Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
039f20e7 by security tracker role at 2023-08-22T20:12:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,101 @@
+CVE-2023-4475 (An Arbitrary File Movement vulnerability was found in ASUSTOR
Data Mas ...)
+ TODO: check
+CVE-2023-4303 (Jenkins Fortify Plugin 22.1.38 and earlier does not escape the
error m ...)
+ TODO: check
+CVE-2023-4212 (A command injection vulnerability exists in Trane XL824, XL850,
XL1050 ...)
+ TODO: check
+CVE-2023-3699 (An Improper Privilege Management vulnerability was found in
ASUSTOR Da ...)
+ TODO: check
+CVE-2023-39599 (Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0
allows att ...)
+ TODO: check
+CVE-2023-39141 (webui-aria2 commit 4fe2e was discovered to contain a path
traversal vu ...)
+ TODO: check
+CVE-2023-38996 (An issue in all versions of Douran DSGate allows a local
authenticated ...)
+ TODO: check
+CVE-2023-38909 (An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and
Tapo Applic ...)
+ TODO: check
+CVE-2023-38908 (An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and
Tapo Applic ...)
+ TODO: check
+CVE-2023-38906 (An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and
Tapo Applic ...)
+ TODO: check
+CVE-2023-38732 (IBM Robotic Process Automation 21.0.0 through 21.0.7 server
could allo ...)
+ TODO: check
+CVE-2023-38668 (Stack-based buffer over-read in disasm in nasm 2.16 allows
attackers t ...)
+ TODO: check
+CVE-2023-38667 (Stack-based buffer over-read in function disasm in nasm 2.16
allows at ...)
+ TODO: check
+CVE-2023-38666 (Bento4 v1.6.0-639 was discovered to contain a segmentation
violation v ...)
+ TODO: check
+CVE-2023-38665 (Null pointer dereference in ieee_write_file in nasm 2.16rc0
allows att ...)
+ TODO: check
+CVE-2023-37440 (A vulnerability in the web-based management interfaceof
EdgeConnect SD ...)
+ TODO: check
+CVE-2023-37439 (Multiple vulnerabilities in the web-based managementinterface
of EdgeC ...)
+ TODO: check
+CVE-2023-37438 (Multiple vulnerabilities in the web-based managementinterface
of EdgeC ...)
+ TODO: check
+CVE-2023-37437 (Multiple vulnerabilities in the web-based managementinterface
of EdgeC ...)
+ TODO: check
+CVE-2023-37436 (Multiple vulnerabilities in the web-based managementinterface
of EdgeC ...)
+ TODO: check
+CVE-2023-37435 (Multiple vulnerabilities in the web-based managementinterface
of EdgeC ...)
+ TODO: check
+CVE-2023-37434 (Multiple vulnerabilities in the web-based managementinterface
of EdgeC ...)
+ TODO: check
+CVE-2023-37433 (Multiple vulnerabilities in the web-based managementinterface
of EdgeC ...)
+ TODO: check
+CVE-2023-37432 (Multiple vulnerabilities in the web-based managementinterface
of EdgeC ...)
+ TODO: check
+CVE-2023-37431 (Multiple vulnerabilities in the web-based managementinterface
of EdgeC ...)
+ TODO: check
+CVE-2023-37430 (Multiple vulnerabilities in the web-based managementinterface
of EdgeC ...)
+ TODO: check
+CVE-2023-37429 (Multiple vulnerabilities in the web-based managementinterface
of EdgeC ...)
+ TODO: check
+CVE-2023-37428 (A vulnerability in the EdgeConnect SD-WAN
Orchestratorweb-based manage ...)
+ TODO: check
+CVE-2023-37427 (A vulnerability in the web-based management interface
ofEdgeConnect SD ...)
+ TODO: check
+CVE-2023-37426 (EdgeConnect SD-WAN Orchestrator instances prior to theversions
resolve ...)
+ TODO: check
+CVE-2023-37425 (A vulnerability in the web-based management interfaceof
EdgeConnect SD ...)
+ TODO: check
+CVE-2023-37424 (A vulnerability in the web-based management interfaceof
EdgeConnect SD ...)
+ TODO: check
+CVE-2023-37423 (Vulnerabilities in the web-based management interface of
EdgeConnect S ...)
+ TODO: check
+CVE-2023-37422 (Vulnerabilities in the web-based management interface of
EdgeConnect S ...)
+ TODO: check
+CVE-2023-37421 (Vulnerabilities in the web-based management interface of
EdgeConnect S ...)
+ TODO: check
+CVE-2023-36281 (An issue in langchain v.0.0.171 allows a remote attacker to
execute ar ...)
+ TODO: check
+CVE-2023-34853 (Buffer Overflow vulnerability in Supermicro motherboard
X12DPG-QR 1.4b ...)
+ TODO: check
+CVE-2022-48571 (memcached 1.6.7 allows a Denial of Service via multi-packet
uploads in ...)
+ TODO: check
+CVE-2022-48570 (Crypto++ through 8.4 contains a timing side channel in ECDSA
signature ...)
+ TODO: check
+CVE-2022-48566 (An issue was discovered in compare_digest in Lib/hmac.py in
Python thr ...)
+ TODO: check
+CVE-2022-48565 (An XML External Entity (XXE) issue was discovered in Python
through 3. ...)
+ TODO: check
+CVE-2022-48564 (read_ints in plistlib.py in Python through 3.9.1 is vulnerable
to a po ...)
+ TODO: check
+CVE-2022-48560 (A use-after-free exists in Python through 3.9 via heappushpop
in heapq ...)
+ TODO: check
+CVE-2022-48554 (File before 5.43 has an stack-based buffer over-read in
file_copystr i ...)
+ TODO: check
+CVE-2022-48547 (A reflected cross-site scripting (XSS) vulnerability in Cacti
0.8.7g a ...)
+ TODO: check
+CVE-2022-48545 (An infinite recursion in Catalog::findDestInTree can cause
denial of s ...)
+ TODO: check
+CVE-2022-48541 (A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows
remote att ...)
+ TODO: check
+CVE-2022-48538 (In Cacti 1.2.19, there is an authentication bypass in the web
login fu ...)
+ TODO: check
+CVE-2022-48522 (In Perl 5.34.0, function S_find_uninit_var in sv.c has a
stack-based c ...)
+ TODO: check
CVE-2023-XXXX [RUSTSEC-2023-0053: rustls-webpki: CPU denial of service in
certificate path building]
- rust-rustls-webpki <unfixed> (bug #1050298)
NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0053.html
@@ -462,9 +560,9 @@ CVE-2023-32453 (Dell BIOS contains an improper
authentication vulnerability. A m
NOT-FOR-US: Dell
CVE-2023-2737 (Improper log permissions in SafeNet Authentication
ServiceVersion 3.4. ...)
NOT-FOR-US: SafeNet Authentication ServiceVersion
-CVE-2023-4302
+CVE-2023-4302 (A missing permission check in Jenkins Fortify Plugin 22.1.38
and earli ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-4301
+CVE-2023-4301 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Fortify P ...)
NOT-FOR-US: Jenkins plugin
CVE-2023-40351 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Favorite ...)
NOT-FOR-US: Jenkins plugin
@@ -16338,10 +16436,10 @@ CVE-2023-30081
RESERVED
CVE-2023-30080
RESERVED
-CVE-2023-30079
- RESERVED
-CVE-2023-30078
- RESERVED
+CVE-2023-30079 (A stack overflow vulnerability exists in function read_file in
atlibec ...)
+ TODO: check
+CVE-2023-30078 (A stack overflow vulnerability exists in function
econf_writeFile in f ...)
+ TODO: check
CVE-2023-30077 (Judging Management System v1.0 by oretnom23 was discovered to
vulnerab ...)
NOT-FOR-US: Judging Management System
CVE-2023-30076 (Sourcecodester Judging Management System v1.0 is vulnerable to
SQL Inj ...)
@@ -17891,15 +17989,19 @@ CVE-2023-29458 (Duktape is an 3rd-party embeddable
JavaScript engine, with a foc
NOTE: https://support.zabbix.com/browse/ZBX-22989
NOTE: duktape library introduced with
https://github.com/zabbix/zabbix/commit/d43b04665c1ade5b4a9f49db750b8ca6c82e9de2
(5.0.0alpha1)
CVE-2023-29457 (Reflected XSS attacks, occur when a malicious script is
reflected off ...)
+ {DLA-3538-1}
- zabbix <unfixed>
NOTE: https://support.zabbix.com/browse/ZBX-22988
CVE-2023-29456 (URL validation scheme receives input from a user and then
parses it to ...)
+ {DLA-3538-1}
- zabbix <unfixed>
NOTE: https://support.zabbix.com/browse/ZBX-22987
CVE-2023-29455 (Reflected XSS attacks, also known as non-persistent attacks,
occur whe ...)
+ {DLA-3538-1}
- zabbix <unfixed>
NOTE: https://support.zabbix.com/browse/ZBX-22986
CVE-2023-29454 (Stored or persistent cross-site scripting (XSS) is a type of
XSS where ...)
+ {DLA-3538-1}
- zabbix <unfixed>
NOTE: https://support.zabbix.com/browse/ZBX-22985
CVE-2023-29453
@@ -17912,10 +18014,12 @@ CVE-2023-29452 (Currently, geomap configuration
(Administration -> General -> Ge
NOTE: Patches links: https://support.zabbix.com/browse/ZBX-22720
NOTE: vulnerable geopmap widget introduced in version with
https://github.com/zabbix/zabbix/commit/7e6a91149533b17b12c0317968b485e0c98d4ac2
(6.0.0alpha6)
CVE-2023-29451 (Specially crafted string can cause a buffer overrun in the
JSON parser ...)
+ {DLA-3538-1}
- zabbix <unfixed>
[bullseye] - zabbix <not-affected> (5.x not affected)
NOTE: https://support.zabbix.com/browse/ZBX-22587
CVE-2023-29450 (JavaScript pre-processing can be used by the attacker to gain
access t ...)
+ {DLA-3538-1}
- zabbix <unfixed>
NOTE: https://support.zabbix.com/browse/ZBX-22588
NOTE: Patch for 5.0.32rc1:
https://github.com/zabbix/zabbix/commit/c3f1543e4
@@ -28964,12 +29068,12 @@ CVE-2023-25917
RESERVED
CVE-2023-25916
RESERVED
-CVE-2023-25915
- RESERVED
-CVE-2023-25914
- RESERVED
-CVE-2023-25913
- RESERVED
+CVE-2023-25915 (Due to improper input validation, a remote attacker could
execute arbi ...)
+ TODO: check
+CVE-2023-25914 (Due to improper restriction, attackers could retrieve and read
system ...)
+ TODO: check
+CVE-2023-25913 (Because of an authentication flaw an attacker would be capable
of gene ...)
+ TODO: check
CVE-2023-25912 (The webreport generation feature in the Danfoss AK-EM100
allows an una ...)
NOT-FOR-US: Danfoss AK-EM100
CVE-2023-25911 (The Danfoss AK-EM100 web applications allow for OS command
injection t ...)
@@ -33189,7 +33293,7 @@ CVE-2023-24577 (McAfee Total Protection prior to
16.0.50 allows attackers to ele
CVE-2023-24543
RESERVED
CVE-2023-23908 (Improper access control in some 3rd Generation Intel(R)
Xeon(R) Scalab ...)
- {DSA-5474-1}
+ {DSA-5474-1 DLA-3537-1}
- intel-microcode 3.20230808.1 (bug #1043305)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00836.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230808
@@ -33483,14 +33587,14 @@ CVE-2023-24519 (Two OS command injection
vulnerability exist in the vtysh_ubus t
NOT-FOR-US: Milesight UR32L
CVE-2023-24518
RESERVED
-CVE-2023-24517
- RESERVED
-CVE-2023-24516
- RESERVED
-CVE-2023-24515
- RESERVED
-CVE-2023-24514
- RESERVED
+CVE-2023-24517 (Unrestricted Upload of File with Dangerous Type vulnerability
in the P ...)
+ TODO: check
+CVE-2023-24516 (Cross-site Scripting (XSS) vulnerability in the Pandora FMS
Special Da ...)
+ TODO: check
+CVE-2023-24515 (Server-Side Request Forgery (SSRF) vulnerability in API
checker of Pan ...)
+ TODO: check
+CVE-2023-24514 (Cross-site Scripting (XSS) vulnerability in Visual Console
Module of P ...)
+ TODO: check
CVE-2023-23546 (A misconfiguration vulnerability exists in the urvpn_client
functional ...)
NOT-FOR-US: Milesight UR32L
CVE-2023-0507 (Grafana is an open-source platform for monitoring and
observability. ...)
@@ -36380,12 +36484,12 @@ CVE-2023-23589 (The SafeSocks option in Tor before
0.4.7.13 has a logic error in
NOTE:
https://gitlab.torproject.org/tpo/core/tor/-/commit/a282145b3634547ab84ccd959d0537c021ff7ffc
CVE-2023-23566 (A 2-Step Verification problem in Axigen 10.3.3.52 allows an
attacker t ...)
NOT-FOR-US: Axigen
-CVE-2023-23565
- RESERVED
-CVE-2023-23564
- RESERVED
-CVE-2023-23563
- RESERVED
+CVE-2023-23565 (An issue was discovered in Geomatika IsiGeo Web 6.0. It allows
remote ...)
+ TODO: check
+CVE-2023-23564 (An issue was discovered in Geomatika IsiGeo Web 6.0. It allows
remote ...)
+ TODO: check
+CVE-2023-23563 (An issue was discovered in Geomatika IsiGeo Web 6.0. It allows
remote ...)
+ TODO: check
CVE-2023-23562 (Stormshield Endpoint Security 2.3.0 through 2.3.2 has
Incorrect Access ...)
NOT-FOR-US: Stormshield Endpoint Security
CVE-2023-23561 (Stormshield Endpoint Security 2.3.0 through 2.3.2 has
Incorrect Access ...)
@@ -40406,8 +40510,8 @@ CVE-2022-48176 (Netgear routers R7000P before
v1.3.3.154, R6900P before v1.3.3.1
NOT-FOR-US: Netgear
CVE-2022-48175 (Rukovoditel v3.2.1 was discovered to contain a remote code
execution ( ...)
NOT-FOR-US: Rukovoditel
-CVE-2022-48174
- RESERVED
+CVE-2022-48174 (There is a stack overflow vulnerability in ash.c:6030 in
busybox befor ...)
+ TODO: check
CVE-2022-48173
RESERVED
CVE-2022-48172
@@ -40624,12 +40728,12 @@ CVE-2022-48067 (An information disclosure
vulnerability in Totolink A830R V4.1.2
NOT-FOR-US: TOTOLINK
CVE-2022-48066 (An issue in the component global.so of Totolink A830R
V4.1.2cu.5182 al ...)
NOT-FOR-US: TOTOLINK
-CVE-2022-48065
- RESERVED
-CVE-2022-48064
- RESERVED
-CVE-2022-48063
- RESERVED
+CVE-2022-48065 (GNU Binutils before 2.40 was discovered to contain a memory
leak vulne ...)
+ TODO: check
+CVE-2022-48064 (GNU Binutils before 2.40 was discovered to contain an
excessive memory ...)
+ TODO: check
+CVE-2022-48063 (GNU Binutils before 2.40 was discovered to contain an
excessive memory ...)
+ TODO: check
CVE-2022-48062
RESERVED
CVE-2022-48061
@@ -42181,10 +42285,10 @@ CVE-2022-47698 (COMFAST (Shenzhen Sihai Zhonglian
Network Technology Co., Ltd) C
NOT-FOR-US: COMFAST Router
CVE-2022-47697 (COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd)
CF-WR62 ...)
NOT-FOR-US: COMFAST Router
-CVE-2022-47696
- RESERVED
-CVE-2022-47695
- RESERVED
+CVE-2022-47696 (An issue was discovered Binutils objdump before 2.39.3 allows
attacker ...)
+ TODO: check
+CVE-2022-47695 (An issue was discovered Binutils objdump before 2.39.3 allows
attacker ...)
+ TODO: check
CVE-2022-47694
RESERVED
CVE-2022-47693
@@ -42227,8 +42331,8 @@ CVE-2022-47675
RESERVED
CVE-2022-47674
RESERVED
-CVE-2022-47673
- RESERVED
+CVE-2022-47673 (An issue was discovered in Binutils addr2line before 2.39.3,
function ...)
+ TODO: check
CVE-2022-47672
RESERVED
CVE-2022-47671
@@ -45368,8 +45472,8 @@ CVE-2022-47071 (In NVS365 V01, the background network
test function can trigger
NOT-FOR-US: NVS365 V01
CVE-2022-47070 (NVS365 V01 is vulnerable to Incorrect Access Control. After
entering a ...)
NOT-FOR-US: NVS365 V01
-CVE-2022-47069
- RESERVED
+CVE-2022-47069 (p7zip 16.02 was discovered to contain a heap-buffer-overflow
vulnerabi ...)
+ TODO: check
CVE-2022-47068
RESERVED
CVE-2022-47067
@@ -45464,8 +45568,8 @@ CVE-2022-47024 (A null pointer dereference issue was
discovered in function gui_
NOTE: Crash in CLI tool, no security impact
CVE-2022-47023
RESERVED
-CVE-2022-47022
- RESERVED
+CVE-2022-47022 (An issue was discovered in open-mpi hwloc 2.1.0 allows
attackers to ca ...)
+ TODO: check
CVE-2022-47021 (A null pointer dereference issue was discovered in functions
op_get_da ...)
- opusfile 0.12-4 (bug #1030049)
[bullseye] - opusfile <no-dsa> (Minor issue)
@@ -45497,16 +45601,16 @@ CVE-2022-47013
RESERVED
CVE-2022-47012 (Use of uninitialized variable in function gen_eth_recv in GNS3
dynamip ...)
NOT-FOR-US: GNS3
-CVE-2022-47011
- RESERVED
-CVE-2022-47010
- RESERVED
+CVE-2022-47011 (An issue was discovered function parse_stab_struct_fields in
stabs.c i ...)
+ TODO: check
+CVE-2022-47010 (An issue was discovered function pr_function_type in prdbg.c
in Binuti ...)
+ TODO: check
CVE-2022-47009
RESERVED
-CVE-2022-47008
- RESERVED
-CVE-2022-47007
- RESERVED
+CVE-2022-47008 (An issue was discovered function make_tempdir, and
make_tempname in bu ...)
+ TODO: check
+CVE-2022-47007 (An issue was discovered function stab_demangle_v3_arg in
stabs.c in Bi ...)
+ TODO: check
CVE-2022-47006
RESERVED
CVE-2022-47005
@@ -49558,8 +49662,8 @@ CVE-2022-45705
RESERVED
CVE-2022-45704
RESERVED
-CVE-2022-45703
- RESERVED
+CVE-2022-45703 (Heap buffer overflow vulnerability in binutils readelf before
2.40 via ...)
+ TODO: check
CVE-2022-45702
RESERVED
CVE-2022-45701 (Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code
Execution ...)
@@ -49747,8 +49851,8 @@ CVE-2022-45613 (Book Store Management System v1.0 was
discovered to contain a cr
NOT-FOR-US: Book Store Management System
CVE-2022-45612
RESERVED
-CVE-2022-45611
- RESERVED
+CVE-2022-45611 (An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0
allows ...)
+ TODO: check
CVE-2022-45610
RESERVED
CVE-2022-45609
@@ -49805,8 +49909,8 @@ CVE-2022-45584
RESERVED
CVE-2022-45583
RESERVED
-CVE-2022-45582
- RESERVED
+CVE-2022-45582 (Open Redirect vulnerability in Horizon Web Dashboard 19.4.0
thru 20.1. ...)
+ TODO: check
CVE-2022-45581
RESERVED
CVE-2022-45580
@@ -52210,8 +52314,8 @@ CVE-2022-44842
RESERVED
CVE-2022-44841
RESERVED
-CVE-2022-44840
- RESERVED
+CVE-2022-44840 (Heap buffer overflow vulnerability in binutils readelf before
2.40 via ...)
+ TODO: check
CVE-2022-44839
RESERVED
CVE-2022-44838 (Automotive Shop Management System v1.0 was discovered to
contain a SQL ...)
@@ -52515,10 +52619,10 @@ CVE-2022-44748 (A directory traversal vulnerability
in the ZIP archive extractio
NOT-FOR-US: KNIME
CVE-2022-44731 (A vulnerability has been identified in SIMATIC WinCC OA V3.15
(All ver ...)
NOT-FOR-US: Siemens
-CVE-2022-44730
- RESERVED
-CVE-2022-44729
- RESERVED
+CVE-2022-44730 (Server-Side Request Forgery (SSRF) vulnerability in Apache
Software Fo ...)
+ TODO: check
+CVE-2022-44729 (Server-Side Request Forgery (SSRF) vulnerability in Apache
Software Fo ...)
+ TODO: check
CVE-2022-44728
RESERVED
CVE-2022-44727 (The EU Cookie Law GDPR (Banner + Blocker) module before 2.1.3
for Pres ...)
@@ -54972,8 +55076,8 @@ CVE-2022-44217
RESERVED
CVE-2022-44216 (Gnuboard 5.5.4 and 5.5.5 is vulnerable to Insecure
Permissions. An att ...)
NOT-FOR-US: Gnuboard
-CVE-2022-44215
- RESERVED
+CVE-2022-44215 (There is an open redirect vulnerability in Titan FTP server
19.0 and b ...)
+ TODO: check
CVE-2022-44214
RESERVED
CVE-2022-44213 (ZKTeco Xiamen Information Technology ZKBio ECO ADMS <=3.1-164
is vulne ...)
@@ -58567,6 +58671,7 @@ CVE-2022-43517 (A vulnerability has been identified in
Simcenter STAR-CCM+ (All
CVE-2022-43516 (A Firewall Rule which allows all incoming TCP connections to
all progr ...)
- zabbix <not-affected> (Specific to Windows)
CVE-2022-43515 (Zabbix Frontend provides a feature that allows admins to
maintain the ...)
+ {DLA-3538-1}
- zabbix 1:6.0.13+dfsg-1 (bug #1026847)
[bullseye] - zabbix <ignored> (Minor issue)
NOTE: https://support.zabbix.com/browse/ZBX-22050
@@ -59172,10 +59277,10 @@ CVE-2022-43360
RESERVED
CVE-2022-43359 (Gifdec commit 1dcbae19363597314f6623010cc80abad4e47f7c was
discovered ...)
NOT-FOR-US: Gifdec
-CVE-2022-43358
- RESERVED
-CVE-2022-43357
- RESERVED
+CVE-2022-43358 (Stack overflow vulnerability in ast_selectors.cpp: in function
Sass::C ...)
+ TODO: check
+CVE-2022-43357 (Stack overflow vulnerability in ast_selectors.cpp in function
Sass::Co ...)
+ TODO: check
CVE-2022-43356
RESERVED
CVE-2022-43355 (Sanitization Management System v1.0 was discovered to contain
a SQL in ...)
@@ -63460,7 +63565,7 @@ CVE-2022-41816
CVE-2022-41815
RESERVED
CVE-2022-41804 (Unauthorized error injection in Intel(R) SGX or Intel(R) TDX
for some ...)
- {DSA-5474-1}
+ {DSA-5474-1 DLA-3537-1}
- intel-microcode 3.20230808.1 (bug #1043305)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00837.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230808
@@ -64208,7 +64313,7 @@ CVE-2022-41342 (Improper buffer restrictions in the
Intel(R) C++ Compiler Classi
CVE-2022-41314 (Uncontrolled search path in some Intel(R) Network Adapter
installer so ...)
NOT-FOR-US: Intel
CVE-2022-40982 (Information exposure through microarchitectural state after
transient ...)
- {DSA-5475-1 DSA-5474-1 DLA-3525-1 DLA-3524-1}
+ {DSA-5475-1 DSA-5474-1 DLA-3537-1 DLA-3525-1 DLA-3524-1}
- linux 6.4.4-3
- intel-microcode 3.20230808.1 (bug #1043305)
NOTE: https://www.openwall.com/lists/oss-security/2023/08/08/5
@@ -64569,8 +64674,8 @@ CVE-2022-41446 (An access control issue in
/Admin/dashboard.php of Record Manage
NOT-FOR-US: Record Management System
CVE-2022-41445 (A cross-site scripting (XSS) vulnerability in Record
Management System ...)
NOT-FOR-US: Record Management System
-CVE-2022-41444
- RESERVED
+CVE-2022-41444 (Cross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via
crafted P ...)
+ TODO: check
CVE-2022-41443 (phpipam v1.5.0 was discovered to contain a header injection
vulnerabil ...)
- phpipam <itp> (bug #731713)
CVE-2022-41442 (PicUploader v2.6.3 was discovered to contain cross-site
scripting (XSS ...)
@@ -67121,8 +67226,8 @@ CVE-2022-40435 (Employee Performance Evaluation System
v1.0 was discovered to co
NOT-FOR-US: Employee Performance Evaluation System
CVE-2022-40434 (Softr v2.0 was discovered to be vulnerable to HTML injection
via the N ...)
NOT-FOR-US: Softr
-CVE-2022-40433
- RESERVED
+CVE-2022-40433 (An issue was discovered in function
ciMethodBlocks::make_block_at in O ...)
+ TODO: check
CVE-2022-40432 (The d8s-strings for python, as distributed on PyPI, included a
potenti ...)
NOT-FOR-US: d8s-strings for python
CVE-2022-40431 (The d8s-pdfs for python, as distributed on PyPI, included a
potential ...)
@@ -67985,8 +68090,8 @@ CVE-2022-40092 (Online Tours & Travels Management
System v1.0 was discovered to
NOT-FOR-US: Online Tours & Travels Management System
CVE-2022-40091 (Online Tours & Travels Management System v1.0 was discovered
to contai ...)
NOT-FOR-US: Online Tours & Travels Management System
-CVE-2022-40090
- RESERVED
+CVE-2022-40090 (An issue was discovered in function TIFFReadDirectory libtiff
before 4 ...)
+ TODO: check
CVE-2022-40089 (A remote file inclusion (RFI) vulnerability in Simple College
Website ...)
NOT-FOR-US: Simple College Website
CVE-2022-40088 (Simple College Website v1.0 was discovered to contain a
reflected cros ...)
@@ -72949,8 +73054,8 @@ CVE-2022-38351 (A vulnerability in Suprema BioStar (aka
Bio Star) 2 v2.8.16 allo
NOT-FOR-US: Suprema Bio Star
CVE-2022-38350
RESERVED
-CVE-2022-38349
- RESERVED
+CVE-2022-38349 (An issue was discovered in Poppler 22.08.0. There is a
reachable asser ...)
+ TODO: check
CVE-2022-38348
RESERVED
CVE-2022-38347
@@ -76336,12 +76441,12 @@ CVE-2022-37054
RESERVED
CVE-2022-37053 (TRENDnet TEW733GR v1.03B01 is vulnerable to Command injection
via /htd ...)
NOT-FOR-US: Trendnet
-CVE-2022-37052
- RESERVED
-CVE-2022-37051
- RESERVED
-CVE-2022-37050
- RESERVED
+CVE-2022-37052 (A reachable Object::getString assertion in Poppler 22.07.0
allows atta ...)
+ TODO: check
+CVE-2022-37051 (An issue was discovered in Poppler 22.07.0. There is a
reachable abort ...)
+ TODO: check
+CVE-2022-37050 (In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows
attackers t ...)
+ TODO: check
CVE-2022-37049 (The component tcpprep in Tcpreplay v4.4.1 was discovered to
contain a ...)
- tcpreplay 4.4.2-1 (unimportant; bug #1018057)
NOTE: https://github.com/appneta/tcpreplay/issues/736
@@ -77417,8 +77522,8 @@ CVE-2022-36650
RESERVED
CVE-2022-36649
RESERVED
-CVE-2022-36648
- RESERVED
+CVE-2022-36648 (The hardware emulation in the of_dpa_cmd_add_l2_flood of
rocker device ...)
+ TODO: check
CVE-2022-36647 (PKUVCL davs2 v1.6.205 was discovered to contain a global
buffer overfl ...)
- davs2 <unfixed> (bug #1019358)
NOTE: https://github.com/pkuvcl/davs2/issues/29
@@ -81196,7 +81301,7 @@ CVE-2022-35230 (An authenticated user can create a link
with reflected Javascrip
NOTE: https://support.zabbix.com/browse/ZBX-21305
NOTE: Fixed in:
https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/3b47a97676ee9ca4e16566f1931c456459108eae
(5.0.25rc1)
CVE-2022-35229 (An authenticated user can create a link with reflected
Javascript code ...)
- {DLA-3390-1}
+ {DLA-3538-1 DLA-3390-1}
[experimental] - zabbix 1:6.0.6+dfsg-1
- zabbix 1:6.0.7+dfsg-2 (bug #1014992)
[bullseye] - zabbix <no-dsa> (Minor issue)
@@ -81301,10 +81406,10 @@ CVE-2022-35208
RESERVED
CVE-2022-35207
RESERVED
-CVE-2022-35206
- RESERVED
-CVE-2022-35205
- RESERVED
+CVE-2022-35206 (Null pointer dereference vulnerability in Binutils readelf
2.38.50 via ...)
+ TODO: check
+CVE-2022-35205 (An issue was discovered in Binutils readelf 2.38.50, reachable
asserti ...)
+ TODO: check
CVE-2022-35204 (Vitejs Vite before v2.9.13 was discovered to allow attackers
to perfor ...)
NOT-FOR-US: Vitejs Vite
CVE-2022-35203 (An access control issue in TrendNet TV-IP572PI v1.0 allows
unauthentic ...)
@@ -84775,8 +84880,8 @@ CVE-2022-34040
RESERVED
CVE-2022-34039
RESERVED
-CVE-2022-34038
- RESERVED
+CVE-2022-34038 (Etcd v3.5.4 allows remote attackers to cause a denial of
service via f ...)
+ TODO: check
CVE-2022-34037 (An out-of-bounds read in the rewrite function at
/modules/caddyhttp/re ...)
NOT-FOR-US: Caddy
CVE-2022-34036
@@ -97272,8 +97377,8 @@ CVE-2022-29656 (Wedding Management System v1.0 was
discovered to contain a SQL i
NOT-FOR-US: Wedding Management System
CVE-2022-29655 (An arbitrary file upload vulnerability in the Upload Photos
module of ...)
NOT-FOR-US: Wedding Management System
-CVE-2022-29654
- RESERVED
+CVE-2022-29654 (Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c
in nasm ...)
+ TODO: check
CVE-2022-29653 (OFCMS v1.1.4 was discovered to contain a cross-site scripting
(XSS) vu ...)
NOT-FOR-US: OFCMS
CVE-2022-29652 (Online Sports Complex Booking System 1.0 is vulnerable to SQL
Injectio ...)
@@ -102109,18 +102214,18 @@ CVE-2022-28075
RESERVED
CVE-2022-28074 (Halo-1.5.0 was discovered to contain a stored cross-site
scripting (XS ...)
NOT-FOR-US: Halo
-CVE-2022-28073
- RESERVED
-CVE-2022-28072
- RESERVED
-CVE-2022-28071
- RESERVED
-CVE-2022-28070
- RESERVED
-CVE-2022-28069
- RESERVED
-CVE-2022-28068
- RESERVED
+CVE-2022-28073 (A use after free in r_reg_set_value function in radare2 5.4.2
and 5.4. ...)
+ TODO: check
+CVE-2022-28072 (A heap buffer overflow in r_read_le32 function in radare25.4.2
and 5.4 ...)
+ TODO: check
+CVE-2022-28071 (A use after free in r_reg_get_name_idx function in radare2
5.4.2 and 5 ...)
+ TODO: check
+CVE-2022-28070 (A null pointer deference in __core_anal_fcn function in
radare2 5.4.2 ...)
+ TODO: check
+CVE-2022-28069 (A heap buffer overflow in vax_opfunction in radare2 5.4.2 and
5.4.0.)
+ TODO: check
+CVE-2022-28068 (A heap buffer overflow in r_sleb128 function in radare2 5.4.2
and 5.4. ...)
+ TODO: check
CVE-2022-28067 (An incorrect access control issue in Sandboxie Classic
v5.55.13 allows ...)
NOT-FOR-US: Sandboxie Classic
CVE-2022-28066
@@ -106288,8 +106393,8 @@ CVE-2022-26594 (Multiple cross-site scripting (XSS)
vulnerabilities in Liferay P
NOT-FOR-US: Liferay
CVE-2022-26593 (Cross-site scripting (XSS) vulnerability in the Asset module's
asset c ...)
NOT-FOR-US: Liferay
-CVE-2022-26592
- RESERVED
+CVE-2022-26592 (Stack Overflow vulnerability in libsass 3.6.5 via the
CompoundSelector ...)
+ TODO: check
CVE-2022-26591 (FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows
unauthenticated attac ...)
NOT-FOR-US: FANTEC GmbH MWiD25-DS Firmware
CVE-2022-26590
@@ -110809,8 +110914,8 @@ CVE-2022-25026 (A Server-Side Request Forgery (SSRF)
in Rocket TRUfusion Portal
NOT-FOR-US: Rocket TRUfusion Portal
CVE-2022-25025
RESERVED
-CVE-2022-25024
- RESERVED
+CVE-2022-25024 (The json2xml package through 3.12.0 for Python allows an error
in type ...)
+ TODO: check
CVE-2022-25023 (Audio File commit 004065d was discovered to contain a
heap-buffer over ...)
NOT-FOR-US: AudioFile (different from src:audiofile)
CVE-2022-25022 (A cross-site scripting (XSS) vulnerability in Htmly v2.8.1
allows atta ...)
@@ -117147,8 +117252,8 @@ CVE-2021-46313 (The binary MP4Box in GPAC v1.0.1 was
discovered to contain a seg
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2039
NOTE:
https://github.com/gpac/gpac/commit/ee969d3c4c425ecb25999eb68ada616925b58eba
(v2.0.0)
-CVE-2021-46312
- RESERVED
+CVE-2021-46312 (An issue was discovered IW44EncodeCodec.cpp in djvulibre
3.5.28 in all ...)
+ TODO: check
CVE-2021-46311 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0
via the ...)
- gpac 2.0.0+dfsg1-2
[bullseye] - gpac <ignored> (Minor issue)
@@ -117156,8 +117261,8 @@ CVE-2021-46311 (A NULL pointer dereference
vulnerability exists in GPAC v1.1.0 v
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2038
NOTE:
https://github.com/gpac/gpac/commit/ad19e0c4504a89ca273442b1b1483ae7adfb9491
(v2.0.0)
-CVE-2021-46310
- RESERVED
+CVE-2021-46310 (An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in
allows at ...)
+ TODO: check
CVE-2021-46309 (An SQL Injection vulnerability exists in Sourcecodester
Employee and V ...)
NOT-FOR-US: Sourcecodester
CVE-2021-46308 (An SQL Injection vulnerability exists in Sourcecodester Online
Railway ...)
@@ -118932,8 +119037,8 @@ CVE-2021-46181
RESERVED
CVE-2021-46180
RESERVED
-CVE-2021-46179
- RESERVED
+CVE-2021-46179 (Reachable Assertion vulnerability in upx before 4.0.0 allows
attackers ...)
+ TODO: check
CVE-2021-46178
RESERVED
CVE-2021-46177
@@ -118942,8 +119047,8 @@ CVE-2021-46176
RESERVED
CVE-2021-46175
RESERVED
-CVE-2021-46174
- RESERVED
+CVE-2021-46174 (Heap-based Buffer Overflow in function bfd_getl32 in Binutils
objdump ...)
+ TODO: check
CVE-2021-46173
RESERVED
CVE-2021-46172
@@ -132972,8 +133077,8 @@ CVE-2021-43172 (NLnet Labs Routinator prior to 0.10.2
happily processes a chain
NOTE: https://github.com/NLnetLabs/routinator/pull/665
CVE-2021-3917 (A flaw was found in the coreos-installer, where it writes the
Ignition ...)
NOT-FOR-US: coreos-installer
-CVE-2021-43171
- RESERVED
+CVE-2021-43171 (Improper verification of applications' cryptographic
signatures in the ...)
+ TODO: check
CVE-2021-43170
RESERVED
CVE-2021-43169
@@ -141835,16 +141940,16 @@ CVE-2021-40268
RESERVED
CVE-2021-40267
RESERVED
-CVE-2021-40266
- RESERVED
-CVE-2021-40265
- RESERVED
-CVE-2021-40264
- RESERVED
-CVE-2021-40263
- RESERVED
-CVE-2021-40262
- RESERVED
+CVE-2021-40266 (FreeImage before 1.18.0, ReadPalette function in
PluginTIFF.cpp is vul ...)
+ TODO: check
+CVE-2021-40265 (A heap overflow bug exists FreeImage before 1.18.0 via ofLoad
function ...)
+ TODO: check
+CVE-2021-40264 (NULL pointer dereference vulnerability in FreeImage before
1.18.0 via ...)
+ TODO: check
+CVE-2021-40263 (A heap overflow vulnerability in FreeImage 1.18.0 via the
ofLoad funct ...)
+ TODO: check
+CVE-2021-40262 (A stack exhaustion issue was discovered in FreeImage before
1.18.0 via ...)
+ TODO: check
CVE-2021-40261 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in
SourceCod ...)
NOT-FOR-US: SourceCodester
CVE-2021-40260 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in
SourceCod ...)
@@ -141949,8 +142054,8 @@ CVE-2021-40213
RESERVED
CVE-2021-40212 (An exploitable out-of-bounds write vulnerability in PotPlayer
1.7.2152 ...)
NOT-FOR-US: PotPlayer
-CVE-2021-40211
- RESERVED
+CVE-2021-40211 (An issue was discovered with ImageMagick 7.1.0-4 via Division
by zero ...)
+ TODO: check
CVE-2021-40210
RESERVED
CVE-2021-40209
@@ -154276,8 +154381,8 @@ CVE-2021-35311
RESERVED
CVE-2021-35310
RESERVED
-CVE-2021-35309
- RESERVED
+CVE-2021-35309 (An issue discovered in Samsung SyncThru Web Service SPL 5.93
06-09-201 ...)
+ TODO: check
CVE-2021-35308
RESERVED
CVE-2021-35307 (An issue was discovered in Bento4 through v1.6.0-636. A NULL
pointer d ...)
@@ -156863,8 +156968,8 @@ CVE-2021-34195
RESERVED
CVE-2021-34194
RESERVED
-CVE-2021-34193
- RESERVED
+CVE-2021-34193 (Stack overflow vulnerability in OpenSC smart card middleware
before 0. ...)
+ TODO: check
CVE-2021-34192
RESERVED
CVE-2021-34191
@@ -158935,12 +159040,12 @@ CVE-2021-33391 (An issue in HTACG HTML Tidy v5.7.28
allows attacker to execute a
[buster] - tidy-html5 <no-dsa> (Minor issue)
NOTE: https://github.com/htacg/tidy-html5/issues/946
NOTE:
https://github.com/htacg/tidy-html5/commit/efa61528aa500a1efbd2768121820742d3bb709b
-CVE-2021-33390
- RESERVED
+CVE-2021-33390 (dpic 2021.04.10 has a use-after-free in thedeletestringbox()
function ...)
+ TODO: check
CVE-2021-33389
RESERVED
-CVE-2021-33388
- RESERVED
+CVE-2021-33388 (dpic 2021.04.10 has a Heap Buffer Overflow in themakevar()
function in ...)
+ TODO: check
CVE-2021-33387 (Cross Site Scripting Vulnerability in MiniCMS v.1.10 allows
attacker t ...)
NOT-FOR-US: MiniCMS
CVE-2021-33386
@@ -161559,12 +161664,12 @@ CVE-2021-32424 (In TrendNet TW100-S4W1CA 2.3.32,
due to a lack of proper session
NOT-FOR-US: TrendNet TW100-S4W1CA
CVE-2021-32423
RESERVED
-CVE-2021-32422
- RESERVED
-CVE-2021-32421
- RESERVED
-CVE-2021-32420
- RESERVED
+CVE-2021-32422 (dpic 2021.01.01 has a Global buffer overflow in theyylex()
function in ...)
+ TODO: check
+CVE-2021-32421 (dpic 2021.01.01 has a Heap Use-After-Free in
thedeletestringbox() func ...)
+ TODO: check
+CVE-2021-32420 (dpic 2021.01.01 has a Heap-based Buffer Overflow in
thestorestring fun ...)
+ TODO: check
CVE-2021-32419 (An issue in Schism Tracker v20200412 fixed in v.20200412
allows attack ...)
- schism 2:20210525-2 (unimportant)
NOTE: https://github.com/schismtracker/schismtracker/issues/249
@@ -161830,8 +161935,8 @@ CVE-2021-32294 (An issue was discovered in libgig
through 20200507. A heap-buffe
NOTE: https://github.com/drbye78/libgig/issues/1
CVE-2021-32293
RESERVED
-CVE-2021-32292
- RESERVED
+CVE-2021-32292 (An issue was discovered in json-c through 0.15-20200726. A
stack-buffe ...)
+ TODO: check
CVE-2021-32291
RESERVED
CVE-2021-32290
@@ -168041,8 +168146,8 @@ CVE-2021-30049 (SysAid 20.3.64 b14 is affected by
Cross Site Scripting (XSS) via
NOT-FOR-US: SysAid
CVE-2021-30048 (Directory Traversal in the fileDownload function in
com/java2nb/common ...)
NOT-FOR-US: Novel-plus
-CVE-2021-30047
- RESERVED
+CVE-2021-30047 (VSFTPD 3.0.3 allows attackers to cause a denial of service due
to limi ...)
+ TODO: check
CVE-2021-30046 (VIGRA Computer Vision Library Version-1-11-1 contains a
segmentation f ...)
NOT-FOR-US: VIGRA Computer Vision Library
CVE-2021-30045 (SerenityOS 2021-03-27 contains a buffer overflow vulnerability
in the ...)
@@ -169837,8 +169942,8 @@ CVE-2021-29392
RESERVED
CVE-2021-29391
RESERVED
-CVE-2021-29390
- RESERVED
+CVE-2021-29390 (libjpeg-turbo version 2.0.90 is vulnerable to a
heap-buffer-overflow v ...)
+ TODO: check
CVE-2021-29389
RESERVED
CVE-2021-29388 (A stored cross-site scripting (XSS) vulnerability in
SourceCodester Bu ...)
@@ -195136,8 +195241,8 @@ CVE-2020-35360
RESERVED
CVE-2020-35359 (Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate
server ...)
NOTE: Bogus issue, can be configured using MaxClientsPerIP in
pure-ftpd.conf configuration file
-CVE-2020-35357
- RESERVED
+CVE-2020-35357 (A buffer overflow can occur when calculating the quantile
value using ...)
+ TODO: check
CVE-2020-35356
RESERVED
CVE-2020-35355
@@ -195166,8 +195271,8 @@ CVE-2020-35344
RESERVED
CVE-2020-35343
RESERVED
-CVE-2020-35342
- RESERVED
+CVE-2020-35342 (GNU Binutils before 2.34 has an uninitialized-heap
vulnerability in fu ...)
+ TODO: check
CVE-2020-35341
RESERVED
CVE-2020-35340 (A local file inclusion vulnerability in ExpertPDF 9.5.0
through 14.1.0 ...)
@@ -208380,8 +208485,8 @@ CVE-2020-26685
RESERVED
CVE-2020-26684
RESERVED
-CVE-2020-26683
- RESERVED
+CVE-2020-26683 (A memory leak issue discovered in /pdf/pdf-font-add.c in
Artifex Softw ...)
+ TODO: check
CVE-2020-26682 (In libass 0.14.0, the `ass_outline_construct`'s call to
`outline_strok ...)
- libass 1:0.15.0-1 (bug #975108)
[buster] - libass <no-dsa> (Minor issue)
@@ -208449,8 +208554,8 @@ CVE-2020-26654
RESERVED
CVE-2020-26653
RESERVED
-CVE-2020-26652
- RESERVED
+CVE-2020-26652 (An issue was discovered in function nl80211_send_chandef in
rtl8812au ...)
+ TODO: check
CVE-2020-26651
RESERVED
CVE-2020-26650 (AtomXCMS 2.0 is affected by Arbitrary File Read via
admin/dump.php)
@@ -210282,8 +210387,8 @@ CVE-2020-25889 (Online Bus Booking System Project
Using PHP/MySQL version 1.0 ha
NOT-FOR-US: Online Bus Booking System Project Using PHP/MySQL
CVE-2020-25888
RESERVED
-CVE-2020-25887
- RESERVED
+CVE-2020-25887 (Buffer overflow in mg_resolve_from_hosts_file in Mongoose
6.18, when r ...)
+ TODO: check
CVE-2020-25886
RESERVED
CVE-2020-25885
@@ -214355,14 +214460,14 @@ CVE-2020-24297 (httpd on TP-Link TL-WPA4220 devices
(versions 2 through 4) allow
NOT-FOR-US: TP-Link
CVE-2020-24296
RESERVED
-CVE-2020-24295
- RESERVED
-CVE-2020-24294
- RESERVED
-CVE-2020-24293
- RESERVED
-CVE-2020-24292
- RESERVED
+CVE-2020-24295 (Buffer Overflow vulnerability in
PSDParser.cpp::ReadImageLine() in Fre ...)
+ TODO: check
+CVE-2020-24294 (Buffer Overflow vulnerability in psdParser::UnpackRLE function
in PSDP ...)
+ TODO: check
+CVE-2020-24293 (Buffer Overflow vulnerability in psdThumbnail::Read in
PSDParser.cpp i ...)
+ TODO: check
+CVE-2020-24292 (Buffer Overflow vulnerability in load function in
PluginICO.cpp in Fre ...)
+ TODO: check
CVE-2020-24291
RESERVED
CVE-2020-24290
@@ -214995,8 +215100,8 @@ CVE-2020-23994
RESERVED
CVE-2020-23993
RESERVED
-CVE-2020-23992
- RESERVED
+CVE-2020-23992 (Cross Site Scripting (XSS) in Nagios XI 5.7.1 allows remote
attackers ...)
+ TODO: check
CVE-2020-23991
RESERVED
CVE-2020-23990
@@ -215425,8 +215530,8 @@ CVE-2020-23806
RESERVED
CVE-2020-23805
RESERVED
-CVE-2020-23804
- RESERVED
+CVE-2020-23804 (Uncontrolled Recursion in pdfinfo, and pdftops in poppler
0.89.0 allow ...)
+ TODO: check
CVE-2020-23803
RESERVED
CVE-2020-23802
@@ -215447,8 +215552,8 @@ CVE-2020-23795
RESERVED
CVE-2020-23794
RESERVED
-CVE-2020-23793
- RESERVED
+CVE-2020-23793 (An issue was discovered in spice-server
spice-server-0.14.0-6.el7_6.1. ...)
+ TODO: check
CVE-2020-23792
RESERVED
CVE-2020-23791
@@ -217290,8 +217395,8 @@ CVE-2020-22918
RESERVED
CVE-2020-22917
RESERVED
-CVE-2020-22916
- RESERVED
+CVE-2020-22916 (An issue discovered in XZ 5.2.5 allows attackers to cause a
denial of ...)
+ TODO: check
CVE-2020-22915
RESERVED
CVE-2020-22914
@@ -217897,8 +218002,8 @@ CVE-2020-22630
RESERVED
CVE-2020-22629
RESERVED
-CVE-2020-22628
- RESERVED
+CVE-2020-22628 (Buffer Overflow vulnerability in LibRaw::stretch() function in
libraw\ ...)
+ TODO: check
CVE-2020-22627
RESERVED
CVE-2020-22626
@@ -218024,8 +218129,8 @@ CVE-2020-22572
RESERVED
CVE-2020-22571
RESERVED
-CVE-2020-22570
- RESERVED
+CVE-2020-22570 (Memcached 1.6.0 before 1.6.3 allows remote attackers to cause
a denial ...)
+ TODO: check
CVE-2020-22569
RESERVED
CVE-2020-22568
@@ -218116,8 +218221,8 @@ CVE-2020-22526
RESERVED
CVE-2020-22525
RESERVED
-CVE-2020-22524
- RESERVED
+CVE-2020-22524 (Buffer Overflow vulnerability in FreeImage_Load function in
FreeImage ...)
+ TODO: check
CVE-2020-22523
RESERVED
CVE-2020-22522
@@ -218755,12 +218860,12 @@ CVE-2020-22221
RESERVED
CVE-2020-22220
RESERVED
-CVE-2020-22219
- RESERVED
-CVE-2020-22218
- RESERVED
-CVE-2020-22217
- RESERVED
+CVE-2020-22219 (Buffer Overflow vulnerability in function bitwriter_grow_ in
flac befo ...)
+ TODO: check
+CVE-2020-22218 (An issue was discovered in function _libssh2_packet_add in
libssh2 1.1 ...)
+ TODO: check
+CVE-2020-22217 (Buffer overflow vulnerability in c-ares before 1_16_1 thru
1_17_0 via ...)
+ TODO: check
CVE-2020-22216
RESERVED
CVE-2020-22215
@@ -218831,8 +218936,8 @@ CVE-2020-22183
RESERVED
CVE-2020-22182
RESERVED
-CVE-2020-22181
- RESERVED
+CVE-2020-22181 (A reflected cross site scripting (XSS) vulnerability was
discovered on ...)
+ TODO: check
CVE-2020-22180
RESERVED
CVE-2020-22179
@@ -219532,8 +219637,8 @@ CVE-2020-21898
RESERVED
CVE-2020-21897
RESERVED
-CVE-2020-21896
- RESERVED
+CVE-2020-21896 (A Use After Free vulnerability in
svg_dev_text_span_as_paths_defs func ...)
+ TODO: check
CVE-2020-21895
RESERVED
CVE-2020-21894
@@ -219544,8 +219649,8 @@ CVE-2020-21892
RESERVED
CVE-2020-21891
RESERVED
-CVE-2020-21890
- RESERVED
+CVE-2020-21890 (Buffer Overflow vulnerability in clj_media_size function in
devices/gd ...)
+ TODO: check
CVE-2020-21889
RESERVED
CVE-2020-21888
@@ -219876,12 +219981,12 @@ CVE-2020-21726 (OpenSNS v6.1.0 contains a blind SQL
injection vulnerability in /
NOT-FOR-US: OpenSNS
CVE-2020-21725 (OpenSNS v6.1.0 contains a blind SQL injection vulnerability in
/Contro ...)
NOT-FOR-US: OpenSNS
-CVE-2020-21724
- RESERVED
-CVE-2020-21723
- RESERVED
-CVE-2020-21722
- RESERVED
+CVE-2020-21724 (Buffer Overflow vulnerability in ExtractorInformation function
in stre ...)
+ TODO: check
+CVE-2020-21723 (A Segmentation Fault issue discovered
StreamSerializer::extractStreams ...)
+ TODO: check
+CVE-2020-21722 (Buffer Overflow vulnerability in oggvideotools 0.9.1 allows
remote att ...)
+ TODO: check
CVE-2020-21721
RESERVED
CVE-2020-21720
@@ -219904,8 +220009,8 @@ CVE-2020-21712
RESERVED
CVE-2020-21711
RESERVED
-CVE-2020-21710
- RESERVED
+CVE-2020-21710 (A divide by zero issue discovered in eps_print_page in
gdevepsn.c in A ...)
+ TODO: check
CVE-2020-21709
RESERVED
CVE-2020-21708
@@ -219926,8 +220031,8 @@ CVE-2020-21701
RESERVED
CVE-2020-21700
RESERVED
-CVE-2020-21699
- RESERVED
+CVE-2020-21699 (The web server Tengine 2.2.2 developed in the Nginx version
from 0.5.6 ...)
+ TODO: check
CVE-2020-21698
RESERVED
CVE-2020-21697 (A heap-use-after-free in the mpeg_mux_write_packet function in
libavfo ...)
@@ -219960,12 +220065,12 @@ CVE-2020-21688 (A heap-use-after-free in the
av_freep function in libavutil/mem.
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=22c3cd176079dd104ec7610ead697235b04396f1
(4.4)
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f7c9b1ed56b98eede5756d6865a10305982b4570
(4.1.9)
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f1a77222da98dbe4b8eeda54d68deefe6adcd299
(3.2.17)
-CVE-2020-21687
- RESERVED
-CVE-2020-21686
- RESERVED
-CVE-2020-21685
- RESERVED
+CVE-2020-21687 (Buffer Overflow vulnerability in scan function in stdscan.c in
nasm 2. ...)
+ TODO: check
+CVE-2020-21686 (A stack-use-after-scope issue discovered in expand_mmac_params
functio ...)
+ TODO: check
+CVE-2020-21685 (Buffer Overflow vulnerability in hash_findi function in
hashtbl.c in n ...)
+ TODO: check
CVE-2020-21684 (A global buffer overflow in the put_font in genpict2e.c of
fig2dev 3.2 ...)
- fig2dev 1:3.2.8-1 (unimportant)
- transfig <removed>
@@ -219998,8 +220103,8 @@ CVE-2020-21680 (A stack-based buffer overflow in the
put_arrow() component in ge
NOTE:
https://sourceforge.net/p/mcj/fig2dev/ci/3165d86c31c6323913239fdc6460be6ababd3826/
(3.2.8)
NOTE:
https://sourceforge.net/p/mcj/fig2dev/ci/100e2789f8106f9cc0f7e4319c4ee7bda076c3ac/
(3.2.8)
NOTE: Crash in CLI tool, no security impact
-CVE-2020-21679
- RESERVED
+CVE-2020-21679 (Buffer Overflow vulnerability in WritePCXImage function in
pcx.c in Gr ...)
+ TODO: check
CVE-2020-21678 (A global buffer overflow in the genmp_writefontmacro_latex
component i ...)
- fig2dev 1:3.2.8-1 (unimportant)
- transfig <removed>
@@ -220253,8 +220358,8 @@ CVE-2020-21585 (Vulnerability in emlog v6.0.0 allows
user to upload webshells vi
NOT-FOR-US: emlog
CVE-2020-21584
RESERVED
-CVE-2020-21583
- RESERVED
+CVE-2020-21583 (An issue was discovered in hwclock.13-v2.27 allows attackers
to gain e ...)
+ TODO: check
CVE-2020-21582
RESERVED
CVE-2020-21581
@@ -220405,8 +220510,8 @@ CVE-2020-21529 (fig2dev 3.2.7b contains a stack
buffer overflow in the bezier_sp
NOTE: https://sourceforge.net/p/mcj/tickets/65/
NOTE:
https://sourceforge.net/p/mcj/fig2dev/ci/d70e4ba6308046f71cb51f67db8412155af52411/
(3.2.8)
NOTE:
https://sourceforge.net/p/mcj/fig2dev/ci/e3cee2576438f47a3b8678c6960472e625f8f7d7/
(3.2.8)
-CVE-2020-21528
- RESERVED
+CVE-2020-21528 (A Segmentation Fault issue discovered in in ieee_segment
function in o ...)
+ TODO: check
CVE-2020-21527 (There is an Arbitrary file deletion vulnerability in halo
v1.1.3. A ba ...)
NOT-FOR-US: Halo
CVE-2020-21526 (An Arbitrary file writing vulnerability in halo v1.1.3. In an
interfac ...)
@@ -220481,8 +220586,8 @@ CVE-2020-21492
RESERVED
CVE-2020-21491
RESERVED
-CVE-2020-21490
- RESERVED
+CVE-2020-21490 (An issue was discovered in GNU Binutils 2.34. It is a memory
leak when ...)
+ TODO: check
CVE-2020-21489 (File Upload vulnerability in Feehicms v.2.0.8 allows a remote
attacker ...)
NOT-FOR-US: Feehicms
CVE-2020-21488
@@ -220523,8 +220628,8 @@ CVE-2020-21471
RESERVED
CVE-2020-21470
RESERVED
-CVE-2020-21469
- RESERVED
+CVE-2020-21469 (An issue was discovered in PostgreSQL 12.2 allows attackers to
cause a ...)
+ TODO: check
CVE-2020-21468 (A segmentation fault in the redis-server component of Redis
5.0.7 lead ...)
- redis <unfixed> (unimportant)
NOTE: https://github.com/redis/redis/issues/6633
@@ -220607,12 +220712,12 @@ CVE-2020-21430
RESERVED
CVE-2020-21429
RESERVED
-CVE-2020-21428
- RESERVED
-CVE-2020-21427
- RESERVED
-CVE-2020-21426
- RESERVED
+CVE-2020-21428 (Buffer Overflow vulnerability in function LoadRGB in
PluginDDS.cpp in ...)
+ TODO: check
+CVE-2020-21427 (Buffer Overflow vulnerability in function LoadPixelDataRLE8 in
PluginB ...)
+ TODO: check
+CVE-2020-21426 (Buffer Overflow vulnerability in function C_IStream::read in
PluginEXR ...)
+ TODO: check
CVE-2020-21425
RESERVED
CVE-2020-21424
@@ -221385,8 +221490,8 @@ CVE-2020-21048 (An issue in the dither.c component of
libsixel prior to v1.8.4 a
NOTE: https://github.com/saitoha/libsixel/issues/73
NOTE:
https://github.com/saitoha/libsixel/commit/cb373ab6614c910407c5e5a93ab935144e62b037
(v1.8.4)
NOTE:
https://github.com/saitoha/libsixel/commit/26ac06f3623279348f0dce2d191a9b6ca0c80226
(v1.8.4)
-CVE-2020-21047
- RESERVED
+CVE-2020-21047 (The libcpu component which is used by libasm of elfutils
version 0.177 ...)
+ TODO: check
CVE-2020-21046 (A local privilege escalation vulnerability was identified
within the " ...)
NOT-FOR-US: EagleGet for Windows
CVE-2020-21045
@@ -221887,8 +221992,8 @@ CVE-2020-20815
RESERVED
CVE-2020-20814
RESERVED
-CVE-2020-20813
- RESERVED
+CVE-2020-20813 (Control Channel in OpenVPN 2.4.7 and earlier allows remote
attackers t ...)
+ TODO: check
CVE-2020-20812
RESERVED
CVE-2020-20811
@@ -223268,8 +223373,8 @@ CVE-2020-20147
RESERVED
CVE-2020-20146
RESERVED
-CVE-2020-20145
- RESERVED
+CVE-2020-20145 (An issue was discovered in /src/helper.c in Dnsmasq up to and
includin ...)
+ TODO: check
CVE-2020-20144
RESERVED
CVE-2020-20143
@@ -223740,8 +223845,8 @@ CVE-2020-19911
RESERVED
CVE-2020-19910
RESERVED
-CVE-2020-19909
- RESERVED
+CVE-2020-19909 (Integer overflow vulnerability in tool_operate.c in curl
7.65.2 via cr ...)
+ TODO: check
CVE-2020-19908
RESERVED
CVE-2020-19907 (A command injection vulnerability in the sandcat plugin of
Caldera 2.3 ...)
@@ -224134,12 +224239,12 @@ CVE-2020-19728
RESERVED
CVE-2020-19727
RESERVED
-CVE-2020-19726
- RESERVED
-CVE-2020-19725
- RESERVED
-CVE-2020-19724
- RESERVED
+CVE-2020-19726 (An issue was discovered in binutils libbfd.c 2.36 relating to
the auxi ...)
+ TODO: check
+CVE-2020-19725 (There is a use-after-free vulnerability in file
pdd_simplifier.cpp in ...)
+ TODO: check
+CVE-2020-19724 (A memory consumption issue in get_data function in
binutils/nm.c in GN ...)
+ TODO: check
CVE-2020-19723
RESERVED
CVE-2020-19722 (An unhandled memory allocation failure in Core/Ap4Atom.cpp of
Bento 1. ...)
@@ -224609,7 +224714,7 @@ CVE-2020-19502
CVE-2020-19501
RESERVED
CVE-2020-19500
- RESERVED
+ REJECTED
CVE-2020-19499 (An issue was discovered in heif::Box_iref::get_references in
libheif 1 ...)
- libheif 1.5.0-1
[buster] - libheif <no-dsa> (Minor issue)
@@ -225284,18 +225389,18 @@ CVE-2020-19192
RESERVED
CVE-2020-19191
RESERVED
-CVE-2020-19190
- RESERVED
-CVE-2020-19189
- RESERVED
-CVE-2020-19188
- RESERVED
-CVE-2020-19187
- RESERVED
-CVE-2020-19186
- RESERVED
-CVE-2020-19185
- RESERVED
+CVE-2020-19190 (Buffer Overflow vulnerability in _nc_find_entry in
tinfo/comp_hash.c:7 ...)
+ TODO: check
+CVE-2020-19189 (Buffer Overflow vulnerability in postprocess_terminfo function
in tinf ...)
+ TODO: check
+CVE-2020-19188 (Buffer Overflow vulnerability in fmt_entry function in
progs/dump_entr ...)
+ TODO: check
+CVE-2020-19187 (Buffer Overflow vulnerability in fmt_entry function in
progs/dump_entr ...)
+ TODO: check
+CVE-2020-19186 (Buffer Overflow vulnerability in _nc_find_entry function in
tinfo/comp ...)
+ TODO: check
+CVE-2020-19185 (Buffer Overflow vulnerability in one_one_mapping function in
progs/dum ...)
+ TODO: check
CVE-2020-19184
RESERVED
CVE-2020-19183
@@ -226020,8 +226125,8 @@ CVE-2020-18841
RESERVED
CVE-2020-18840
RESERVED
-CVE-2020-18839
- RESERVED
+CVE-2020-18839 (Buffer Overflow vulnerability in HtmlOutputDev::page in
poppler 0.75.0 ...)
+ TODO: check
CVE-2020-18838
RESERVED
CVE-2020-18837
@@ -226036,8 +226141,8 @@ CVE-2020-18833
RESERVED
CVE-2020-18832
RESERVED
-CVE-2020-18831
- RESERVED
+CVE-2020-18831 (Buffer Overflow vulnerability in tEXtToDataBuf function in
pngimage.cp ...)
+ TODO: check
CVE-2020-18830
RESERVED
CVE-2020-18829
@@ -226136,10 +226241,10 @@ CVE-2020-18783
RESERVED
CVE-2020-18782
RESERVED
-CVE-2020-18781
- RESERVED
-CVE-2020-18780
- RESERVED
+CVE-2020-18781 (Heap buffer overflow vulnerability in FilePOSIX::read in
File.cpp in a ...)
+ TODO: check
+CVE-2020-18780 (A Use After Free vulnerability in function new_Token in
asm/preproc.c ...)
+ TODO: check
CVE-2020-18779
RESERVED
CVE-2020-18778 (In Libav 12.3, there is a heap-based buffer over-read in
vc1_decode_p_ ...)
@@ -226168,12 +226273,12 @@ CVE-2020-18771 (Exiv2 0.27.99.0 has a global buffer
over-read in Exiv2::Internal
- exiv2 0.27.2-6
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/issues/756
-CVE-2020-18770
- RESERVED
+CVE-2020-18770 (An issue was discovered in function
zzip_disk_entry_to_file_header in ...)
+ TODO: check
CVE-2020-18769
RESERVED
-CVE-2020-18768
- RESERVED
+CVE-2020-18768 (There exists one heap buffer overflow in _TIFFmemcpy in
tif_unix.c in ...)
+ TODO: check
CVE-2020-18767
RESERVED
CVE-2020-18766 (A cross-site scripting (XSS) vulnerability AntSword v2.0.7 can
remotel ...)
@@ -226412,10 +226517,10 @@ CVE-2020-18654 (Cross Site Scripting (XSS) in Wuzhi
CMS v4.1.0 allows remote att
NOT-FOR-US: Wuzhi CMS
CVE-2020-18653
RESERVED
-CVE-2020-18652
- RESERVED
-CVE-2020-18651
- RESERVED
+CVE-2020-18652 (Buffer Overflow vulnerability in WEBP_Support.cpp in exempi
2.5.0 and ...)
+ TODO: check
+CVE-2020-18651 (Buffer Overflow vulnerability in function
ID3_Support::ID3v2Frame::get ...)
+ TODO: check
CVE-2020-18650
RESERVED
CVE-2020-18649
@@ -226728,8 +226833,8 @@ CVE-2020-18496
RESERVED
CVE-2020-18495
RESERVED
-CVE-2020-18494
- RESERVED
+CVE-2020-18494 (Buffer Overflow vulnerability in function H5S_close in H5S.c
in HDF5 1 ...)
+ TODO: check
CVE-2020-18493
RESERVED
CVE-2020-18492
@@ -226967,16 +227072,16 @@ CVE-2020-18384
RESERVED
CVE-2020-18383
RESERVED
-CVE-2020-18382
- RESERVED
+CVE-2020-18382 (Heap-buffer-overflow in /src/wasm/wasm-binary.cpp in
wasm::WasmBinaryB ...)
+ TODO: check
CVE-2020-18381
RESERVED
CVE-2020-18380
RESERVED
CVE-2020-18379
RESERVED
-CVE-2020-18378
- RESERVED
+CVE-2020-18378 (A NULL pointer dereference was discovered in
SExpressionWasmBuilder::m ...)
+ TODO: check
CVE-2020-18377
RESERVED
CVE-2020-18376
@@ -227267,8 +227372,8 @@ CVE-2020-18234
RESERVED
CVE-2020-18233
RESERVED
-CVE-2020-18232
- RESERVED
+CVE-2020-18232 (Buffer Overflow vulnerability in function H5S_close in H5S.c
in HDF5 1 ...)
+ TODO: check
CVE-2020-18231
RESERVED
CVE-2020-18230 (Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote
attackers t ...)
@@ -253201,7 +253306,7 @@ CVE-2020-8641 (Lotus Core CMS 1.0.1 allows
authenticated Local File Inclusion of
NOT-FOR-US: Lotus Core CMS
CVE-2019-20447 (Jobberbase 2.0 has SQL injection via the PATH_INFO to the
jobs-in endp ...)
NOT-FOR-US: Jobberbase CMS
-CVE-2020-27418
+CVE-2020-27418 (A Use After Free vulnerability in Fedora Linux kernel
5.9.0-rc9 allows ...)
- linux 5.5.13-1
[buster] - linux 4.19.118-1
NOTE: https://patchwork.freedesktop.org/patch/356372/
@@ -272038,6 +272143,7 @@ CVE-2019-19396 (illumos, as used in OmniOS Community
Edition before r151030y, al
CVE-2019-19395
RESERVED
CVE-2013-7484 (Zabbix before 5.0 represents passwords in the users table with
unsalte ...)
+ {DLA-3538-1}
- zabbix 1:5.0.0+dfsg-1
[stretch] - zabbix <no-dsa> (Minor issue)
[jessie] - zabbix <no-dsa> (Minor issue)
@@ -281221,6 +281327,7 @@ CVE-2019-17384 (The animate-it plugin before 2.3.4
for WordPress has XSS.)
CVE-2019-17383 (The netaddr gem before 2.0.4 for Ruby has misconfigured file
permissio ...)
- ruby-netaddr <not-affected> (Upstream packaging issue)
CVE-2019-17382 (An issue was discovered in
zabbix.php?action=dashboard.view&dashboardi ...)
+ {DLA-3538-1}
- zabbix 1:5.0.0+dfsg-1
[stretch] - zabbix <ignored> (Minor issue, no patch, guest accounts can
be disabled)
[jessie] - zabbix <no-dsa> (Minor issue, guest accounts can be disabled)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/039f20e7e8985db473a6905f2d7a7eb78a0fdce7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/039f20e7e8985db473a6905f2d7a7eb78a0fdce7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
