Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7e320629 by security tracker role at 2022-03-08T20:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,221 @@
+CVE-2022-26776
+ RESERVED
+CVE-2022-26775
+ RESERVED
+CVE-2022-26774
+ RESERVED
+CVE-2022-26773
+ RESERVED
+CVE-2022-26772
+ RESERVED
+CVE-2022-26771
+ RESERVED
+CVE-2022-26770
+ RESERVED
+CVE-2022-26769
+ RESERVED
+CVE-2022-26768
+ RESERVED
+CVE-2022-26767
+ RESERVED
+CVE-2022-26766
+ RESERVED
+CVE-2022-26765
+ RESERVED
+CVE-2022-26764
+ RESERVED
+CVE-2022-26763
+ RESERVED
+CVE-2022-26762
+ RESERVED
+CVE-2022-26761
+ RESERVED
+CVE-2022-26760
+ RESERVED
+CVE-2022-26759
+ RESERVED
+CVE-2022-26758
+ RESERVED
+CVE-2022-26757
+ RESERVED
+CVE-2022-26756
+ RESERVED
+CVE-2022-26755
+ RESERVED
+CVE-2022-26754
+ RESERVED
+CVE-2022-26753
+ RESERVED
+CVE-2022-26752
+ RESERVED
+CVE-2022-26751
+ RESERVED
+CVE-2022-26750
+ RESERVED
+CVE-2022-26749
+ RESERVED
+CVE-2022-26748
+ RESERVED
+CVE-2022-26747
+ RESERVED
+CVE-2022-26746
+ RESERVED
+CVE-2022-26745
+ RESERVED
+CVE-2022-26744
+ RESERVED
+CVE-2022-26743
+ RESERVED
+CVE-2022-26742
+ RESERVED
+CVE-2022-26741
+ RESERVED
+CVE-2022-26740
+ RESERVED
+CVE-2022-26739
+ RESERVED
+CVE-2022-26738
+ RESERVED
+CVE-2022-26737
+ RESERVED
+CVE-2022-26736
+ RESERVED
+CVE-2022-26735
+ RESERVED
+CVE-2022-26734
+ RESERVED
+CVE-2022-26733
+ RESERVED
+CVE-2022-26732
+ RESERVED
+CVE-2022-26731
+ RESERVED
+CVE-2022-26730
+ RESERVED
+CVE-2022-26729
+ RESERVED
+CVE-2022-26728
+ RESERVED
+CVE-2022-26727
+ RESERVED
+CVE-2022-26726
+ RESERVED
+CVE-2022-26725
+ RESERVED
+CVE-2022-26724
+ RESERVED
+CVE-2022-26723
+ RESERVED
+CVE-2022-26722
+ RESERVED
+CVE-2022-26721
+ RESERVED
+CVE-2022-26720
+ RESERVED
+CVE-2022-26719
+ RESERVED
+CVE-2022-26718
+ RESERVED
+CVE-2022-26717
+ RESERVED
+CVE-2022-26716
+ RESERVED
+CVE-2022-26715
+ RESERVED
+CVE-2022-26714
+ RESERVED
+CVE-2022-26713
+ RESERVED
+CVE-2022-26712
+ RESERVED
+CVE-2022-26711
+ RESERVED
+CVE-2022-26710
+ RESERVED
+CVE-2022-26709
+ RESERVED
+CVE-2022-26708
+ RESERVED
+CVE-2022-26707
+ RESERVED
+CVE-2022-26706
+ RESERVED
+CVE-2022-26705
+ RESERVED
+CVE-2022-26704
+ RESERVED
+CVE-2022-26703
+ RESERVED
+CVE-2022-26702
+ RESERVED
+CVE-2022-26701
+ RESERVED
+CVE-2022-26700
+ RESERVED
+CVE-2022-26699
+ RESERVED
+CVE-2022-26698
+ RESERVED
+CVE-2022-26697
+ RESERVED
+CVE-2022-26696
+ RESERVED
+CVE-2022-26695
+ RESERVED
+CVE-2022-26694
+ RESERVED
+CVE-2022-26693
+ RESERVED
+CVE-2022-26692
+ RESERVED
+CVE-2022-26691
+ RESERVED
+CVE-2022-26690
+ RESERVED
+CVE-2022-26689
+ RESERVED
+CVE-2022-26688
+ RESERVED
+CVE-2022-26687
+ RESERVED
+CVE-2022-26686
+ RESERVED
+CVE-2022-26685
+ RESERVED
+CVE-2022-26684
+ RESERVED
+CVE-2022-26683
+ RESERVED
+CVE-2022-26682
+ RESERVED
+CVE-2022-26681
+ RESERVED
+CVE-2022-26680
+ RESERVED
+CVE-2022-26679
+ RESERVED
+CVE-2022-26678
+ RESERVED
+CVE-2022-26677
+ RESERVED
+CVE-2022-0889
+ RESERVED
+CVE-2022-0888
+ RESERVED
+CVE-2022-0887
+ RESERVED
+CVE-2022-0886
+ RESERVED
+CVE-2022-0885
+ RESERVED
+CVE-2022-0884
+ RESERVED
+CVE-2022-0883
+ RESERVED
+CVE-2022-0882
+ RESERVED
+CVE-2022-0881
+ RESERVED
CVE-2022-XXXX [arbitrary PHP code execution]
- spip <unfixed>
[bullseye] - spip 3.2.11-3+deb11u3
@@ -303,8 +521,8 @@ CVE-2022-0879
RESERVED
CVE-2022-0878
RESERVED
-CVE-2022-0877
- RESERVED
+CVE-2022-0877 (Cross-site Scripting (XSS) - Stored in GitHub repository
bookstackapp/ ...)
+ TODO: check
CVE-2022-0876
RESERVED
CVE-2022-0875
@@ -408,14 +626,14 @@ CVE-2022-26490 (st21nfca_connectivity_event_received in
drivers/nfc/st21nfca/se.
NOTE:
https://git.kernel.org/linux/4fbcc1a4cb20fe26ad0225679c536c80f1648221 (5.17-rc1)
CVE-2022-26486
RESERVED
- {DSA-5090-1 DLA-2933-1}
+ {DSA-5094-1 DSA-5090-1 DLA-2933-1}
- firefox <unfixed>
- firefox-esr 91.6.1esr-1
- thunderbird 1:91.6.2-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/#CVE-2022-26486
CVE-2022-26485
RESERVED
- {DSA-5090-1 DLA-2933-1}
+ {DSA-5094-1 DSA-5090-1 DLA-2933-1}
- firefox <unfixed>
- firefox-esr 91.6.1esr-1
- thunderbird 1:91.6.2-1
@@ -607,8 +825,8 @@ CVE-2022-0858
RESERVED
CVE-2022-0857
RESERVED
-CVE-2022-0856
- RESERVED
+CVE-2022-0856 (libcaca is affected by a Divide By Zero issue via img2txt,
which allow ...)
+ TODO: check
CVE-2022-0855 (Improper Resolution of Path Equivalence in GitHub repository
microwebe ...)
NOT-FOR-US: microweber (whmcs_plugin)
CVE-2022-0854
@@ -871,7 +1089,7 @@ CVE-2022-0813
CVE-2022-0811
RESERVED
CVE-2022-26333
- RESERVED
+ REJECTED
CVE-2022-26332 (Cipi 3.1.15 allows Add Server stored XSS via the /api/servers
name fie ...)
NOT-FOR-US: Cipi
CVE-2022-26331
@@ -902,16 +1120,16 @@ CVE-2022-26319
RESERVED
CVE-2022-26318 (On WatchGuard Firebox and XTM appliances, an unauthenticated
user can ...)
NOT-FOR-US: WatchGuard
-CVE-2022-26317
- RESERVED
+CVE-2022-26317 (A vulnerability has been identified in Mendix Applications
using Mendi ...)
+ TODO: check
CVE-2022-26316
RESERVED
CVE-2022-26315 (qrcp through 0.8.4, in receive mode, allows ../ Directory
Traversal vi ...)
NOT-FOR-US: qrcp
-CVE-2022-26314
- RESERVED
-CVE-2022-26313
- RESERVED
+CVE-2022-26314 (A vulnerability has been identified in Mendix Forgot Password
Appstore ...)
+ TODO: check
+CVE-2022-26313 (A vulnerability has been identified in Mendix Forgot Password
Appstore ...)
+ TODO: check
CVE-2022-26312
RESERVED
CVE-2022-26311 (Couchbase Operator 2.2.x before 2.2.3 exposes Sensitive
Information to ...)
@@ -1546,16 +1764,16 @@ CVE-2022-26106
RESERVED
CVE-2022-26105
RESERVED
-CVE-2022-26104
- RESERVED
-CVE-2022-26103
- RESERVED
-CVE-2022-26102
- RESERVED
-CVE-2022-26101
- RESERVED
-CVE-2022-26100
- RESERVED
+CVE-2022-26104 (SAP Financial Consolidation - version 10.1, does not perform
necessary ...)
+ TODO: check
+CVE-2022-26103 (Under certain conditions, SAP NetWeaver (Real Time Messaging
Framework ...)
+ TODO: check
+CVE-2022-26102 (Due to missing authorization check, SAP NetWeaver Application
Server f ...)
+ TODO: check
+CVE-2022-26101 (Fiori launchpad - versions 754, 755, 756, does not
sufficiently encode ...)
+ TODO: check
+CVE-2022-26100 (SAPCAR - version 7.22, does not contain sufficient input
validation on ...)
+ TODO: check
CVE-2022-26099
RESERVED
CVE-2022-26098
@@ -2135,40 +2353,40 @@ CVE-2022-25832
RESERVED
CVE-2022-25831
RESERVED
-CVE-2022-25830
- RESERVED
-CVE-2022-25829
- RESERVED
-CVE-2022-25828
- RESERVED
-CVE-2022-25827
- RESERVED
-CVE-2022-25826
- RESERVED
-CVE-2022-25825
- RESERVED
-CVE-2022-25824
- RESERVED
-CVE-2022-25823
- RESERVED
-CVE-2022-25822
- RESERVED
-CVE-2022-25821
- RESERVED
-CVE-2022-25820
- RESERVED
-CVE-2022-25819
- RESERVED
-CVE-2022-25818
- RESERVED
-CVE-2022-25817
- RESERVED
-CVE-2022-25816
- RESERVED
-CVE-2022-25815
- RESERVED
-CVE-2022-25814
- RESERVED
+CVE-2022-25830 (Information Exposure vulnerability in Galaxy Watch3 Plugin
prior to ve ...)
+ TODO: check
+CVE-2022-25829 (Information Exposure vulnerability in Watch Active2 Plugin
prior to ve ...)
+ TODO: check
+CVE-2022-25828 (Information Exposure vulnerability in Watch Active Plugin
prior to ver ...)
+ TODO: check
+CVE-2022-25827 (Information Exposure vulnerability in Galaxy Watch Plugin
prior to ver ...)
+ TODO: check
+CVE-2022-25826 (Information Exposure vulnerability in Galaxy S3 Plugin prior
to versio ...)
+ TODO: check
+CVE-2022-25825 (Improper access control vulnerability in Samsung Account prior
to vers ...)
+ TODO: check
+CVE-2022-25824 (Improper access control vulnerability in BixbyTouch prior to
version 2 ...)
+ TODO: check
+CVE-2022-25823 (Information Exposure vulnerability in Galaxy Watch Plugin
prior to ver ...)
+ TODO: check
+CVE-2022-25822 (An use after free vulnerability in sdp driver prior to SMR
Mar-2022 Re ...)
+ TODO: check
+CVE-2022-25821 (Improper use of SMS buffer pointer in Shannon baseband prior
to SMR Ma ...)
+ TODO: check
+CVE-2022-25820 (A vulnerable design in fingerprint matching algorithm prior to
SMR Mar ...)
+ TODO: check
+CVE-2022-25819 (OOB read vulnerability in hdcp2 device node prior to SMR
Mar-2022 Rele ...)
+ TODO: check
+CVE-2022-25818 (Improper boundary check in UWB stack prior to SMR Mar-2022
Release 1 a ...)
+ TODO: check
+CVE-2022-25817 (Improper authentication in One UI Home prior to SMR Mar-2022
Release 1 ...)
+ TODO: check
+CVE-2022-25816 (Improper authentication in Samsung Lock and mask apps setting
prior to ...)
+ TODO: check
+CVE-2022-25815 (PendingIntent hijacking vulnerability in Weather application
prior to ...)
+ TODO: check
+CVE-2022-25814 (PendingIntent hijacking vulnerability in Wearable Manager
Installer pr ...)
+ TODO: check
CVE-2022-0743 (Cross-site Scripting (XSS) - Stored in GitHub repository
getgrav/grav ...)
NOT-FOR-US: Grav CMS
CVE-2019-25058 (An issue was discovered in USBGuard before 1.1.0. On systems
with the ...)
@@ -3433,8 +3651,8 @@ CVE-2022-25313 (In Expat (aka libexpat) before 2.4.5, an
attacker can trigger st
- expat 2.4.5-1
NOTE: https://github.com/libexpat/libexpat/pull/558
NOTE:
https://github.com/libexpat/libexpat/commit/9b4ce651b26557f16103c3a366c91934ecd439ab
-CVE-2022-25311
- RESERVED
+CVE-2022-25311 (A vulnerability has been identified in SINEC NMS (All
versions). The a ...)
+ TODO: check
CVE-2022-25310
RESERVED
CVE-2022-25309
@@ -3761,8 +3979,8 @@ CVE-2022-25227
RESERVED
CVE-2022-25226
RESERVED
-CVE-2022-25225
- RESERVED
+CVE-2022-25225 (Network Olympus version 1.8.0 allows an authenticated admin
user to in ...)
+ TODO: check
CVE-2022-25224
RESERVED
CVE-2022-25223
@@ -4616,16 +4834,16 @@ CVE-2022-24934
RESERVED
CVE-2022-24933
RESERVED
-CVE-2022-24932
- RESERVED
-CVE-2022-24931
- RESERVED
-CVE-2022-24930
- RESERVED
-CVE-2022-24929
- RESERVED
-CVE-2022-24928
- RESERVED
+CVE-2022-24932 (Improper Protection of Alternate Path vulnerability in Setup
wizard pr ...)
+ TODO: check
+CVE-2022-24931 (Improper access control vulnerability in dynamic receiver in
ApkInstal ...)
+ TODO: check
+CVE-2022-24930 (An Improper access control vulnerability in
StRetailModeReceiver in We ...)
+ TODO: check
+CVE-2022-24929 (Unprotected Activity in AppLock prior to SMR Mar-2022 Release
1 allows ...)
+ TODO: check
+CVE-2022-24928 (Security misconfiguration of RKP in kernel prior to SMR
Mar-2022 Relea ...)
+ TODO: check
CVE-2022-24927 (Improper privilege management vulnerability in Samsung Video
Player pr ...)
NOT-FOR-US: Samsung
CVE-2022-24926 (Improper input validation vulnerability in SmartTagPlugin
prior to ver ...)
@@ -5065,8 +5283,8 @@ CVE-2022-24715
RESERVED
CVE-2022-24714
RESERVED
-CVE-2022-24713
- RESERVED
+CVE-2022-24713 (regex is an implementation of regular expressions for the Rust
languag ...)
+ TODO: check
CVE-2022-24712 (CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP
full-stack web fr ...)
- codeigniter <itp> (bug #471583)
CVE-2022-24711 (CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP
full-stack web fr ...)
@@ -5345,8 +5563,7 @@ CVE-2022-0518 (Heap-based Buffer Overflow in GitHub
repository radareorg/radare2
NOTE:
https://github.com/radareorg/radare2/commit/9650e3c352f675687bf6c6f65ff2c4a3d0e288fa
CVE-2022-0517
RESERVED
-CVE-2022-0516 [KVM: s390: Return error on SIDA memop on normal guest]
- RESERVED
+CVE-2022-0516 (A vulnerability was found in kvm_s390_guest_sida_op in the
arch/s390/k ...)
{DSA-5092-1}
- linux 5.16.10-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -5361,8 +5578,8 @@ CVE-2022-24663 (PHP Everywhere <= 2.0.3 included
functionality that allowed e
NOT-FOR-US: PHP Everywhere
CVE-2022-24662
RESERVED
-CVE-2022-24661
- RESERVED
+CVE-2022-24661 (A vulnerability has been identified in Simcenter STAR-CCM+
Viewer (All ...)
+ TODO: check
CVE-2022-24660
RESERVED
CVE-2022-24659
@@ -5913,8 +6130,8 @@ CVE-2013-20004 (StarWind iSCSI SAN before 6.0 build
2013-03-20 allows a memory l
NOT-FOR-US: StarWind
CVE-2007-20001 (StarWind iSCSI SAN before 3.5 build 2007-08-09 allows socket
exhaustio ...)
NOT-FOR-US: StarWind
-CVE-2022-24408
- RESERVED
+CVE-2022-24408 (A vulnerability has been identified in SINUMERIK MC (All
versions < ...)
+ TODO: check
CVE-2022-0501 (Cross-site Scripting (XSS) - Reflected in Packagist
ptrofimov/beanstal ...)
NOT-FOR-US: beanstalk_console
CVE-2022-0500
@@ -6003,16 +6220,16 @@ CVE-2022-0489
NOTE:
https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/
CVE-2022-0488
RESERVED
-CVE-2022-24399
- RESERVED
-CVE-2022-24398
- RESERVED
+CVE-2022-24399 (The SAP Focused Run (Real User Monitoring) - versions 200,
300, REST s ...)
+ TODO: check
+CVE-2022-24398 (Under certain conditions SAP Business Objects Business
Intelligence Pl ...)
+ TODO: check
CVE-2022-24397
RESERVED
-CVE-2022-24396
- RESERVED
-CVE-2022-24395
- RESERVED
+CVE-2022-24396 (The Simple Diagnostics Agent - versions 1.0 up to version
1.57, does n ...)
+ TODO: check
+CVE-2022-24395 (SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20,
7.30, 7.3 ...)
+ TODO: check
CVE-2022-24394
RESERVED
CVE-2022-24393
@@ -6214,8 +6431,8 @@ CVE-2022-24311 (A CWE-22: Improper Limitation of a
Pathname to a Restricted Dire
NOT-FOR-US: Schneider Electric
CVE-2022-24310 (A CWE-190: Integer Overflow or Wraparound vulnerability exists
that co ...)
NOT-FOR-US: Schneider Electric
-CVE-2022-24309
- RESERVED
+CVE-2022-24309 (A vulnerability has been identified in Mendix Applications
using Mendi ...)
+ TODO: check
CVE-2022-0480
RESERVED
- linux 5.15.3-1
@@ -6514,10 +6731,10 @@ CVE-2021-4218
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2048359
NOTE: Issue is specific to CentOS/RHEL. In mainline, xprtrdma always
used copy_to_user()
NOTE: until the general conversion of sysctls to use a kernel buffer.
-CVE-2022-24282
- RESERVED
-CVE-2022-24281
- RESERVED
+CVE-2022-24282 (A vulnerability has been identified in SINEC NMS (All
versions). The a ...)
+ TODO: check
+CVE-2022-24281 (A vulnerability has been identified in SINEC NMS (All
versions). A pri ...)
+ TODO: check
CVE-2022-24280
RESERVED
CVE-2022-24277
@@ -12716,8 +12933,8 @@ CVE-2022-22549
RESERVED
CVE-2022-22548
RESERVED
-CVE-2022-22547
- RESERVED
+CVE-2022-22547 (Simple Diagnostics Agent - versions 1.0 (up to version 1.57.),
allows ...)
+ TODO: check
CVE-2022-22546 (Due to improper HTML encoding in input control summary, an
authorized ...)
NOT-FOR-US: SAP
CVE-2022-22545 (A high privileged user who has access to transaction SM59 can
read con ...)
@@ -18241,8 +18458,7 @@ CVE-2021-44790 (A carefully crafted request body can
cause a buffer overflow in
- apache2 2.4.52-1
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-44790
NOTE: Fixed by: https://svn.apache.org/r1896039
-CVE-2021-4095
- RESERVED
+CVE-2021-4095 (A NULL pointer dereference was found in the Linux kernel's KVM
when di ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code introduced later)
[buster] - linux <not-affected> (Vulnerable code introduced later)
@@ -19278,8 +19494,8 @@ CVE-2021-44480 (Wokka Lokka Q50 devices through
2021-11-30 allow remote attacker
NOT-FOR-US: Wokka Lokka Q50 devices
CVE-2021-44479 (NXP Kinetis K82 devices have a buffer over-read via a crafted
wlength ...)
NOT-FOR-US: NXP Kinetis K82 devices
-CVE-2021-44478
- RESERVED
+CVE-2021-44478 (A vulnerability has been identified in Polarion Subversion
Webclient ( ...)
+ TODO: check
CVE-2021-4038 (Cross Site Scripting (XSS) vulnerability in McAfee Network
Security Ma ...)
NOT-FOR-US: McAfee
CVE-2022-21240
@@ -20598,8 +20814,7 @@ CVE-2021-3982 [Distributions using CAP_SYS_NICE in
gnome-shell may be exposed to
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2024174
NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/4711
NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2284
-CVE-2021-3981 [Incorrect permission in grub.cfg allow unprivileged user to
read the file content]
- RESERVED
+CVE-2021-3981 (A flaw in grub2 was found where its configuration file, known
as grub. ...)
- grub2 <unfixed> (bug #1001414)
[bullseye] - grub2 <not-affected> (Vulnerable code introduced later)
[buster] - grub2 <not-affected> (Vulnerable code introduced later)
@@ -20888,6 +21103,7 @@ CVE-2022-21718
CVE-2022-21717
RESERVED
CVE-2022-21716 (Twisted is an event-based framework for internet applications,
support ...)
+ {DLA-2938-1}
- twisted <unfixed>
NOTE:
https://github.com/twisted/twisted/security/advisories/GHSA-rv6r-3f5q-9rgx
NOTE:
https://github.com/twisted/twisted/commit/98387b39e9f0b21462f6abc7a1325dc370fcdeb1
@@ -29050,16 +29266,16 @@ CVE-2021-42022 (A vulnerability has been identified
in SIMATIC eaSie PCS 7 Skill
NOT-FOR-US: Siemens
CVE-2021-42021 (A vulnerability has been identified in Siveillance Video DLNA
Server ( ...)
NOT-FOR-US: Siemens
-CVE-2021-42020
- RESERVED
-CVE-2021-42019
- RESERVED
-CVE-2021-42018
- RESERVED
-CVE-2021-42017
- RESERVED
-CVE-2021-42016
- RESERVED
+CVE-2021-42020 (A vulnerability has been identified in RUGGEDCOM ROS M2100
(All versio ...)
+ TODO: check
+CVE-2021-42019 (A vulnerability has been identified in RUGGEDCOM ROS M2100
(All versio ...)
+ TODO: check
+CVE-2021-42018 (A vulnerability has been identified in RUGGEDCOM ROS M2100
(All versio ...)
+ TODO: check
+CVE-2021-42017 (A vulnerability has been identified in RUGGEDCOM ROS M2100
(All versio ...)
+ TODO: check
+CVE-2021-42016 (A vulnerability has been identified in RUGGEDCOM ROS M2100
(All versio ...)
+ TODO: check
CVE-2021-42015 (A vulnerability has been identified in Mendix Applications
using Mendi ...)
NOT-FOR-US: Siemens
CVE-2021-42014
@@ -30232,12 +30448,12 @@ CVE-2021-41545
RESERVED
CVE-2021-41544
RESERVED
-CVE-2021-41543
- RESERVED
-CVE-2021-41542
- RESERVED
-CVE-2021-41541
- RESERVED
+CVE-2021-41543 (A vulnerability has been identified in Climatix POL909 (AWB
module) (A ...)
+ TODO: check
+CVE-2021-41542 (A vulnerability has been identified in Climatix POL909 (AWB
module) (A ...)
+ TODO: check
+CVE-2021-41541 (A vulnerability has been identified in Climatix POL909 (AWB
module) (A ...)
+ TODO: check
CVE-2021-41540 (A vulnerability has been identified in Solid Edge SE2021 (All
versions ...)
NOT-FOR-US: Siemens
CVE-2021-41539 (A vulnerability has been identified in Solid Edge SE2021 (All
versions ...)
@@ -30955,12 +31171,12 @@ CVE-2021-41243 (There is a Potential Zip Slip
Vulnerability and OS Command Injec
NOT-FOR-US: baserCMS
CVE-2021-41242 (OpenOlat is a web-basedlearning management system. A path
traversal vu ...)
NOT-FOR-US: OpenOlat
-CVE-2021-41241
- RESERVED
+CVE-2021-41241 (Nextcloud server is a self hosted system designed to provide
cloud sty ...)
+ TODO: check
CVE-2021-41240
RESERVED
-CVE-2021-41239
- RESERVED
+CVE-2021-41239 (Nextcloud server is a self hosted system designed to provide
cloud sty ...)
+ TODO: check
CVE-2021-41238 (Hangfire is an open source system to perform background job
processing ...)
NOT-FOR-US: Hangfire
CVE-2021-41237
@@ -31105,10 +31321,10 @@ CVE-2021-41182 (jQuery-UI is the official jQuery user
interface library. Prior t
NOTE:
https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc
NOTE:
https://github.com/jquery/jquery-ui/commit/32850869d308d5e7c9bf3e3b4d483ea886d373ce
NOTE: https://www.drupal.org/sa-core-2022-002
-CVE-2021-41181
- RESERVED
-CVE-2021-41180
- RESERVED
+CVE-2021-41181 (Nextcloud talk is a self hosting messaging service. In
versions prior ...)
+ TODO: check
+CVE-2021-41180 (Nextcloud talk is a self hosting messaging service. In
versions prior ...)
+ TODO: check
CVE-2021-41179 (Nextcloud is an open-source, self-hosted productivity
platform. Prior ...)
- nextcloud-server <itp> (bug #941708)
CVE-2021-41178 (Nextcloud is an open-source, self-hosted productivity
platform. Prior ...)
@@ -33159,7 +33375,7 @@ CVE-2021-40368
RESERVED
CVE-2021-40367
RESERVED
-CVE-2021-40366 (A vulnerability has been identified in Climatix POL909 (AWM
module) (A ...)
+CVE-2021-40366 (A vulnerability has been identified in Climatix POL909 (AWB
module) (A ...)
NOT-FOR-US: Siemens
CVE-2021-40365
RESERVED
@@ -38067,8 +38283,7 @@ CVE-2021-38366 (Sitecore through 10.1, when Update
Center is enabled, allows rem
NOT-FOR-US: Sitecore
CVE-2021-38365 (Winner (aka ToneWinner) desktop speakers through 2021-08-09
allow remo ...)
NOT-FOR-US: Winner (aka ToneWinner) desktop speakers
-CVE-2021-3698 [authenticates with revoked certificates]
- RESERVED
+CVE-2021-3698 (A flaw was found in Cockpit in versions prior to 260 in the way
it han ...)
- cockpit 260-1
[bullseye] - cockpit <no-dsa> (Minor issue)
[buster] - cockpit <not-affected> (Vulnerable code not present,
introduced in 208)
@@ -41094,10 +41309,10 @@ CVE-2021-37211 (The bulletin function of Flygo does
not filter special character
NOT-FOR-US: Flygo
CVE-2021-37210
RESERVED
-CVE-2021-37209
- RESERVED
-CVE-2021-37208
- RESERVED
+CVE-2021-37209 (A vulnerability has been identified in RUGGEDCOM ROS M2100
(All versio ...)
+ TODO: check
+CVE-2021-37208 (A vulnerability has been identified in RUGGEDCOM ROS M2100
(All versio ...)
+ TODO: check
CVE-2021-37207 (A vulnerability has been identified in SENTRON powermanager V3
(All ve ...)
NOT-FOR-US: Siemens
CVE-2021-37206 (A vulnerability has been identified in SIPROTEC 5 relays with
CPU vari ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e32062930f3f70582ddddcaf30cf082d86f9dbf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e32062930f3f70582ddddcaf30cf082d86f9dbf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
