailNotifier.java, there is a poss ...) +CVE-2021-39705 + REJECTED NOT-FOR-US: Android CVE-2021-39704 (In deleteNotificationChannelGroup of NotificationManagerService.java, ...) NOT-FOR-US: Android @@ -63534,8 +63567,8 @@ CVE-2021-34362 (A command injection vulnerability has been reported to affect QN NOT-FOR-US: QNAP CVE-2021-34361 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) NOT-FOR-US: QNAP -CVE-2021-34360 - RESERVED +CVE-2021-34360 (A cross-site request forgery (CSRF) vulnerability has been reported to ...) + TODO: check CVE-2021-34359 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) NOT-FOR-US: QNAP CVE-2021-34358 (We have already fixed this vulnerability in the following versions of ...) @@ -66845,12 +66878,12 @@ CVE-2021-33018 (The use of a broken or risky cryptographic algorithm in Philips NOT-FOR-US: Philips Vue PACS CVE-2021-33017 (The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.0 ...) NOT-FOR-US: Philips -CVE-2021-33016 - RESERVED +CVE-2021-33016 (An attacker can gain full access (read/write/delete) to sensitive fold ...) + TODO: check CVE-2021-33015 (Cscape (All Versions prior to 9.90 SP5) lacks proper validation of use ...) NOT-FOR-US: Cscape -CVE-2021-33014 - RESERVED +CVE-2021-33014 (An attacker can gain VxWorks Shell after login due to hard-coded crede ...) + TODO: check CVE-2021-33013 (mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized ...) NOT-FOR-US: mySCADA myPRO CVE-2021-33012 (Rockwell Automation MicroLogix 1100, all versions, allows a remote, un ...) @@ -72125,40 +72158,40 @@ CVE-2021-31012 REJECTED CVE-2021-31011 REJECTED -CVE-2021-31010 - REJECTED -CVE-2021-31009 - REJECTED -CVE-2021-31008 - REJECTED -CVE-2021-31007 - REJECTED -CVE-2021-31006 - REJECTED -CVE-2021-31005 - REJECTED -CVE-2021-31004 - REJECTED +CVE-2021-31010 (A deserialization issue was addressed through improved validation. Thi ...) + TODO: check +CVE-2021-31009 (Multiple issues were addressed by removing HDF5. This issue is fixed i ...) + TODO: check +CVE-2021-31008 (A type confusion issue was addressed with improved memory handling. Th ...) + TODO: check +CVE-2021-31007 (Description: A permissions issue was addressed with improved validatio ...) + TODO: check +CVE-2021-31006 (Description: A permissions issue was addressed with improved validatio ...) + TODO: check +CVE-2021-31005 (Description: A logic issue was addressed with improved state managemen ...) + TODO: check +CVE-2021-31004 (A race condition was addressed with improved locking. This issue is fi ...) + TODO: check CVE-2021-31003 REJECTED CVE-2021-31002 REJECTED -CVE-2021-31001 - REJECTED -CVE-2021-31000 - REJECTED -CVE-2021-30999 - REJECTED -CVE-2021-30998 - REJECTED -CVE-2021-30997 - REJECTED +CVE-2021-31001 (An access issue was addressed with improved access restrictions. This ...) + TODO: check +CVE-2021-31000 (A permissions issue was addressed with improved validation. This issue ...) + TODO: check +CVE-2021-30999 (The issue was addressed with improved permissions logic. This issue is ...) + TODO: check +CVE-2021-30998 (A S/MIME issue existed in the handling of encrypted email. This issue ...) + TODO: check +CVE-2021-30997 (A S/MIME issue existed in the handling of encrypted email. This issue ...) + TODO: check CVE-2021-30996 (A race condition was addressed with improved state handling. This issu ...) NOT-FOR-US: Apple CVE-2021-30995 (A race condition was addressed with improved state handling. This issu ...) NOT-FOR-US: Apple -CVE-2021-30994 - REJECTED +CVE-2021-30994 (An access issue was addressed with improved access restrictions. This ...) + TODO: check CVE-2021-30993 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2021-30992 (This issue was addressed with improved handling of file metadata. This ...) @@ -72225,8 +72258,8 @@ CVE-2021-30964 (An inherited permissions issue was addressed with additional res NOT-FOR-US: Apple CVE-2021-30963 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple -CVE-2021-30962 - REJECTED +CVE-2021-30962 (A memory initialization issue was addressed with improved memory handl ...) + TODO: check CVE-2021-30961 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2021-30960 (A buffer overflow issue was addressed with improved memory handling. T ...) @@ -72237,8 +72270,8 @@ CVE-2021-30958 (An out-of-bounds read was addressed with improved input validati NOT-FOR-US: Apple CVE-2021-30957 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple -CVE-2021-30956 - REJECTED +CVE-2021-30956 (A lock screen issue allowed access to contacts on a locked device. Thi ...) + TODO: check CVE-2021-30955 (A race condition was addressed with improved state handling. This issu ...) NOT-FOR-US: Apple CVE-2021-30954 (A type confusion issue was addressed with improved memory handling. Th ...) @@ -72277,10 +72310,10 @@ CVE-2021-30946 (A logic issue was addressed with improved restrictions. This iss NOT-FOR-US: Apple CVE-2021-30945 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple -CVE-2021-30944 - REJECTED -CVE-2021-30943 - REJECTED +CVE-2021-30944 (Description: A logic issue was addressed with improved state managemen ...) + TODO: check +CVE-2021-30943 (An issue in the handling of group membership was resolved with improve ...) + TODO: check CVE-2021-30942 (Description: A memory corruption issue in the processing of ICC profil ...) NOT-FOR-US: Apple CVE-2021-30941 (A buffer overflow issue was addressed with improved memory handling. T ...) @@ -72307,8 +72340,8 @@ CVE-2021-30934 (A buffer overflow issue was addressed with improved memory handl [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) - wpewebkit 2.34.4-1 NOTE: https://webkitgtk.org/security/WSA-2022-0001.html -CVE-2021-30933 - REJECTED +CVE-2021-30933 (A race condition was addressed with improved state handling. This issu ...) + TODO: check CVE-2021-30932 (The issue was addressed with improved permissions logic. This issue is ...) NOT-FOR-US: Apple CVE-2021-30931 (A logic issue was addressed with improved validation. This issue is fi ...) @@ -157970,6 +158003,7 @@ CVE-2020-9404 (In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are CVE-2020-9403 (In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stor ...) NOT-FOR-US: PACTware CVE-2020-9402 (Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 al ...) + {DLA-3024-1} - python-django 2:2.2.11-1 (low; bug #953102) [buster] - python-django 1:1.11.29-1~deb10u1 [jessie] - python-django <not-affected> (Vulnerable code introduced later) @@ -202275,6 +202309,7 @@ CVE-2019-13034 CVE-2016-10761 (Logitech Unifying devices before 2016-02-26 allow keystroke injection, ...) NOT-FOR-US: Logitech CVE-2019-13045 (Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when S ...) + {DLA-3025-1} - irssi 1.2.1-1 (low; bug #931264) [buster] - irssi 1.2.0-2+deb10u1 [jessie] - irssi <not-affected> (vulnerable sasl code is not present) @@ -224126,6 +224161,7 @@ CVE-2019-5431 (This vulnerability was caused by an incomplete fix to CVE-2017-09 CVE-2019-5430 (In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, i ...) NOT-FOR-US: Ubiquiti Networks UniFi Video CVE-2019-5429 (Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacke ...) + {DLA-3026-1} - filezilla 3.45.1-1 (low; bug #928282) [buster] - filezilla 3.39.0-2+deb10u1 [jessie] - filezilla <no-dsa> (Minor issue) |